← Back to Pulse Feed
PULSE DETAIL
Honeypot-observed exploit attempt activity for the week of 2026-04-06. Contains 37 indicators (37 IPv4). Data sourced from TSEC T-Pot honeypot network.
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| IPv4 | 174.66.113.103 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 174.66.113.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 20.222.20.193 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 20.222.20.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 121.29.85.92 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 121.29.85.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 184.105.247.198 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 184.105.247.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 178.254.33.29 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 178.254.33.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 116.178.128.201 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-06 | |
| IPv4 | 47.245.142.94 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.142.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 123.245.85.204 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 143.198.30.188 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 143.198.30.188 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan). | 2026-04-06 | |
| IPv4 | 159.203.10.94 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 159.203.10.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 27.155.172.167 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.155.172.167 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 59.173.111.32 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. This attacker IP (59.173.111.32) is likely a low-sophistication brute-force actor targeting SSH services in healthcare sector honeypots. Observed attempting access to mdms-hp-01 via honeytrap, suggesting focus on credential theft or system compromise through weak SSH credentials. Limited impact indicated by low threat scores and lack of confirmed m... | 2026-04-06 | |
| IPv4 | 47.77.195.68 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.77.195.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 47.250.194.161 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.194.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 47.250.158.4 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.250.158.4 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, high). | 2026-04-06 | |
| IPv4 | 180.95.231.42 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.42 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 134.122.59.87 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 134.122.59.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 222.176.201.128 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.128 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 27.47.27.140 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.27.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 206.172.229.109 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 206.172.229.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 118.212.123.200 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.200 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 116.178.130.218 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.130.218 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 47.254.37.131 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.37.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 221.207.34.227 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 106.117.106.40 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.106.40 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-06 | |
| IPv4 | 36.106.167.26 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. This attacker IP (36.106.167.26) is likely a commodity attacker targeting energy sector infrastructure, observed interacting with the petroleum-hp-01 honeypot via SSH brute-force attempts using default credentials. The low sophistication suggests automated tooling rather than advanced persistent threat actors, though its focus on critical energy sys... | 2026-04-06 | |
| IPv4 | 118.212.122.14 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 170.64.233.84 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 170.64.233.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 47.245.141.39 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.141.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 47.254.22.110 | Score: 70/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.254.22.110 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (critical, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 101.249.61.85 | Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.61.85 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 171.83.18.71 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 171.83.18.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-06 | |
| IPv4 | 144.31.148.20 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Frankfurt am Main, Germany (AS201988, VPSPay Networks LTD) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 3m 45s; 15 events. | 2026-04-06 | |
| IPv4 | 171.36.6.231 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.6.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 59.44.42.9 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 59.44.42.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 116.178.129.104 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 170.64.132.63 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Sydney, Australia (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 110.177.182.211 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.182.211 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 66.167.169.170 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 66.167.169.170 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 222.176.200.83 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 161.35.18.203 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 161.35.18.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 66.132.224.16 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 66.132.224.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 59.34.28.50 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.34.28.50 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-06 | |
| IPv4 | 116.193.169.130 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 116.193.169.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 114.97.190.166 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.190.166 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-06 | |
| IPv4 | 220.167.232.208 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.232.208 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 171.37.190.164 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.37.190.164 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 135.125.103.253 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from France (AS16276, OVH SAS) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 9 failed login attempts, 9 credential pairs tried across 5 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 14m 54s; 45 events. | 2026-04-06 | |
| IPv4 | 116.178.131.91 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 222.176.201.193 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 128.1.164.219 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Los Angeles, United States (AS21859, Zenlayer Inc). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 9 failed login attempts, 9 credential pairs tried across 6 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process ... | 2026-04-06 | |
| IPv4 | 59.173.110.229 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.229 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 221.207.35.250 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.35.250 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-06 | |
| IPv4 | 180.95.238.213 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.213 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 182.138.158.187 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 182.138.158.187 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 117.29.52.250 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.29.52.250 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 182.138.158.70 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. This attacker IP (182.138.158.70) is likely a commodity threat actor targeting energy sector infrastructure via SSH brute-force attacks against honeypots. Observed interacting with the petroleum-hp-01 honeypot using SSH/Telnet protocols, suggesting low-to-moderate sophistication and potential use of credential stuffing techniques. The attack patte... | 2026-04-06 | |
| IPv4 | 118.212.121.221 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 116.178.129.10 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.10 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 46.151.182.184 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 46.151.182.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 118.212.120.67 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. This China-based attacker (AS4837/China Unicom) is likely a commodity threat actor employing automated scanning and brute-force techniques to target healthcare sector systems. Observed interacting with honeypot mdms-hp-01 via SSH/Telnet, attempting credential access with common patterns. Moderate sophistication, leveraging standard tools rather than advanced pers... | 2026-04-06 | |
| IPv4 | 27.47.27.25 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.27.25 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-06 | |
| IPv4 | 116.178.128.48 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 160.119.76.10 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 160.119.76.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate). | 2026-04-06 | |
| IPv4 | 61.140.160.9 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 61.140.160.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 47.254.39.47 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.254.39.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-06 | |
| IPv4 | 59.52.100.144 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 118.212.123.240 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.240 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 221.199.73.220 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.199.73.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.250.55.10 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.55.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 58.212.237.167 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 58.212.237.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 139.59.56.240 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 139.59.56.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 64.226.106.47 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 64.226.106.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-06 | |
| IPv4 | 213.230.127.104 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 213.230.127.104 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 35 times when connecting to db4lamedtech between 2026-04-05 23:45 and 2026-04-06 00:41 UTC. | 2026-04-06 | |
| IPv4 | 134.199.152.18 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sydney, Australia (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 27.47.25.175 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 27.47.25.175 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 110.177.183.118 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.183.118 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 60.13.6.245 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 60.13.6.245 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 101.249.62.92 | Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 101.249.62.92 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level4). | 2026-04-06 | |
| IPv4 | 47.250.54.17 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.54.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 222.176.201.129 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 180.95.231.113 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.113 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 221.13.93.186 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 221.13.93.186 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 171.36.7.244 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.7.244 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 121.29.149.50 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 42.48.38.49 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 42.48.38.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 106.117.108.195 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.108.195 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 59.173.111.88 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 59.173.111.88 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 36.106.166.40 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 36.106.166.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 171.36.7.99 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.7.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 44.220.188.68 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 44.220.188.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-06 | |
| IPv4 | 222.94.32.246 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 222.94.32.246 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 124.117.192.206 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 14.135.75.117 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 14.135.75.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-06 | |
| IPv4 | 182.119.226.146 | Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.226.146 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 182.242.168.113 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.242.168.113 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-06 | |
| IPv4 | 221.199.73.103 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.199.73.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 112.122.236.51 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.122.236.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.251.94.7 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.94.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 58.19.105.198 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.19.105.198 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 27.47.25.156 | Score: 85/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.25.156 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 47.251.77.150 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.77.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 123.160.233.82 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.160.233.82 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 27.47.26.227 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.26.227 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 182.242.169.100 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 182.242.169.100 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 180.95.231.72 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. This IP (180.95.231.72) is likely part of a commodity attack campaign targeting energy sector infrastructure, observed attempting SSH brute-force attacks against honeypots like petroleum-hp-01 using default credentials and automated tools. The low sophistication suggests a script-based approach with limited impact, though its association with... | 2026-04-06 | |
| IPv4 | 220.167.232.31 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.31 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 116.178.129.102 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 221.207.35.130 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 123.245.85.68 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 193.104.222.144 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 193.104.222.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 47.250.185.131 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.185.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 182.119.229.78 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.229.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 118.212.120.99 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.99 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 159.65.31.57 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.65.31.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 47.251.81.246 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.81.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 101.249.61.56 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.61.56 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level4). | 2026-04-06 | |
| IPv4 | 123.145.31.69 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 139.59.24.87 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bengaluru, India (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 221.207.35.19 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.35.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 118.212.122.228 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.228 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 221.207.35.211 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.35.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-06 | |
| IPv4 | 59.173.109.59 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.59 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 216.244.66.239 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 216.244.66.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 59.173.109.118 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.118 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, multi-reported, reported). | 2026-04-06 | |
| IPv4 | 221.199.73.158 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.199.73.158 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 124.117.192.112 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 36.106.167.194 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 36.106.167.194 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-06 | |
| IPv4 | 36.106.167.102 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 36.106.167.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 118.212.121.120 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 118.212.121.120 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 171.37.47.147 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.37.47.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 117.146.237.59 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 117.146.237.59 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (20 commands), 4 malware samples. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.250.83.136 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.83.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 118.212.122.47 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.47 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 117.25.122.222 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 117.25.122.222 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 59.52.103.187 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.52.103.187 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 202.83.172.43 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 202.83.172.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 47.84.186.110 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.186.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 94.26.106.17 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 94.26.106.17 observed using TLS client fingerprint 'Unknown TLS Client (e1db13f18329)' 2 times when connecting to db4lamedtech between 2026-04-06 03:14 and 2026-04-06 03:14 UTC. | 2026-04-06 | |
| IPv4 | 104.207.41.200 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 104.207.41.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-06 | |
| IPv4 | 106.75.68.151 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from China (AS4808, China Unicom Beijing Province Network). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 118.212.121.178 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (118.212.121.178) is likely a low-sophistication automated scanner or botnet node targeting energy sector infrastructure via SSH/Telnet protocols. Observed attempting access to honeypot petroleum-hp-01 using credential brute-force techniques, consistent with commodity attack tooling. Limited impact indicated, though its association wi... | 2026-04-06 | |
| IPv4 | 106.117.117.135 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 106.117.117.135 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 101.249.62.79 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.249.62.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 74.7.242.41 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 74.7.242.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-06 | |
| IPv4 | 182.119.224.8 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.224.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 220.250.11.146 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 220.250.11.146 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 112.94.189.255 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. This IP (112.94.189.255) is likely a commodity attacker targeting healthcare sector SSH services, observed attempting brute-force access to a medtech honeypot using common credentials. The attack leveraged basic SSH/Telnet protocols with no advanced evasion techniques, suggesting low sophistication and potential botnet-driven scanning activity. | 2026-04-06 | |
| IPv4 | 27.47.27.185 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.27.185 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 220.167.232.186 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 220.167.232.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 171.12.10.178 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 171.12.10.178 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-06 | |
| IPv4 | 47.250.129.234 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.129.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 14.37.7.215 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 14.37.7.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 44.220.185.95 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low. 44.220.185.95 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 193.56.28.167 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. This attacker IP (193.56.28.167) is likely a commodity botnet node targeting energy sector infrastructure via SSH/Telnet brute-force attacks against Cisco ASA devices. Observed activity includes a 16-second interaction with the petroleum-hp-01 honeypot, suggesting automated scanning for vulnerable credentials rather than sophisticated exploitation. The l... | 2026-04-06 | |
| IPv4 | 34.169.86.147 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 34.169.86.147 observed using TLS client fingerprint 'Unknown TLS Client (7465186b1421)' 2 times when connecting to offbackup1 between 2026-04-06 03:06 and 2026-04-06 03:06 UTC. | 2026-04-06 | |
| IPv4 | 156.231.116.108 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 156.231.116.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 47.251.26.90 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.26.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.254.74.245 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.74.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 58.243.47.58 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.243.47.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 59.24.152.190 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 59.24.152.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 185.184.128.45 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP 185.184.128.45 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-04-06 02:52 and 2026-04-06 02:53 UTC. | 2026-04-06 | |
| IPv4 | 170.64.159.26 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Sydney, Australia (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 171.116.44.127 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 222.94.32.231 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.94.32.231 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 58.243.46.42 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.243.46.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 173.239.214.28 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 173.239.214.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level4); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 222.176.200.162 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 36.106.167.177 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.251.179.35 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.179.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 118.212.121.31 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 123.245.84.222 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.84.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-06 | |
| IPv4 | 182.242.168.115 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 175.9.34.70 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Changsha, China (AS4134, Chinanet). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 4 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, firewall... | 2026-04-06 | |
| IPv4 | 112.94.189.20 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.94.189.20 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 47.250.162.17 | Score: 75/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.250.162.17 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 191.101.59.100 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from City of London, United Kingdom (AS42831, UK Dedicated Servers Limited) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 6 unique usernames, execution of 17 commands (password changes, system reconnaissance, cron p... | 2026-04-06 | |
| IPv4 | 185.196.21.69 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 7 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 14m 1s; 35 events. | 2026-04-06 | |
| IPv4 | 185.247.137.207 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 222.176.200.144 | Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 221.207.34.49 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 183.99.89.74 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 183.99.89.74 observed using SSH client fingerprint 'Unknown SSH Client (4e066189c3bb)' 4 times when connecting to offbackup1 between 2026-04-06 04:11 and 2026-04-06 04:11 UTC. | 2026-04-06 | |
| IPv4 | 222.94.32.27 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.94.32.27 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 144.123.77.22 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.77.22 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 220.167.232.105 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 116.178.131.124 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 112.122.237.107 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.122.237.107 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 60.13.7.17 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (60.13.7.17) is likely a commodity attacker associated with China Unicom's backbone network, targeting healthcare sector SSH honeypots using brute-force attacks. Observed interacting with the mdms-hp-01 honeytrap via SSH/Telnet, suggesting low-sophistication automated tooling focused on credential guessing rather than advanced persist... | 2026-04-06 | |
| IPv4 | 182.119.224.182 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.224.182 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 220.78.78.97 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 220.78.78.97 observed using SSH client fingerprint 'Unknown SSH Client (ec7378c1a92f)' 2 times when connecting to mdms1 between 2026-04-06 04:01 and 2026-04-06 04:01 UTC. | 2026-04-06 | |
| IPv4 | 113.31.107.103 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from China (AS17621, China Unicom Shanghai network). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. duration: 3m 1s; 5 events. | 2026-04-06 | |
| IPv4 | 221.199.73.227 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.199.73.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 34.19.127.195 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. Attacker IP 34.19.127.195 observed using TLS client fingerprint 'Unknown TLS Client (a78d297f5ace)' 3 times when connecting to offbackup1 between 2026-04-06 03:55 and 2026-04-06 03:57 UTC. | 2026-04-06 | |
| IPv4 | 199.45.154.177 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 199.45.154.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 117.29.8.152 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.29.8.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.251.143.199 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.143.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 47.251.170.23 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.170.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 8.222.236.85 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 8.222.236.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 60.13.7.205 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. This IP (60.13.7.205) is a low-sophistication commodity attacker targeting energy sector SSH services, observed attempting brute-force access to honeypot petroleum-hp-01 using common credentials like 'admin/password'. The actor leverages automated tools for reconnaissance, with limited impact confined to initial probing stages. | 2026-04-06 | |
| IPv4 | 36.106.166.44 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.106.166.44 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 175.6.141.237 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 175.6.141.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, moderate, multi-reported). | 2026-04-06 | |
| IPv4 | 176.126.78.69 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 176.126.78.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 182.116.115.161 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.116.115.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.250.156.200 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.156.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 59.173.108.165 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 36.106.167.39 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.167.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 117.25.124.231 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. This IP (117.25.124.231) is likely a commodity attacker node originating from Fuzhou, China, targeting energy sector assets via SSH brute-force attacks against honeypots. Observed attempting access to petroleum-hp-01 using common credentials like 'admin' and 'root', indicative of automated scanning infrastructure rather than advanced persistent thr... | 2026-04-06 | |
| IPv4 | 123.160.233.78 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.160.233.78 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 47.254.86.57 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.86.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 193.163.125.49 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.163.125.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 8.209.97.111 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.209.97.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 47.84.133.17 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.84.133.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 139.212.71.152 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 139.212.71.152 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 198.58.117.211 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 198.58.117.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 113.249.114.46 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 113.249.114.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 36.106.166.219 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.166.219 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 123.245.85.223 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.85.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 222.176.201.73 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. This IP, associated with AS4134 (Chinanet), is likely a commodity attacker leveraging automated tools to target energy sector systems via SSH brute-force attacks. Observed interacting with the petroleum-hp-01 honeypot using honeytrap techniques, suggesting reconnaissance for potential infrastructure exploitation. The attack pattern indicates ... | 2026-04-06 | |
| IPv4 | 107.189.24.145 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 107.189.24.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 47.88.2.147 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.88.2.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 110.177.178.169 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.178.169 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 118.212.121.171 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.121.171 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 5.133.192.187 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 5.133.192.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 218.154.181.71 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 218.154.181.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 1.193.63.216 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.193.63.216 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 95.243.138.39 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 95.243.138.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 60.13.6.120 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.120 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 156.246.91.162 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 156.246.91.162 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 47.84.143.221 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.143.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 150.228.105.45 | Score: 50/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 150.228.105.45 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.77.222.214 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.77.222.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 59.173.109.135 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.109.135 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 222.176.201.105 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 222.176.201.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 118.212.121.187 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.187 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 59.52.103.246 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.52.103.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 121.29.85.97 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.85.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 139.59.42.53 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bengaluru, India (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 211.47.126.157 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 211.47.126.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 144.123.76.210 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.76.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 222.176.201.161 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 59.173.108.17 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 176.65.150.72 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 176.65.150.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 27.47.24.195 | Score: 55/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.195 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 87.236.176.44 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 47.251.143.167 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.143.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 180.95.238.75 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.75 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 123.245.84.196 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from China (AS4134, Chinanet). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 116.178.129.70 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (116.178.129.70) is likely a commodity botnet node targeting healthcare sector systems via SSH brute-force attacks against honeypots. Observed attempting access to medtech-hp-01 using default credentials, indicative of low-sophistication automated tools. While GTI classifies it as low risk, multiple threat intelligence feeds ... | 2026-04-06 | |
| IPv4 | 220.250.10.48 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.10.48 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 59.173.111.19 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 139.212.68.137 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 139.212.68.137 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 220.167.233.165 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 1.83.125.216 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 116.178.130.242 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 176.65.148.251 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 176.65.148.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, hacking, high). | 2026-04-06 | |
| IPv4 | 58.224.250.190 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 58.224.250.190 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan). | 2026-04-06 | |
| IPv4 | 124.117.192.121 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 114.97.190.122 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.190.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 59.173.111.167 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.111.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 8.211.15.33 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.211.15.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 59.173.111.70 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 118.212.123.219 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 118.212.123.219 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 104.207.47.186 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:web-attack. 104.207.47.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 112.94.188.85 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 112.94.188.85 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 58.243.46.111 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.243.46.111 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 27.47.26.76 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.26.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 1.83.125.221 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. This attacker IP from Xi'an, China (AS4134) likely represents a commodity attacker targeting energy sector infrastructure via SSH brute-force attempts against honeypots. Observed interacting with petroleum-hp-01 using honeytrap mechanisms, with limited sophistication suggesting automated tooling rather than advanced persistent threat activity. The... | 2026-04-06 | |
| IPv4 | 18.97.5.30 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 18.97.5.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.84.199.84 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.199.84 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 124.117.192.99 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.192.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.236.192.183 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 47.236.192.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 171.105.76.50 | Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 171.105.76.50 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, high). | 2026-04-06 | |
| IPv4 | 182.242.168.129 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.129 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, high). | 2026-04-06 | |
| IPv4 | 118.213.34.132 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 118.213.34.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 47.250.117.176 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.117.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 222.94.32.58 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.94.32.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 14.116.150.36 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 14.116.150.36 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 3 times when connecting to offbackup1 between 2026-04-06 05:58 and 2026-04-06 05:58 UTC. | 2026-04-06 | |
| IPv4 | 58.243.46.215 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 58.243.46.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 222.175.106.142 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 222.175.106.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 47.250.130.240 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.130.240 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 220.167.232.43 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 163.7.9.84 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Indonesia (AS150436, Byteplus Pte. Ltd.). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 11m 49s; 25 events. | 2026-04-06 | |
| IPv4 | 116.172.201.182 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.172.201.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 139.159.140.114 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 139.159.140.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-06 | |
| IPv4 | 180.95.238.50 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.50 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 118.212.120.31 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.120.31 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 117.29.52.33 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 117.29.52.33 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 144.123.77.134 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 144.123.77.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-06 | |
| IPv4 | 118.212.120.21 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 171.37.93.238 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.37.93.238 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 124.117.192.130 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.192.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 124.117.192.7 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.7 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 59.173.108.48 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 36.106.167.180 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 59.173.111.46 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.111.46 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 36.106.166.43 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 36.106.166.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 173.212.231.122 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 173.212.231.122 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 112.122.236.52 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.122.236.52 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 201.142.160.229 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 201.142.160.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 180.111.30.239 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 180.111.30.239 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 117.50.152.237 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 117.50.152.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high). | 2026-04-06 | |
| IPv4 | 94.243.10.22 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 94.243.10.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 221.11.5.59 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 221.11.5.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 51.75.119.112 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 51.75.119.112 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 4 times when connecting to db1lapetro between 2026-04-06 07:35 and 2026-04-06 07:35 UTC. | 2026-04-06 | |
| IPv4 | 46.175.184.27 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 46.175.184.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 194.54.161.214 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 194.54.161.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 113.57.186.70 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 113.57.186.70 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean). | 2026-04-06 | |
| IPv4 | 114.97.190.31 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 8.211.19.30 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.211.19.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 116.178.128.116 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 152.32.219.77 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 152.32.219.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 196.196.41.130 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 196.196.41.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, hacking). | 2026-04-06 | |
| IPv4 | 144.123.78.161 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.78.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 123.245.84.9 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 123.245.84.9 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 116.178.129.186 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.186 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 14.135.75.67 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 14.135.75.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 124.29.214.70 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 124.29.214.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 150.255.103.134 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 150.255.103.134 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 180.95.231.74 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.74 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 110.177.180.36 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.180.36 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 124.117.192.52 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 124.117.192.52 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 36.106.167.4 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 160.119.76.40 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. Attacker IP from Seychelles (AS49870, Alsycon B.V.). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. duration: 28s; 5 events. | 2026-04-06 | |
| IPv4 | 116.178.130.246 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 87.236.176.170 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 186.120.22.147 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 186.120.22.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 123.160.175.150 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.160.175.150 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 116.178.130.6 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.6 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 27.47.26.67 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.26.67 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 120.48.147.76 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 120.48.147.76 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 2 times when connecting to db4lamedtech between 2026-04-06 05:55 and 2026-04-06 05:58 UTC. | 2026-04-06 | |
| IPv4 | 171.231.191.228 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 171.231.191.228 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 6 times when connecting to mdms1 between 2026-04-06 05:46 and 2026-04-06 05:59 UTC. | 2026-04-06 | |
| IPv4 | 27.79.5.224 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 27.79.5.224 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 3 times when connecting to db4lamedtech between 2026-04-06 05:52 and 2026-04-06 05:57 UTC. | 2026-04-06 | |
| IPv4 | 152.32.130.174 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 152.32.130.174 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 5 times when connecting to db1lapetro between 2026-04-06 05:48 and 2026-04-06 05:57 UTC. | 2026-04-06 | |
| IPv4 | 170.62.100.192 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from Stockholm, Sweden (AS212238, Datacamp Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 112.122.236.129 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 112.122.236.129 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 47.250.147.131 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.147.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 171.37.47.79 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.37.47.79 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 180.95.231.78 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 106.117.115.90 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.115.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 222.94.32.202 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 222.94.32.202 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 116.172.201.142 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.172.201.142 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 221.207.35.114 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.251.243.210 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.243.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 182.119.227.198 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.227.198 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 79.76.58.113 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 79.76.58.113 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db4lamedtech between 2026-04-06 08:26 and 2026-04-06 08:26 UTC. | 2026-04-06 | |
| IPv4 | 86.246.202.109 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 86.246.202.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 91.237.124.234 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 91.237.124.234 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/605...' 9 times when connecting to db1lapetro between 2026-04-06 08:23 and 2026-04-06 08:23 UTC. | 2026-04-06 | |
| IPv4 | 36.106.167.38 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 165.101.154.88 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 165.101.154.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 114.97.191.44 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.44 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 47.245.141.176 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.141.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 44.220.188.233 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 44.220.188.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, ftp-brute). | 2026-04-06 | |
| IPv4 | 1.83.125.19 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.19 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-06 | |
| IPv4 | 213.112.126.21 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Stockholm, Sweden (AS8434, Telenor Sverige AB). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. 1 events. | 2026-04-06 | |
| IPv4 | 182.119.228.81 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 182.119.228.81 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 84.2.126.47 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 84.2.126.47 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 116.178.130.231 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 116.178.130.231 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 1.193.63.238 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 1.193.63.238 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 106.117.106.187 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Shijiazhuang, China (AS4134, Chinanet). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 124.117.193.191 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.193.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 175.30.48.20 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 175.30.48.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 114.97.191.154 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.77.233.169 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.77.233.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 47.251.111.228 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.111.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 220.167.233.91 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 123.178.210.103 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.178.210.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 151.252.194.198 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 151.252.194.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 144.123.78.61 | Score: 85/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 144.123.78.61 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-06 | |
| IPv4 | 123.245.84.127 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 78.158.15.66 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 78.158.15.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 220.167.233.26 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 220.167.233.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 59.91.43.163 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.91.43.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 220.167.233.225 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.225 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 123.245.84.151 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 123.245.84.151 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-06 | |
| IPv4 | 58.243.47.84 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.243.47.84 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 59.173.109.185 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. This IP, likely a commodity attacker from Wuhan, China, targeted healthcare sector honeypots using SSH brute-force attacks against medtech-hp-01. The actor employed common credential patterns and exploited default configurations, indicating moderate sophistication but no advanced persistent threat capabilities. Sector impact is limited to ... | 2026-04-06 | |
| IPv4 | 176.65.148.166 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Eygelshoven, The Netherlands (AS51396, Pfcloud UG (haftungsbeschrankt)) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 20 failed login attempts, 20 credential pairs tried across 9 unique usernames, execution of 20 commands (SSH key persistence, password changes, sys... | 2026-04-06 | |
| IPv4 | 123.245.84.35 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.84.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 54.37.252.152 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 54.37.252.152 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-04-06 09:22 and 2026-04-06 09:22 UTC. | 2026-04-06 | |
| IPv4 | 47.86.90.93 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.86.90.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 47.250.192.18 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.192.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 59.173.110.93 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.110.93 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 194.187.179.128 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 194.187.179.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 118.212.122.19 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 114.97.191.85 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.191.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 87.236.176.238 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 221.207.35.49 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 221.207.35.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 8.217.104.171 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 8.217.104.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 104.251.226.148 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Hong Kong, Hong Kong (AS140042, Zhipinshang Hongkong Electron Communication Technology Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 9 failed login attempts, 9 credential pairs tried across 6 unique usernames, execution of 22 commands (SSH key persistence, password changes, system recon... | 2026-04-06 | |
| IPv4 | 101.249.60.152 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 101.249.60.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 117.29.52.143 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.29.52.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 27.47.24.148 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.148 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 1.85.218.150 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.85.218.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 60.13.6.82 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.82 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 218.64.60.159 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 218.64.60.159 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 114.97.190.15 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.190.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 36.106.166.33 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.106.166.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 8.216.6.198 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 8.216.6.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 123.49.41.210 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 123.49.41.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 59.17.16.73 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 59.17.16.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 118.196.21.218 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 118.196.21.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 171.116.40.19 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 171.116.40.19 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 87.251.64.147 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 87.251.64.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 47.250.55.117 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.55.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 47.251.42.17 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.42.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 101.249.60.197 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.60.197 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 193.163.125.182 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.163.125.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 47.250.47.47 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.47.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 104.207.34.235 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 104.207.34.235 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d). | 2026-04-06 | |
| IPv4 | 31.220.97.7 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 31.220.97.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-06 | |
| IPv4 | 65.111.7.79 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh. 65.111.7.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-06 | |
| IPv4 | 27.188.74.121 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 27.188.74.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 118.131.199.219 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 118.131.199.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 222.176.200.234 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 222.176.200.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 64.64.116.154 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Chicago, United States (AS262287, Latitude.sh LTDA). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 87.251.64.145 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 87.251.64.145 observed using SSH client fingerprint 'Unknown SSH Client (0dacd4756084)' 3 times when connecting to offbackup1 between 2026-04-06 10:17 and 2026-04-06 10:17 UTC. | 2026-04-06 | |
| IPv4 | 121.29.149.104 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.251.105.167 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from United States (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 124.117.193.194 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from China (AS4134, Chinanet). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 110.177.182.36 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. This IP (110.177.182.36) is likely a commodity attacker originating from China, targeting healthcare sector systems through SSH/Telnet brute-force attempts against honeypot mdms-hp-01. The actor used automated tools to probe for credentials, consistent with low-sophistication threat actors leveraging default or weak passwords. While no malware was d... | 2026-04-06 | |
| IPv4 | 180.111.30.143 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 180.111.30.143 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 112.122.236.32 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.122.236.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 14.103.172.199 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 14.103.172.199 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 5 times when connecting to mdms1 between 2026-04-06 10:04 and 2026-04-06 10:04 UTC. | 2026-04-06 | |
| IPv4 | 31.135.34.68 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 31.135.34.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 47.77.229.107 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.77.229.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 47.250.123.22 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.123.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 61.129.155.196 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 61.129.155.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 158.178.137.15 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 158.178.137.15 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 18 times when connecting to mdms1 between 2026-04-06 09:53 and 2026-04-06 10:46 UTC. | 2026-04-06 | |
| IPv4 | 95.24.26.252 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 95.24.26.252 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 16 times when connecting to offbackup1 between 2026-04-06 09:53 and 2026-04-06 10:21 UTC. | 2026-04-06 | |
| IPv4 | 14.103.114.55 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 14.103.114.55 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 2 times when connecting to mdms1 between 2026-04-06 10:05 and 2026-04-06 10:08 UTC. | 2026-04-06 | |
| IPv4 | 47.84.197.66 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.197.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 89.190.156.14 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 89.190.156.14 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (hacking, low, port-scan). | 2026-04-06 | |
| IPv4 | 118.212.120.183 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.183 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 220.167.232.111 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (220.167.232.111) is likely a commodity attacker leveraging automated tools to target energy sector SSH services via honeypots. Observed activity includes brute-force attempts against petroleum-hp-01 using common credentials, suggesting low-to-moderate sophistication. While no direct malware or data exfiltration was detected,... | 2026-04-06 | |
| IPv4 | 221.207.34.70 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.70 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 116.178.129.159 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.159 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 60.13.7.10 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 121.29.85.200 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 121.29.85.200 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 116.178.130.3 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 184.105.139.108 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 184.105.139.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 118.212.123.199 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.123.199 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 185.93.89.152 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Iran (AS213790, Limited Network LTD). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 12m 57s; 18 events. | 2026-04-06 | |
| IPv4 | 42.48.38.184 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 42.48.38.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 175.19.75.110 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 175.19.75.110 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 74.91.224.229 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Loyang, Singapore (AS31898, Oracle Corporation). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 8 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 15m 40s; 50 events. | 2026-04-06 | |
| IPv4 | 59.173.111.21 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.111.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 123.245.85.110 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.85.110 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 47.85.13.83 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 47.85.13.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-06 | |
| IPv4 | 117.25.124.45 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.25.124.45 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 43.161.215.86 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 43.161.215.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 116.178.130.205 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.178.130.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 144.123.76.170 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.76.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 112.94.189.36 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.94.189.36 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 45.207.199.93 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.207.199.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 101.249.60.103 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 101.249.60.103 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level4). | 2026-04-06 | |
| IPv4 | 31.97.199.197 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 31.97.199.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-06 | |
| IPv4 | 47.251.253.98 | Score: 65/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.251.253.98 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.254.244.31 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Kuala Lumpur, Malaysia (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 23s; 3 events. | 2026-04-06 | |
| IPv4 | 58.251.255.217 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 58.251.255.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 106.117.117.208 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 106.117.117.208 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 183.191.122.30 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 183.191.122.30 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 124.227.31.79 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.227.31.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 106.117.110.163 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Shijiazhuang, China (AS4134, Chinanet). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 118.212.120.105 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.84.115.38 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.115.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 116.172.200.52 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.172.200.52 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 175.107.0.50 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 175.107.0.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 1.24.16.150 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 1.24.16.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 44.220.188.56 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata | 2026-04-06 | |
| IPv4 | 101.67.138.238 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 222.176.201.22 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 180.114.74.35 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 180.114.74.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 114.97.190.235 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 36.106.166.5 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.106.166.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-06 | |
| IPv4 | 183.6.187.228 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 183.6.187.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 47.251.48.155 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 47.251.48.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 1.83.125.64 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 14.135.74.176 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 14.135.74.176 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 20.220.213.131 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.220.213.131 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 126 times when connecting to db4lamedtech between 2026-04-06 12:30 and 2026-04-06 12:30 UTC. | 2026-04-06 | |
| IPv4 | 47.84.118.111 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.84.118.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 31.135.17.166 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 31.135.17.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 45.33.102.121 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Atlanta, United States (AS63949, Akamai Connected Cloud) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 14s; 15 events. | 2026-04-06 | |
| IPv4 | 110.177.181.158 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.181.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 92.119.36.45 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. 92.119.36.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, hacking, moderate). | 2026-04-06 | |
| IPv4 | 47.84.178.43 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.178.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 138.84.53.142 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 138.84.53.142 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to db1lapetro between 2026-04-06 12:03 and 2026-04-06 12:23 UTC. | 2026-04-06 | |
| IPv4 | 47.245.137.98 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.137.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 59.173.110.6 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 5.181.87.33 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 5.181.87.33 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to db1lapetro between 2026-04-06 12:01 and 2026-04-06 12:44 UTC. | 2026-04-06 | |
| IPv4 | 114.97.191.225 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. This IP (114.97.191.225) is likely a commodity attacker node targeting energy sector infrastructure, observed attempting SSH brute-force attacks against honeypot petroleum-hp-01 using common credentials like 'root' and 'admin'. The actor exhibits low sophistication, leveraging automated tools to probe for vulnerable systems within the ener... | 2026-04-06 | |
| IPv4 | 220.250.10.87 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 220.250.10.87 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 116.178.130.233 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.130.233 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 209.50.175.248 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 209.50.175.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 116.178.131.39 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 154.124.47.205 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 154.124.47.205 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 26 times when connecting to db1lapetro between 2026-04-06 11:49 and 2026-04-06 12:47 UTC. | 2026-04-06 | |
| IPv4 | 220.250.10.126 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.10.126 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 59.173.108.229 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (59.173.108.229) is likely a low-sophistication commodity botnet node targeting SSH/Telnet services in the energy sector. Observed attempting brute-force access against honeypot petroleum-hp-01 using common credentials, consistent with automated scanning infrastructure. Limited impact due to lack of confirmed malware or ... | 2026-04-06 | |
| IPv4 | 114.97.191.46 | Score: 75/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 114.97.191.46 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan). | 2026-04-06 | |
| IPv4 | 69.6.220.104 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 69.6.220.104 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 58.212.237.225 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 58.212.237.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 223.199.183.13 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 223.199.183.13 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 221.207.34.34 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.34 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 124.117.193.151 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 124.117.193.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 123.245.85.159 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 14.135.74.127 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 121.29.149.79 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.79 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 58.212.237.170 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 123.245.85.187 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 123.245.85.187 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 5.129.251.206 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 5.129.251.206 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to db1lapetro between 2026-04-06 11:45 and 2026-04-06 12:24 UTC. | 2026-04-06 | |
| IPv4 | 60.13.6.106 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 123.245.85.139 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.245.85.139 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 170.64.231.242 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Sydney, Australia (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 58.243.46.226 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.243.46.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 101.249.62.148 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 101.249.62.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 222.94.32.51 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.94.32.51 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 223.199.189.163 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 106.117.110.84 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 106.117.110.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 171.36.6.81 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 171.36.6.81 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 171.36.6.97 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.6.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 220.167.232.224 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 220.167.232.224 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-06 | |
| IPv4 | 45.3.39.208 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata | 2026-04-06 | |
| IPv4 | 161.35.7.78 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. IP observed in Suricata network metadata | 2026-04-06 | |
| IPv4 | 118.212.123.156 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.123.156 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-06 | |
| IPv4 | 180.95.231.81 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 59.173.109.234 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 144.202.50.77 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 144.202.50.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 221.199.73.64 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.199.73.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 1.24.16.100 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.24.16.100 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 121.29.84.193 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.193 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 58.212.237.4 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.4 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 36.106.167.124 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.167.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.254.200.103 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.200.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 59.52.103.189 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.52.103.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.89.241.203 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.89.241.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 31.59.138.111 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 31.59.138.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 59.173.108.4 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 59.173.108.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-06 | |
| IPv4 | 118.212.120.251 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.251 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 45.225.135.14 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.225.135.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 58.243.46.205 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 58.243.46.205 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 94.156.102.103 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 94.156.102.103 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 2 times when connecting to db4lamedtech between 2026-04-06 13:28 and 2026-04-06 13:28 UTC. | 2026-04-06 | |
| IPv4 | 222.94.32.153 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 222.94.32.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 114.97.190.48 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 221.207.34.163 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 221.207.34.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 220.167.232.71 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.232.71 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 106.117.111.103 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.111.103 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 200.58.84.213 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 200.58.84.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 192.109.200.16 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Bulgaria (AS51396, Pfcloud UG (haftungsbeschrankt)) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 18.97.26.43 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 18.97.26.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 164.92.168.101 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 164.92.168.101 observed using TLS client fingerprint 'Unknown TLS Client (b213b642d5cb)' 21 times when connecting to db1lapetro between 2026-04-06 13:01 and 2026-04-06 13:02 UTC. | 2026-04-06 | |
| IPv4 | 59.173.108.95 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (59.173.108.95) is likely a botnet node or automated scanner originating from Wuhan, China, targeting healthcare sector systems via SSH brute-force attacks against honeypots like mdms-hp-01. The attacker used basic credential guessing techniques (likely default credentials) and was detected interacting with Cowrie SSH honeypot infrast... | 2026-04-06 | |
| IPv4 | 123.178.210.199 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 123.178.210.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 116.178.131.182 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 60.13.7.188 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 221.11.60.156 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 221.11.60.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 36.88.164.114 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 36.88.164.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 194.187.179.226 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 194.187.179.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 116.178.128.156 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 113.229.179.6 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 113.229.179.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 47.250.89.132 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Kuala Lumpur, Malaysia (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 23s; 3 events. | 2026-04-06 | |
| IPv4 | 47.89.230.226 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.89.230.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 116.178.128.4 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 23.95.62.123 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 23.95.62.123 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-04-06 12:50 and 2026-04-06 12:50 UTC. | 2026-04-06 | |
| IPv4 | 209.50.162.117 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported. 209.50.162.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level1); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 47.77.221.246 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.77.221.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 142.93.125.46 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 220.250.10.121 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.10.121 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 110.90.224.44 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.90.224.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 60.13.6.92 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 110.90.106.3 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.90.106.3 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-06 | |
| IPv4 | 60.16.216.93 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 161.193.1.102 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 161.193.1.102 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:114.0) Gecko/201001...' 2 times when connecting to mdms1 between 2026-04-06 14:39 and 2026-04-06 14:39 UTC. | 2026-04-06 | |
| IPv4 | 118.212.122.220 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 220.167.232.242 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. This IP (220.167.232.242) is likely a commodity attacker node associated with Qinghai Telecom (AS140061), targeting healthcare sector systems via SSH brute-force attacks against honeypots like mdms-hp-01. The actor used credential patterns typical of automated tools, attempting common usernames/passwords during command sessions, though no mal... | 2026-04-06 | |
| IPv4 | 124.117.192.254 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.254 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 27.47.27.29 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. This attacker IP (27.47.27.29) is likely a commodity botnet node originating from China Unicom Guangzhou, targeting healthcare sector systems via SSH brute-force attacks against honeypots like mdms-hp-01. The actor used basic credential patterns and was detected attempting command sessions through cowrie honeypot infrastructure, indicating low sop... | 2026-04-06 | |
| IPv4 | 116.178.130.60 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.60 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 175.30.48.17 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 175.30.48.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 36.106.166.249 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 113.249.103.253 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS134420, Chongqing Telecom). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 13m 25s; 17 events. | 2026-04-06 | |
| IPv4 | 185.243.5.48 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata | 2026-04-06 | |
| IPv4 | 59.173.108.103 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 59.173.110.225 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.110.225 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 144.123.77.139 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 144.123.77.139 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-06 | |
| IPv4 | 178.79.133.69 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from London, United Kingdom (AS63949, Akamai Connected Cloud) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 6 unique usernames, execution of 44 commands (SSH key persistence, password changes, system reconnaissance, cro... | 2026-04-06 | |
| IPv4 | 220.149.212.190 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from South Korea (AS4766, Korea Telecom). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 4 unique usernames, execution of 19 commands (password changes, system reconnaissance, cron persistence), delivery of 16 malware samples. SSH client: ... | 2026-04-06 | |
| IPv4 | 112.122.237.10 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.122.237.10 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 101.249.63.30 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.63.30 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 116.178.130.66 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 205.164.114.59 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Albany, United States (AS395839, HOSTKEY). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 4 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 11m 1s; 40 events. | 2026-04-06 | |
| IPv4 | 14.135.74.33 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 14.135.74.33 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 60.13.6.77 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.77 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 180.95.231.38 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.95.231.38 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-06 | |
| IPv4 | 123.245.84.189 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.84.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 182.119.230.81 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.230.81 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 47.251.172.116 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.172.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 147.135.252.179 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 147.135.252.179 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 9 times when connecting to db1lapetro between 2026-04-06 14:02 and 2026-04-06 14:02 UTC. | 2026-04-06 | |
| IPv4 | 165.22.190.36 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 165.22.190.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 208.184.2.35 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 208.184.2.35 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 4 times when connecting to db1lapetro between 2026-04-06 13:57 and 2026-04-06 13:59 UTC. | 2026-04-06 | |
| IPv4 | 84.228.92.54 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 84.228.92.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 189.218.49.226 | Score: 50/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 189.218.49.226 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 5.59.107.59 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 5.59.107.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 175.199.67.164 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 175.199.67.164 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 4 times when connecting to db1lapetro between 2026-04-06 13:46 and 2026-04-06 14:01 UTC. | 2026-04-06 | |
| IPv4 | 124.117.192.241 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.192.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 47.250.178.28 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.178.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 36.106.167.220 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 58.212.237.20 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.212.237.20 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 116.178.128.233 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.233 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 171.37.93.78 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.37.93.78 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 47.251.19.148 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.251.19.148 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, high). | 2026-04-06 | |
| IPv4 | 60.16.199.113 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 60.16.199.113 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 221.207.34.69 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 221.207.34.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, multi-reported). | 2026-04-06 | |
| IPv4 | 139.212.71.14 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (139.212.71.14) is a low-sophistication commodity attacker likely operating as part of a scanning infrastructure targeting energy sector assets. Observed attempting SSH brute-force attacks against honeypot petroleum-hp-01 using default credentials, leveraging Cowrie honeypot interactions. Limited impact confined to reconnaissance, with n... | 2026-04-06 | |
| IPv4 | 222.176.201.102 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 222.176.201.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-06 | |
| IPv4 | 124.117.193.182 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 124.117.193.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 138.68.78.108 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 138.68.78.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 116.178.129.56 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 36.106.167.167 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 117.25.122.190 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.25.122.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 221.207.35.160 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-06 | |
| IPv4 | 110.177.180.35 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. This IP (110.177.180.35) is likely a low-sophistication automated actor targeting healthcare sector systems via SSH brute-force attacks against honeypots. Observed interaction with mdms-hp-01 honeytrap suggests attempts to exploit default credentials or common username/password pairs, consistent with commodity attack tooling. Limited impact indicat... | 2026-04-06 | |
| IPv4 | 47.250.127.59 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.127.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 14.135.74.246 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 14.135.74.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 116.178.128.3 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.178.128.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 124.227.31.49 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 124.227.31.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 94.243.13.175 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Tyumen, Russia (AS8359, MTS PJSC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. duration: 3m 2s; 15 events. | 2026-04-06 | |
| IPv4 | 47.250.92.205 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.92.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 123.160.233.149 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 123.160.233.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 116.178.129.145 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 121.29.149.132 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.149.132 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 142.93.14.161 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 118.212.120.209 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 118.212.120.209 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 199.244.88.230 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 199.244.88.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 120.48.175.122 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 120.48.175.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute). | 2026-04-06 | |
| IPv4 | 91.80.145.251 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 91.80.145.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 51.77.216.36 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 51.77.216.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 82.152.132.24 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 82.152.132.24 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 87.251.64.134 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Russia. Observed targeting healthcare sector honeypot mdms-hp-01 via h0neytr4p. duration: 15m 46s; 52 events. | 2026-04-06 | |
| IPv4 | 123.245.84.70 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 123.245.84.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 114.97.190.5 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.5 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 194.187.179.162 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 140.235.83.168 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from Karachi, Pakistan (AS9541, Cyber Internet Services Pvt Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. duration: 4m 6s; 39 events. | 2026-04-06 | |
| IPv4 | 59.173.111.112 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.112 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 220.167.232.50 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 59.173.109.63 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 121.29.149.133 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.251.70.145 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.70.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 27.47.27.139 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.27.139 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 59.173.108.162 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.162 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 172.237.38.119 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 172.237.38.119 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 251 times when connecting to db4lamedtech between 2026-04-06 16:04 and 2026-04-06 16:31 UTC. | 2026-04-06 | |
| IPv4 | 1.24.16.151 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 1.24.16.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.77.225.186 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.77.225.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 190.92.87.121 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 190.92.87.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 116.178.128.200 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.200 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 60.13.6.225 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 116.178.129.81 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.81 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 47.245.139.101 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.139.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 43.132.227.251 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 43.132.227.251 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 3 times when connecting to mdms1 between 2026-04-06 15:52 and 2026-04-06 15:59 UTC. | 2026-04-06 | |
| IPv4 | 119.198.156.147 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 119.198.156.147 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to db1lapetro between 2026-04-06 15:52 and 2026-04-06 16:36 UTC. | 2026-04-06 | |
| IPv4 | 62.171.141.174 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Frankfurt am Main, Germany (AS51167, Contabo GmbH). Observed targeting energy sector honeypot petroleum-hp-01 via dionaea. 1 events. | 2026-04-06 | |
| IPv4 | 14.135.74.197 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 14.135.74.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 94.74.114.67 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 94.74.114.67 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 13 times when connecting to db4lamedtech between 2026-04-06 15:42 and 2026-04-06 15:58 UTC. | 2026-04-06 | |
| IPv4 | 111.53.8.101 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Taiyuan, China (AS56042, China Mobile communications corporation). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 30 failed login attempts, 30 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh2_1.9.0 (HASSH: 1616c6d18e84...); duration: 14m 40s; 167 events. | 2026-04-06 | |
| IPv4 | 67.205.188.221 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 134.209.211.184 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 36.112.134.179 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 36.112.134.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 118.212.120.20 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 123.163.114.21 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 123.163.114.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 202.165.29.123 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 202.165.29.123 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to mdms1 between 2026-04-06 17:39 and 2026-04-06 17:53 UTC. | 2026-04-06 | |
| IPv4 | 34.45.158.202 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 34.45.158.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 171.36.7.245 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.36.7.245 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 111.36.57.69 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 111.36.57.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 59.173.109.94 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.94 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 110.177.178.203 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.178.203 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 113.100.188.101 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 113.100.188.101 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan). | 2026-04-06 | |
| IPv4 | 180.95.238.64 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.64 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 173.185.74.18 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 173.185.74.18 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 150.230.35.95 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 150.230.35.95 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 8 times when connecting to db4lamedtech between 2026-04-06 17:17 and 2026-04-06 17:46 UTC. | 2026-04-06 | |
| IPv4 | 65.111.7.154 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 65.111.7.154 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 14.135.74.45 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 164.92.241.221 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 164.92.241.221 observed using TLS client fingerprint 'Unknown TLS Client (b213b642d5cb)' 21 times when connecting to db4lamedtech between 2026-04-06 17:08 and 2026-04-06 17:09 UTC. | 2026-04-06 | |
| IPv4 | 216.227.189.55 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 216.227.189.55 observed using SSH client fingerprint 'Unknown SSH Client (b21d7cdcc813)' 2 times when connecting to db1lapetro between 2026-04-06 17:08 and 2026-04-06 17:08 UTC. | 2026-04-06 | |
| IPv4 | 222.176.200.155 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.155 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-06 | |
| IPv4 | 87.121.84.44 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 87.121.84.44 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 118.212.120.94 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.120.94 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 42.114.170.105 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 42.114.170.105 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to db1lapetro between 2026-04-06 17:01 and 2026-04-06 17:22 UTC. | 2026-04-06 | |
| IPv4 | 222.176.200.79 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 104.168.56.226 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 104.168.56.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 201.217.67.183 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 201.217.67.183 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to mdms1 between 2026-04-06 16:59 and 2026-04-06 17:44 UTC. | 2026-04-06 | |
| IPv4 | 147.135.251.134 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 147.135.251.134 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-06 16:58 and 2026-04-06 17:34 UTC. | 2026-04-06 | |
| IPv4 | 114.97.191.21 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 116.178.129.121 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 144.123.76.197 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.76.197 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 121.29.149.153 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 58.212.237.213 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.212.237.213 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 167.172.136.115 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 117.25.124.204 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 117.25.124.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 198.11.178.139 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 198.11.178.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 106.117.111.225 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.117.111.225 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 206.168.201.19 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 206.168.201.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 144.172.104.129 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 144.172.104.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.254.184.178 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.184.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 117.25.124.205 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.25.124.205 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 114.97.191.141 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.141 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 110.90.224.91 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 110.90.224.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 139.212.71.2 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 139.212.71.2 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 112.122.237.173 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.122.237.173 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 27.47.27.75 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.27.75 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 14.135.75.171 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 14.135.75.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 103.236.140.19 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.236.140.19 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 1.24.16.85 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. This IP (1.24.16.85) is likely a low-sophistication automated scanner probing energy sector infrastructure via SSH/Telnet protocols. It interacted with honeypot petroleum-hp-01 using honeytrap mechanisms, suggesting attempts to exploit weak credentials or misconfigured SSH services in industrial environments. The attack pattern aligns with commodity t... | 2026-04-06 | |
| IPv4 | 157.230.8.75 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 157.230.8.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 121.29.149.18 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 220.167.232.96 | Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.232.96 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level3); AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 58.243.46.168 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.46.168 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 123.245.85.205 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.85.205 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported). | 2026-04-06 | |
| IPv4 | 38.130.71.18 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 38.130.71.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 47.250.160.98 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.160.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 117.40.113.190 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.40.113.190 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 8.219.106.145 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.219.106.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 45.131.194.12 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 45.131.194.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 45.131.194.19 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 45.131.194.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, ftp-brute, hacking). | 2026-04-06 | |
| IPv4 | 45.146.54.162 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 45.146.54.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking). | 2026-04-06 | |
| IPv4 | 59.173.110.129 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 58.243.47.130 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.243.47.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 45.131.194.20 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 45.131.194.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 60.13.7.162 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 60.13.7.162 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 45.131.194.3 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 45.131.194.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level4); AbuseIPDB (brute-force, ddos, hacking). | 2026-04-06 | |
| IPv4 | 206.189.147.8 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 206.189.147.8 observed using TLS client fingerprint 'Unknown TLS Client (698d5e48d643)' 3 times when connecting to mdms1 between 2026-04-06 18:14 and 2026-04-06 18:14 UTC. | 2026-04-06 | |
| IPv4 | 64.226.93.202 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 64.226.93.202 observed using TLS client fingerprint 'Unknown TLS Client (b213b642d5cb)' 21 times when connecting to mdms1 between 2026-04-06 18:13 and 2026-04-06 18:13 UTC. | 2026-04-06 | |
| IPv4 | 118.212.123.127 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 216.73.163.250 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported. Attacker IP from San Francisco, United States. Observed targeting energy sector honeypot petroleum-hp-01 via h0neytr4p. 1 events. | 2026-04-06 | |
| IPv4 | 45.131.194.10 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 45.131.194.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 45.131.194.22 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:web-attack. 45.131.194.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 45.131.194.13 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 45.131.194.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking). | 2026-04-06 | |
| IPv4 | 45.131.194.14 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 45.131.194.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 116.178.128.17 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 124.117.193.92 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.193.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 1.85.217.234 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.85.217.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 27.47.24.146 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 62.169.18.225 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 62.169.18.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 47.251.124.200 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.124.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 118.212.121.135 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.135 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 182.119.228.192 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.228.192 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 216.73.163.248 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported. 216.73.163.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking). | 2026-04-06 | |
| IPv4 | 216.73.163.241 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 216.73.163.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level4); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 45.131.194.7 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 45.131.194.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, ddos, ftp-brute). | 2026-04-06 | |
| IPv4 | 45.131.194.4 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 45.131.194.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 45.146.54.164 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 45.146.54.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, ftp-brute, hacking). | 2026-04-06 | |
| IPv4 | 45.131.194.26 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 45.131.194.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 98.93.245.202 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 98.93.245.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 147.135.214.239 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 147.135.214.239 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to db4lamedtech between 2026-04-06 17:52 and 2026-04-06 17:52 UTC. | 2026-04-06 | |
| IPv4 | 189.147.20.241 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 189.147.20.241 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 33 times when connecting to mdms1 between 2026-04-06 17:48 and 2026-04-06 18:28 UTC. | 2026-04-06 | |
| IPv4 | 120.48.104.37 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 120.48.104.37 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 24 times when connecting to mdms1 between 2026-04-06 17:47 and 2026-04-06 18:37 UTC. | 2026-04-06 | |
| IPv4 | 182.119.230.208 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Zhengzhou, China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 42.48.38.208 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 42.48.38.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-06 | |
| IPv4 | 218.35.219.53 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 218.35.219.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 221.199.73.184 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.199.73.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.245.143.161 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.143.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 118.212.120.16 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.16 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 116.196.85.94 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 116.196.85.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 112.94.191.28 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.94.191.28 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 54.164.79.148 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 54.164.79.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 142.93.98.28 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 142.93.98.28 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 2 times when connecting to db4lamedtech between 2026-04-06 19:29 and 2026-04-06 19:42 UTC. | 2026-04-06 | |
| IPv4 | 47.88.55.180 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.88.55.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 47.254.240.228 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.240.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 202.155.18.147 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 202.155.18.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 221.199.73.58 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (221.199.73.58) is likely a commodity attacker or botnet node targeting energy sector infrastructure, specifically interacting with the petroleum-hp-01 honeypot via SSH brute-force attempts. The low sophistication of attacks aligns with automated tooling, though its association with China Unicom's backbone network sugges... | 2026-04-06 | |
| IPv4 | 221.208.113.44 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 221.208.113.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 117.29.8.209 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.29.8.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.251.180.216 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.180.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 182.138.158.176 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 182.138.158.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 117.29.52.63 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP from Hongshan, China, is likely a commodity threat actor targeting energy sector infrastructure via SSH/Telnet brute-force attacks against honeypots. Observed interacting with the petroleum-hp-01 honeypot using credential patterns typical of automated scanners, suggesting low-to-moderate sophistication. No malware or persiste... | 2026-04-06 | |
| IPv4 | 77.221.144.127 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 77.221.144.127 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 30 times when connecting to db1lapetro between 2026-04-06 19:08 and 2026-04-06 19:46 UTC. | 2026-04-06 | |
| IPv4 | 116.178.130.186 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.186 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 106.117.105.98 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.105.98 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 59.173.109.246 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 180.95.231.107 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 47.245.139.195 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.139.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 176.65.134.36 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 176.65.134.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 118.212.121.32 | Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 118.212.121.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 84.216.123.135 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 84.216.123.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 14.135.75.110 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.75.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-06 | |
| IPv4 | 60.13.7.26 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 157.230.235.42 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 27.47.25.238 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.25.238 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 59.52.101.244 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.52.101.244 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 114.97.191.122 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 124.117.192.237 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.192.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 110.177.177.168 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 110.177.177.168 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 47.254.207.105 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.254.207.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 220.167.233.124 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.124 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 134.122.30.157 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata | 2026-04-06 | |
| IPv4 | 36.106.166.125 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 185.247.137.61 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 183.91.186.36 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 183.91.186.36 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 24 times when connecting to offbackup1 between 2026-04-06 20:19 and 2026-04-06 20:56 UTC. | 2026-04-06 | |
| IPv4 | 113.163.91.5 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 113.163.91.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 172.237.38.18 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 172.237.38.18 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 251 times when connecting to db1lapetro between 2026-04-06 20:18 and 2026-04-06 20:44 UTC. | 2026-04-06 | |
| IPv4 | 158.94.208.193 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Frankfurt am Main, Germany (AS202412, Omegatech LTD). Observed targeting healthcare sector honeypot medtech-hp-01 via mailoney. duration: 2s; 7 events. | 2026-04-06 | |
| IPv4 | 103.134.17.88 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 103.134.17.88 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 30 times when connecting to db4lamedtech between 2026-04-06 20:18 and 2026-04-06 20:55 UTC. | 2026-04-06 | |
| IPv4 | 122.177.244.200 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 122.177.244.200 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 25 times when connecting to db4lamedtech between 2026-04-06 20:17 and 2026-04-06 20:56 UTC. | 2026-04-06 | |
| IPv4 | 222.176.200.206 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 182.119.225.8 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 182.119.225.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 220.250.11.117 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 220.250.11.117 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 47.251.187.94 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.187.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 110.177.179.102 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (110.177.179.102) is likely a commodity attacker node associated with automated SSH brute-force campaigns targeting healthcare sector systems. Observed interacting with honeypot mdms-hp-01 via honeytrap, attempting credential access with patterns indicative of scripted scanning tools. While not highly sophisticated, the actor demons... | 2026-04-06 | |
| IPv4 | 124.117.193.142 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.193.142 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 27.47.24.112 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 143.198.70.32 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 143.198.70.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 27.47.26.78 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.26.78 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 180.95.238.71 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 8.219.114.110 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.219.114.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 44.220.188.231 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 44.220.188.231 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 118.212.120.44 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.120.44 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 123.245.84.92 | Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.84.92 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 221.207.34.57 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.57 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 116.178.130.147 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 8.209.91.142 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 8.209.91.142 observed using TLS client fingerprint 'Unknown TLS Client (ff3ce601a1d7)' 2 times when connecting to mdms1 between 2026-04-06 19:56 and 2026-04-06 19:56 UTC. | 2026-04-06 | |
| IPv4 | 14.135.74.67 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 14.135.74.67 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 111.43.41.40 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 111.43.41.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 134.199.167.147 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 134.199.167.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-06 | |
| IPv4 | 112.122.237.192 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 112.122.237.192 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 170.64.215.66 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 170.64.215.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 117.29.8.100 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.29.8.100 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 116.178.130.232 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.130.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 200.7.37.26 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 200.7.37.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 18.215.158.249 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 18.215.158.249 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 209.38.29.50 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 209.38.29.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 121.29.149.84 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 121.29.149.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 118.212.122.75 | Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 117.29.52.149 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.29.52.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 59.52.100.120 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.52.100.120 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 193.253.61.215 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 193.253.61.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 222.94.32.234 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.94.32.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 27.47.24.62 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.62 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, ftp-brute, hacking). | 2026-04-06 | |
| IPv4 | 60.13.6.99 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.99 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 217.216.37.56 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 217.216.37.56 observed using HTTP client fingerprint 'HTTP Client: Go-http-client/1.1' 3 times when connecting to db1lapetro between 2026-04-06 21:27 and 2026-04-06 21:27 UTC. | 2026-04-06 | |
| IPv4 | 121.29.84.56 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 191.101.96.181 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 191.101.96.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 50.3.85.34 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 50.3.85.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-06 | |
| IPv4 | 47.251.141.150 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.141.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 123.245.85.214 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 170.130.204.90 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 170.130.204.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 220.250.11.72 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.11.72 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-06 | |
| IPv4 | 104.207.32.115 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 104.207.32.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-06 | |
| IPv4 | 221.199.73.127 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.199.73.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, low). | 2026-04-06 | |
| IPv4 | 192.42.116.45 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.42.116.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 1.223.151.51 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 1.223.151.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 59.173.110.226 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 59.173.110.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 192.42.116.99 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.42.116.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 139.135.40.201 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 139.135.40.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 47.245.103.162 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.103.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 60.13.7.201 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. This IP (60.13.7.201) is likely a commodity attacker targeting energy sector infrastructure via SSH brute-force attacks against honeypots. Observed attempting access to petroleum-hp-01 using common credentials like 'admin' and 'root', indicative of low-sophistication automated tools. Limited impact detected, with no confirmed exploitation beyond initial reconnais... | 2026-04-06 | |
| IPv4 | 118.212.121.20 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 118.212.121.20 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 136.109.156.121 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 136.109.156.121 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHT...' 7 times when connecting to mdms1 between 2026-04-06 20:53 and 2026-04-06 20:53 UTC. | 2026-04-06 | |
| IPv4 | 59.52.103.206 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4134, Chinanet). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 171.116.46.122 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-06 | |
| IPv4 | 42.98.234.5 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 42.98.234.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 89.190.156.19 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 89.190.156.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 36.230.55.149 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 36.230.55.149 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 4 times when connecting to offbackup1 between 2026-04-06 22:43 and 2026-04-06 22:49 UTC. | 2026-04-06 | |
| IPv4 | 106.75.19.145 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 106.75.19.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-06 | |
| IPv4 | 47.84.134.199 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.134.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 47.77.215.118 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.77.215.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 182.138.158.111 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 182.138.158.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-06 | |
| IPv4 | 220.167.233.88 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.88 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 47.254.32.41 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.32.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-06 | |
| IPv4 | 58.212.237.117 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.212.237.117 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 1.85.218.253 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.85.218.253 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-06 | |
| IPv4 | 221.207.35.241 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.241 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-06 | |
| IPv4 | 58.243.47.30 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 58.243.47.30 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 163.245.212.123 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 163.245.212.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 20.168.6.22 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 20.168.6.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 220.250.11.37 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.11.37 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 118.212.121.24 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 118.212.121.24 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 14.135.74.105 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 14.135.74.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 72.255.33.103 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 72.255.33.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 14.135.74.207 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 14.135.74.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 180.95.238.176 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.176 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 138.68.92.46 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 138.68.92.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 192.140.173.123 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP 192.140.173.123 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 4 times when connecting to mdms1 between 2026-04-06 23:44 and 2026-04-06 23:45 UTC. | 2026-04-07 | |
| IPv4 | 59.103.104.100 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Gujrat, Pakistan (AS9541, Cyber Internet Services Pvt Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. duration: 4m 52s; 45 events. | 2026-04-07 | |
| IPv4 | 112.94.188.148 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.94.188.148 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 113.206.181.150 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 113.206.181.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 117.40.113.134 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.40.113.134 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 221.207.35.93 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.93 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 165.245.162.239 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 165.245.162.239 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 7 times when connecting to mdms1 between 2026-04-06 23:32 and 2026-04-06 23:47 UTC. | 2026-04-07 | |
| IPv4 | 123.245.84.18 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 59.173.110.161 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.161 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 87.106.176.11 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Germany (AS8560, IONOS SE). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. 1 events. | 2026-04-07 | |
| IPv4 | 47.84.139.254 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.139.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 114.97.191.25 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 175.30.48.15 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 175.30.48.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 125.66.81.238 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 125.66.81.238 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-04-06 23:13 and 2026-04-06 23:14 UTC. | 2026-04-07 | |
| IPv4 | 60.204.153.115 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Shanghai, China (AS55990, Huawei Cloud Service data center) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaiss... | 2026-04-07 | |
| IPv4 | 117.40.113.43 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 117.40.113.43 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 58.212.237.154 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 116.110.153.167 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 116.110.153.167 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 8 times when connecting to db1lapetro between 2026-04-06 22:59 and 2026-04-06 23:25 UTC. | 2026-04-07 | |
| IPv4 | 116.178.130.8 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.130.8 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 222.94.32.87 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 222.94.32.87 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-07 | |
| IPv4 | 116.110.156.248 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 116.110.156.248 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 4 times when connecting to db1lapetro between 2026-04-06 23:30 and 2026-04-06 23:45 UTC. | 2026-04-07 | |
| IPv4 | 59.173.110.216 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.251.42.170 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.42.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 182.242.168.98 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.242.168.98 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 47.250.87.24 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.87.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 116.172.200.255 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.172.200.255 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-07 | |
| IPv4 | 171.36.7.183 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 171.36.7.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 123.245.85.65 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 123.245.85.65 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 58.251.255.139 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.251.255.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-07 | |
| IPv4 | 117.184.105.34 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 117.184.105.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, high, multi-reported). | 2026-04-07 | |
| IPv4 | 110.177.182.171 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.182.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 20.199.97.195 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.199.97.195 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 11 times when connecting to db4lamedtech between 2026-04-06 22:48 and 2026-04-06 22:48 UTC. | 2026-04-07 | |
| IPv4 | 213.199.43.87 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 213.199.43.87 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-04-06 22:49 and 2026-04-06 22:50 UTC. | 2026-04-07 | |
| IPv4 | 161.35.117.232 | Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 161.35.117.232 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, port-scan). | 2026-04-07 | |
| IPv4 | 118.212.123.111 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.123.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 118.212.121.21 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.21 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 165.245.163.7 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 165.245.163.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 216.218.206.97 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 216.218.206.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 27.47.27.235 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.27.235 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 110.177.176.73 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 110.177.176.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 104.243.32.126 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 104.243.32.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 43.252.159.76 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from Surabaya, Indonesia (AS149746, PT Blip Integrator Provider). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. duration: 4m 32s; 43 events. | 2026-04-07 | |
| IPv4 | 189.146.58.128 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 189.146.58.128 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to offbackup1 between 2026-04-07 00:25 and 2026-04-07 00:58 UTC. | 2026-04-07 | |
| IPv4 | 60.13.6.234 | Score: 55/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.234 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 27.47.25.239 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.25.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 59.173.109.209 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.209 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 185.247.137.211 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 59.173.109.142 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 123.245.84.209 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 161.35.16.232 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 161.35.16.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 116.178.129.173 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.173 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 118.212.122.38 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.38 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 192.241.155.248 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 192.241.155.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 221.207.34.40 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.34.40 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 142.93.9.201 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 142.93.9.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted). | 2026-04-07 | |
| IPv4 | 47.84.104.148 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.104.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 59.173.110.77 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.77 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 118.212.120.139 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 220.167.233.157 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 113.89.17.21 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP 113.89.17.21 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db4lamedtech between 2026-04-07 00:02 and 2026-04-07 00:03 UTC. | 2026-04-07 | |
| IPv4 | 172.237.38.57 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 172.237.38.57 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 251 times when connecting to db4lamedtech between 2026-04-06 23:55 and 2026-04-07 00:20 UTC. | 2026-04-07 | |
| IPv4 | 58.243.47.191 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 58.243.47.191 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 43.153.150.122 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.153.150.122 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 103.244.172.33 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 103.244.172.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 110.90.106.160 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.90.106.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 66.167.169.152 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 66.167.169.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 112.102.227.97 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.102.227.97 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 170.64.134.148 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 170.64.134.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 137.184.161.224 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 137.184.161.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 146.190.28.100 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 146.190.28.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 65.111.1.210 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 65.111.1.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level4); AbuseIPDB (brute-force, ddos, hacking). | 2026-04-07 | |
| IPv4 | 157.230.211.224 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 157.230.211.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 117.245.139.165 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 117.245.139.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 118.212.121.217 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.217 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 118.212.122.72 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 118.212.122.72 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 124.117.193.207 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.193.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 157.230.208.112 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 157.230.208.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 124.117.192.253 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.192.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 152.32.208.106 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 152.32.208.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 209.50.164.74 | Score: 50/100. Labels: abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 209.50.164.74 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level1); AbuseIPDB (ddos, hacking, low). | 2026-04-07 | |
| IPv4 | 143.198.121.41 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. duration: 1s; 2 events. | 2026-04-07 | |
| IPv4 | 74.82.62.138 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS6939, Hurricane Electric LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 4m 43s; 62 events. | 2026-04-07 | |
| IPv4 | 27.47.27.15 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.27.15 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 178.128.150.50 | Score: 70/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 178.128.150.50 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan). | 2026-04-07 | |
| IPv4 | 47.250.81.241 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.81.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 170.64.164.184 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Sydney, Australia (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 192.241.130.89 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 192.241.130.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 18.97.26.56 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 18.97.26.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.237.202.162 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.202.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 107.3.84.95 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 107.3.84.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 134.199.164.33 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 134.199.164.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 159.223.175.118 | Score: 50/100. Labels: abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via dionaea. 1 events. | 2026-04-07 | |
| IPv4 | 171.36.7.239 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 171.36.7.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 118.212.123.229 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.123.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 143.198.200.27 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 143.198.200.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 116.178.130.209 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 101.249.63.123 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 101.249.63.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-07 | |
| IPv4 | 124.117.192.227 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.192.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 167.99.225.5 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 46.151.182.185 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from The Netherlands (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via dionaea. 1 events. | 2026-04-07 | |
| IPv4 | 185.247.137.197 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 165.227.163.163 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 165.227.163.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-07 | |
| IPv4 | 161.35.70.210 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 161.35.70.210 observed using HTTP client fingerprint 'HTTP Client (d41d8cd98f00)' 3 times when connecting to db4lamedtech between 2026-04-07 00:53 and 2026-04-07 00:53 UTC. | 2026-04-07 | |
| IPv4 | 198.211.96.107 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 74.50.85.208 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from United States (AS19318, Interserver, Inc). Observed targeting healthcare sector honeypot medtech-hp-01 via dionaea. 1 events. | 2026-04-07 | |
| IPv4 | 138.68.82.46 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 138.68.82.46 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 114.97.191.245 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.245 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 121.29.149.204 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (121.29.149.204) is likely part of a commodity brute-force campaign targeting healthcare sector SSH services, observed interacting with honeypot mdms-hp-01 via honeytrap. The actor attempted credential access using common patterns, leveraging automated tools to exploit weak SSH configurations. While not highly sophisticated, ... | 2026-04-07 | |
| IPv4 | 36.106.166.91 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.166.91 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 116.178.129.175 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 192.241.137.61 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 192.241.137.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 195.2.81.242 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 195.2.81.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, hacking). | 2026-04-07 | |
| IPv4 | 114.97.191.227 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 65.111.2.8 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 65.111.2.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 47.254.197.224 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 47.254.197.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 47.114.173.120 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 47.114.173.120 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 104.224.53.9 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. Attacker IP from Ashburn, United States (AS152586, Kuroit). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 2s; 2 events. | 2026-04-07 | |
| IPv4 | 222.176.200.251 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 124.117.193.163 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.193.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 60.13.7.220 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (60.13.7.220) is likely a low-sophistication automated actor targeting healthcare sector SSH services via brute-force attacks against honeypots. Observed using basic credential patterns and command-line interface interactions, with limited impact confined to reconnaissance attempts against compromised SSH endpoints. | 2026-04-07 | |
| IPv4 | 180.176.249.221 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 180.176.249.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 76.91.55.28 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 76.91.55.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 59.173.109.66 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.66 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 182.88.190.212 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 182.88.190.212 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 47.250.14.85 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.14.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 105.186.199.123 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 105.186.199.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 116.178.128.204 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 20.63.209.197 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.63.209.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 118.212.122.199 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.122.199 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 47.251.22.15 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.22.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 162.243.175.88 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 170.64.168.164 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sydney, Australia (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 146.190.220.75 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 143.198.171.185 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 68.183.18.228 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 103.244.172.221 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 103.244.172.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 116.178.131.37 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.178.131.37 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-07 | |
| IPv4 | 121.29.149.243 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 121.29.149.243 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 118.212.123.38 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 118.212.123.38 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 103.173.7.205 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.173.7.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 47.250.160.227 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Kuala Lumpur, Malaysia (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 171.36.6.82 | Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.36.6.82 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 110.90.106.74 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.90.106.74 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 47.77.234.83 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.77.234.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 221.144.112.211 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 221.144.112.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 146.190.230.244 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 146.190.230.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 91.215.35.9 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 91.215.35.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 58.212.237.101 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 103.205.241.245 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.205.241.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 45.3.62.181 | Score: 50/100. Labels: abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 45.3.62.181 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (ddos, hacking, low). | 2026-04-07 | |
| IPv4 | 222.176.200.170 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (222.176.200.170) is likely a botnet node or automated scanner targeting healthcare sector systems, observed attempting SSH brute-force attacks against honeypot mdms-hp-01 using credential patterns typical of commodity attack tools. The actor demonstrated low-to-moderate sophistication, leveraging common exploit techniqu... | 2026-04-07 | |
| IPv4 | 138.124.7.7 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 138.124.7.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 5.167.229.14 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 5.167.229.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, multi-reported). | 2026-04-07 | |
| IPv4 | 170.64.238.147 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Sydney, Australia (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 116.178.130.181 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-07 | |
| IPv4 | 180.95.238.233 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.251.30.247 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.30.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 123.163.114.251 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.163.114.251 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 209.38.43.230 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 209.38.43.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-07 | |
| IPv4 | 47.251.95.226 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.95.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 218.70.198.174 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 218.70.198.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 47.250.195.177 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.195.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 110.177.176.162 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.176.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 209.38.86.206 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Sydney, Australia (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 137.184.59.147 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 143.244.171.154 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 125.39.93.133 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 125.39.93.133 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 42.48.38.248 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 42.48.38.248 classified as scanning infrastructure conducting network reconnaissance (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (moderate, reported, well-known). | 2026-04-07 | |
| IPv4 | 27.47.25.138 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.25.138 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 42.96.16.250 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 42.96.16.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 14.63.225.172 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 14.63.225.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 182.218.105.49 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 182.218.105.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 163.44.120.79 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 163.44.120.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 189.174.244.193 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 189.174.244.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 124.117.193.128 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.193.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 194.187.179.64 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. This IP (194.187.179.64) is a low-to-moderate sophistication attacker targeting healthcare sector SSH honeypots, observed attempting access to medtech-hp-01 via honeytrap. Likely leveraging brute-force or credential-stuffing attacks against SSH/Telnet services, with no confirmed malware or data exfiltration detected. The actor's association with AS42969 (Alph... | 2026-04-07 | |
| IPv4 | 103.132.243.250 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Bhubaneswar, India (AS45117, Ishans Network). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 5 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killi... | 2026-04-07 | |
| IPv4 | 47.254.240.14 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.240.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 167.172.182.146 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 167.172.182.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 139.170.229.185 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 139.170.229.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 106.12.179.66 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from China (AS38365, Beijing Baidu Netcom Science and Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username, execution of 3 commands (SSH key persistence), delivery of 3 malware samples. SSH client: SSH-... | 2026-04-07 | |
| IPv4 | 59.50.25.23 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from China (AS4134, Chinanet). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. duration: 41s; 2 events. | 2026-04-07 | |
| IPv4 | 46.165.56.242 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Nizhny Tagil, Russia (AS49218, Nizhnetagilskie Kompyuternye Seti LLC). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 7 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 14m 27s; 50 events. | 2026-04-07 | |
| IPv4 | 66.167.166.132 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 66.167.166.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 178.128.92.222 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Singapore, Singapore (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 12 failed login attempts, 12 credential pairs tried across 6 unique usernames, execution of 42 commands (SSH key persistence, password changes, system reconnaissance, cro... | 2026-04-07 | |
| IPv4 | 27.47.25.195 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.25.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 117.40.113.253 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.40.113.253 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 45.148.10.183 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.148.10.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 147.182.216.197 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 147.182.216.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 74.115.235.101 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Miami, United States (AS33132, Crown Castle Fiber LLC). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 7 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 14m 2s; 39 events. | 2026-04-07 | |
| IPv4 | 144.48.130.144 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from Karachi, Pakistan (AS9541, Cyber Internet Services Pvt Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. duration: 4m 45s; 45 events. | 2026-04-07 | |
| IPv4 | 43.128.66.35 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Singapore, Singapore (AS132203, Tencent Building, Kejizhongyi Avenue). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 4 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 7m 5s; 25 events. | 2026-04-07 | |
| IPv4 | 222.94.32.92 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 222.94.32.92 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 65.108.103.25 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 65.108.103.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-07 | |
| IPv4 | 106.117.110.101 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.117.110.101 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 123.163.114.159 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 123.163.114.159 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 116.178.130.139 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.139 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 116.178.131.38 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 14.135.74.102 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 14.135.74.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.251.45.25 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.45.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 182.166.240.187 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 182.166.240.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 120.46.142.202 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:reported, abuseipdb:ssh, abuseipdb:well-known. 120.46.142.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-07 | |
| IPv4 | 65.111.14.21 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported. 65.111.14.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-07 | |
| IPv4 | 101.29.255.113 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 101.29.255.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 134.199.217.8 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 134.199.217.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 47.251.67.227 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from United States (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 85.190.254.65 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 85.190.254.65 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-04-07 03:24 and 2026-04-07 03:24 UTC. | 2026-04-07 | |
| IPv4 | 31.58.87.216 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Fremont, United States (AS56971, Cgi Global Limited). Observed targeting government sector honeypot backup-hp-01 via cowrie. duration: 8s; 3 events. | 2026-04-07 | |
| IPv4 | 194.187.179.30 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.251.185.198 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.185.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 90.188.27.236 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 90.188.27.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 112.122.236.67 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.122.236.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 222.176.200.156 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.156 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 121.29.149.229 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 167.99.149.29 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 167.99.149.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 59.173.108.210 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 51.159.161.242 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 51.159.161.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 45.12.142.202 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 45.12.142.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-07 | |
| IPv4 | 59.173.109.112 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.109.112 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 182.119.228.99 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.228.99 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 210.176.44.217 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 210.176.44.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 206.189.183.244 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 206.189.183.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 206.81.16.85 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 206.81.16.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 103.193.177.213 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 103.193.177.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 123.163.114.197 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.163.114.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 218.161.112.80 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Kaohsiung, Taiwan (AS3462, Data Communication Business Group). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. duration: 3m 23s; 19 events. | 2026-04-07 | |
| IPv4 | 223.123.72.202 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Mian Channu, Pakistan (AS59257, CMPak Limited). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. duration: 1m 30s; 15 events. | 2026-04-07 | |
| IPv4 | 39.107.95.100 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 39.107.95.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 170.64.205.4 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 170.64.205.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 103.109.187.108 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.109.187.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 222.94.32.174 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.94.32.174 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 123.14.120.237 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.14.120.237 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 59.173.108.154 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.154 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-07 | |
| IPv4 | 139.135.60.107 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 139.135.60.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 120.48.45.182 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 120.48.45.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 121.78.158.30 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 121.78.158.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 94.243.13.102 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 94.243.13.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 60.13.7.169 | Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 60.13.7.169 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan). | 2026-04-07 | |
| IPv4 | 171.36.7.98 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 171.36.7.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 59.173.110.247 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.251.9.15 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.9.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 34.138.135.178 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 34.138.135.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 123.144.30.16 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.144.30.16 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 119.198.229.152 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Busan, South Korea (AS4766, Korea Telecom). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 1s; 5 events. | 2026-04-07 | |
| IPv4 | 58.251.255.86 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 58.251.255.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute). | 2026-04-07 | |
| IPv4 | 84.54.70.47 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 84.54.70.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 69.55.49.147 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 69.55.49.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 158.220.98.16 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 158.220.98.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 51.68.107.141 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 51.68.107.141 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v2.0.5; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-04-07 04:15 and 2026-04-07 04:15 UTC. | 2026-04-07 | |
| IPv4 | 51.91.101.26 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 51.91.101.26 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 35 times when connecting to offbackup1 between 2026-04-07 04:01 and 2026-04-07 04:37 UTC. | 2026-04-07 | |
| IPv4 | 188.226.168.173 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 188.226.168.173 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-07 03:53 and 2026-04-07 04:31 UTC. | 2026-04-07 | |
| IPv4 | 35.205.68.100 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP from Brussels, Belgium (AS396982, Google LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 106.52.165.100 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 106.52.165.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 121.29.149.3 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 121.29.149.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 123.232.134.138 | Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 123.232.134.138 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan). | 2026-04-07 | |
| IPv4 | 47.250.85.210 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.85.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 114.97.190.237 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-07 | |
| IPv4 | 45.156.87.203 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.156.87.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 147.182.151.53 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 147.182.151.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 175.125.21.44 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 175.125.21.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 59.173.111.127 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.127 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 47.251.245.58 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.245.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 117.245.136.17 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 117.245.136.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 110.37.35.89 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 110.37.35.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 223.166.22.6 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 223.166.22.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 98.80.4.118 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low. 98.80.4.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 147.135.213.9 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 147.135.213.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-07 | |
| IPv4 | 184.105.247.200 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 184.105.247.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 115.191.70.104 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 115.191.70.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-07 | |
| IPv4 | 103.173.7.206 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.173.7.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 217.182.195.140 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 217.182.195.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-07 | |
| IPv4 | 124.71.12.19 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported, abuseipdb:port-scan. 124.71.12.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-07 | |
| IPv4 | 172.190.204.87 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 172.190.204.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 108.181.56.75 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 108.181.56.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 60.13.7.135 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.135 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 123.245.85.57 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.85.57 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 110.177.181.35 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 110.177.181.35 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 138.197.138.15 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Toronto, Canada (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 60.13.7.111 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. This attacker IP (60.13.7.111) is likely a commodity attacker targeting energy sector infrastructure, observed attempting SSH brute-force attacks against a honeypot (petroleum-hp-01) using default credentials. The low sophistication suggests automated tooling rather than advanced persistent threat actors, with limited impact confined to reconnaiss... | 2026-04-07 | |
| IPv4 | 87.236.176.19 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 142.93.240.24 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 112.122.236.101 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 112.122.236.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 36.106.167.82 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.82 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 210.79.191.174 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 210.79.191.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 177.93.71.32 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 177.93.71.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 125.112.144.244 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 125.112.144.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 157.245.137.58 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 157.245.137.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 140.249.247.162 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 140.249.247.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 106.4.161.180 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 106.4.161.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 59.52.100.90 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.52.100.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 194.187.179.195 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 115.178.75.243 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Jongno-gu, South Korea (AS9318, SK Broadband Co Ltd). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 4 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 8m 32s; 30 events. | 2026-04-07 | |
| IPv4 | 143.244.160.246 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 134.199.165.191 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sydney, Australia (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 113.200.72.204 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 113.200.72.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 59.52.100.54 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.52.100.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 118.219.255.169 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Gumi, South Korea (AS9318, SK Broadband Co Ltd). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 2s; 5 events. | 2026-04-07 | |
| IPv4 | 146.190.148.201 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 146.190.148.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 47.250.172.64 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.172.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 36.106.167.98 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 205.209.106.132 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 205.209.106.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 47.84.138.180 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.138.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 180.95.238.179 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 180.95.238.179 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 220.167.233.232 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.233.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 47.245.135.78 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.135.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 220.167.233.67 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 59.92.50.157 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 59.92.50.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 110.177.177.181 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.177.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 38.250.187.139 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Huancavelica, Peru (AS270068, DESARROLLO DE INFRAESTRUCTURA DE TELECOMUNICACIONES PERU S.A.C. INFRATEL). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh2_1.11.1 (HASSH: 19532158b55... | 2026-04-07 | |
| IPv4 | 47.84.206.196 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Singapore (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 12s; 2 events. | 2026-04-07 | |
| IPv4 | 47.254.84.190 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.84.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 118.212.123.250 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 118.212.123.250 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 47.250.92.255 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.92.255 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 186.236.237.105 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 186.236.237.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 104.223.84.94 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 104.223.84.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 58.221.195.130 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 58.221.195.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 113.57.184.197 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 113.57.184.197 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 139.9.117.175 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 139.9.117.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 193.194.91.218 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP from Algeria (AS3208, ARN). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 4m 37s; 9 events. | 2026-04-07 | |
| IPv4 | 8.220.74.154 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 8.220.74.154 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 3 times when connecting to mdms1 between 2026-04-07 06:20 and 2026-04-07 06:20 UTC. | 2026-04-07 | |
| IPv4 | 43.157.98.118 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 43.157.98.118 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-07 06:15 and 2026-04-07 06:52 UTC. | 2026-04-07 | |
| IPv4 | 161.193.4.112 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, fatt. Attacker IP 161.193.4.112 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:114.0) Gecko/201001...' 2 times when connecting to mdms1 between 2026-04-07 06:02 and 2026-04-07 06:02 UTC. | 2026-04-07 | |
| IPv4 | 186.69.247.106 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 186.69.247.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 66.97.42.71 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 66.97.42.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-07 | |
| IPv4 | 116.255.252.44 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 116.255.252.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 220.167.232.145 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.145 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 112.94.189.170 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.189.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 102.208.190.22 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 102.208.190.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 35.233.5.230 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, auth:failed. 35.233.5.230 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 34.76.216.47 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 34.76.216.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted). | 2026-04-07 | |
| IPv4 | 123.245.84.51 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.84.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 179.124.29.29 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 179.124.29.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 123.245.84.114 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 123.245.84.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 171.116.45.3 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.116.45.3 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 117.50.120.215 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 117.50.120.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 175.107.237.20 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 175.107.237.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 85.128.143.9 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 85.128.143.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 116.178.131.141 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.141 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 192.36.109.114 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 192.36.109.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 123.116.125.137 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 123.116.125.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 20.193.250.198 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.193.250.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 89.217.240.241 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 89.217.240.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 64.225.24.113 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Clifton, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via adbhoney. 1 events. | 2026-04-07 | |
| IPv4 | 92.124.132.245 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 92.124.132.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 59.173.108.41 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.41 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 222.241.236.27 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 222.241.236.27 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 200.0.53.15 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 200.0.53.15 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted). | 2026-04-07 | |
| IPv4 | 220.167.232.77 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.77 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 148.71.0.237 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 148.71.0.237 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 59.173.109.204 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 115.160.79.71 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 115.160.79.71 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 27.47.24.51 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.51 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 118.193.38.159 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 118.193.38.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 123.60.136.40 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 123.60.136.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 221.199.73.36 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.199.73.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 60.13.6.144 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. This attacker IP (60.13.6.144) is likely a commodity threat actor targeting healthcare sector systems via SSH brute-force attacks against honeypots. Observed interacting with the mdms-hp-01 honeytrap using basic credential patterns, indicative of automated tooling rather than advanced persistent techniques. Limited impact detected, but aligns with ... | 2026-04-07 | |
| IPv4 | 84.51.43.57 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Türkiye (AS34984, Superonline Iletisim Hizmetleri A.S.). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events. | 2026-04-07 | |
| IPv4 | 125.228.25.18 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 125.228.25.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 39.113.77.97 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 39.113.77.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 5.180.25.146 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 5.180.25.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 110.177.177.169 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 110.177.177.169 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-07 | |
| IPv4 | 54.37.252.192 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 54.37.252.192 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to db4lamedtech between 2026-04-07 07:47 and 2026-04-07 07:48 UTC. | 2026-04-07 | |
| IPv4 | 75.119.152.24 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 75.119.152.24 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to db1lapetro between 2026-04-07 06:32 and 2026-04-07 07:18 UTC. | 2026-04-07 | |
| IPv4 | 121.179.119.204 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 121.179.119.204 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-07 06:15 and 2026-04-07 06:59 UTC. | 2026-04-07 | |
| IPv4 | 47.251.18.56 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Santa Clara, United States (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 22s; 3 events. | 2026-04-07 | |
| IPv4 | 23.95.191.208 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 23.95.191.208 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 20 times when connecting to db1lapetro between 2026-04-07 06:07 and 2026-04-07 07:09 UTC. | 2026-04-07 | |
| IPv4 | 159.223.158.86 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.223.158.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 118.42.246.20 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 118.42.246.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 123.181.26.3 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 123.181.26.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high). | 2026-04-07 | |
| IPv4 | 116.178.130.116 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 116.178.130.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 170.64.182.131 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 170.64.182.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking). | 2026-04-07 | |
| IPv4 | 124.29.247.51 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 124.29.247.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 180.95.231.91 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 180.95.231.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 118.212.120.182 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 118.212.120.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-07 | |
| IPv4 | 8.34.210.47 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 8.34.210.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 113.215.47.156 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 113.215.47.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 183.232.212.197 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from China (AS9808, China Mobile Communications Group Co., Ltd.). Observed targeting healthcare sector honeypot medtech-hp-01 via adbhoney. 1 events. | 2026-04-07 | |
| IPv4 | 118.212.120.174 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 122.96.28.168 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 122.96.28.168 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-07 | |
| IPv4 | 47.250.195.73 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.195.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 182.184.118.5 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 182.184.118.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 123.191.159.231 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.191.159.231 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 211.103.219.51 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 211.103.219.51 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 114.97.191.97 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.191.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 170.64.167.196 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 170.64.167.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 182.138.158.213 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 182.138.158.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.254.231.141 | Score: 70/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.254.231.141 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 116.178.130.222 | Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.130.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 59.173.108.9 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 59.173.108.9 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 31.57.184.107 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 31.57.184.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 36.106.166.25 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 36.106.166.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 104.207.44.145 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported. 104.207.44.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-07 | |
| IPv4 | 27.47.27.251 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.27.251 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 187.77.80.49 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 187.77.80.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 24.235.62.2 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 24.235.62.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 223.123.41.64 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 223.123.41.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 87.236.176.18 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 51.77.43.170 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Warsaw, Poland (AS16276, OVH SAS) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via tanner. duration: 2m 50s; 88 events. | 2026-04-07 | |
| IPv4 | 101.47.19.10 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Singapore, Singapore (AS150436, Byteplus Pte. Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 1m 41s; 10 events. | 2026-04-07 | |
| IPv4 | 209.14.88.118 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from São Paulo, Brazil (AS272786, X99 INTERNET). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 4 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 7m 30s; 25 events. | 2026-04-07 | |
| IPv4 | 103.200.22.162 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Vietnam (AS135905, VIETNAM POSTS AND TELECOMMUNICATIONS GROUP). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 4 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 5m 19s; 20 events. | 2026-04-07 | |
| IPv4 | 24.144.81.217 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 24.144.81.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 47.251.108.43 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.108.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 223.123.73.40 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 223.123.73.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 14.135.74.215 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 14.135.74.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 94.243.10.221 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 94.243.10.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 114.97.190.107 | Score: 75/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 114.97.190.107 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported). | 2026-04-07 | |
| IPv4 | 47.84.111.156 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.111.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 185.247.137.95 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.247.137.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 209.38.85.119 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 209.38.85.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 84.239.7.135 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 84.239.7.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 180.95.231.101 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 180.95.231.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 221.207.35.10 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 60.13.6.127 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.127 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-07 | |
| IPv4 | 47.77.234.102 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.77.234.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 188.166.68.190 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 188.166.68.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-07 | |
| IPv4 | 155.94.144.31 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 155.94.144.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 182.127.128.36 | Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 182.127.128.36 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 170.64.219.80 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 170.64.219.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.89.250.198 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.89.250.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 112.248.100.210 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 39s; 4 events. | 2026-04-07 | |
| IPv4 | 2.26.100.147 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 2.26.100.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 1.83.125.237 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-07 | |
| IPv4 | 175.107.237.243 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 175.107.237.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 1.94.143.149 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 1.94.143.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 129.121.79.67 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Ashburn, United States (AS31898, Oracle Corporation). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events. | 2026-04-07 | |
| IPv4 | 72.56.7.124 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 72.56.7.124 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 16 times when connecting to mdms1 between 2026-04-07 08:57 and 2026-04-07 09:54 UTC. | 2026-04-07 | |
| IPv4 | 170.64.219.174 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sydney, Australia (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 170.64.226.48 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Sydney, Australia (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 27.47.24.45 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 1.83.125.36 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 1.83.125.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 180.95.231.71 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 27.47.24.235 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.24.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 124.117.192.159 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 124.117.192.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 34.77.105.211 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 34.77.105.211 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 203.186.60.250 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 203.186.60.250 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 172.237.38.244 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 172.237.38.244 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 182.88.190.55 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.88.190.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.250.92.207 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.92.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 47.88.66.103 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.88.66.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-07 | |
| IPv4 | 47.251.113.207 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.113.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 175.24.232.83 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 175.24.232.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 106.63.26.156 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 106.63.26.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 121.29.84.239 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.239 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-07 | |
| IPv4 | 106.63.26.132 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.63.26.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 106.63.26.147 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.63.26.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 106.63.26.13 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.63.26.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 222.95.168.217 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.95.168.217 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 173.235.74.180 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 173.235.74.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 110.177.183.54 | Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 110.177.183.54 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 178.141.242.40 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 178.141.242.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 103.211.218.42 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Seychelles (AS394695, PDR). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 11s; 5 events. | 2026-04-07 | |
| IPv4 | 59.173.111.116 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.111.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 106.63.26.21 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.63.26.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 106.63.26.6 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.63.26.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 106.63.26.20 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from China (AS141679, China Telecom Beijing Tianjin Hebei Big Data Industry Park Branch). Observed targeting healthcare sector honeypot medtech-hp-01 via elasticpot. 1 events. | 2026-04-07 | |
| IPv4 | 106.63.26.155 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.63.26.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 34.62.72.109 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 34.62.72.109 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 106.63.26.148 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from China (AS141679, China Telecom Beijing Tianjin Hebei Big Data Industry Park Branch). Observed targeting healthcare sector honeypot medtech-hp-01 via elasticpot. 1 events. | 2026-04-07 | |
| IPv4 | 14.135.75.71 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 14.135.75.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-07 | |
| IPv4 | 73.236.55.195 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 73.236.55.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 110.90.224.200 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.90.224.200 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 60.204.248.138 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Shanghai, China (AS55990, Huawei Cloud Service data center) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 5m 31s; 12 events. | 2026-04-07 | |
| IPv4 | 47.250.179.209 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.179.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 198.11.180.76 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 198.11.180.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 172.237.38.238 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Mumbai, India (AS63949, Akamai Connected Cloud) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 19 failed login attempts, 19 credential pairs tried across 16 unique usernames. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 1m 53s; 96 events. | 2026-04-07 | |
| IPv4 | 58.212.237.88 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 87.121.89.187 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Helsinki, Finland (AS215439, Play2go International Limited). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 3 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 3m 49s; 15 events. | 2026-04-07 | |
| IPv4 | 121.29.149.216 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.216 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 35.195.104.120 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 35.195.104.120 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (2 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 23.27.110.38 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Baku, Azerbaijan (AS209854, Cyberzone S.A.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 15s; 11 events. | 2026-04-07 | |
| IPv4 | 94.103.87.20 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP 94.103.87.20 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 8 times when connecting to mdms1 between 2026-04-07 10:18 and 2026-04-07 10:18 UTC. | 2026-04-07 | |
| IPv4 | 96.41.209.2 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 96.41.209.2 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to db4lamedtech between 2026-04-07 10:13 and 2026-04-07 10:14 UTC. | 2026-04-07 | |
| IPv4 | 59.178.105.248 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 59.178.105.248 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 35 times when connecting to offbackup1 between 2026-04-07 10:01 and 2026-04-07 10:51 UTC. | 2026-04-07 | |
| IPv4 | 172.172.170.199 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Washington, United States (AS8075, Microsoft Corporation). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 10s; 5 events. | 2026-04-07 | |
| IPv4 | 134.199.157.230 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Sydney, Australia (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 123.178.210.219 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.178.210.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 144.123.77.88 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 144.123.77.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 112.94.189.229 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.189.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 112.161.53.214 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.161.53.214 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted). | 2026-04-07 | |
| IPv4 | 62.210.198.226 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 62.210.198.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 160.2.55.183 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 160.2.55.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 113.57.184.113 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP, likely part of an automated scanning campaign originating from Wuhan, China, targeted energy sector honeypots using SSH/Telnet protocols. It attempted access to the petroleum-hp-01 honeypot, suggesting interest in critical infrastructure systems. The attacker employed brute-force techniques against SSH services, indicating moderate soph... | 2026-04-07 | |
| IPv4 | 103.18.14.247 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 103.18.14.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 222.94.32.147 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 222.94.32.147 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 124.117.192.184 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 123.245.85.91 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 116.178.129.188 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.129.188 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 180.111.30.23 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 180.111.30.23 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 76.132.119.98 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 76.132.119.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 46.105.208.3 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 46.105.208.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 106.117.117.248 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 106.117.117.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-07 | |
| IPv4 | 122.96.28.154 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 122.96.28.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-07 | |
| IPv4 | 111.59.125.171 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 111.59.125.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 122.114.15.109 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 122.114.15.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 124.117.193.125 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.193.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 103.49.188.186 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 103.49.188.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high). | 2026-04-07 | |
| IPv4 | 46.151.182.182 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from The Netherlands (AS205759, Ghosty Networks LLC). Observed targeting energy sector honeypot petroleum-hp-01 via dionaea. 1 events. | 2026-04-07 | |
| IPv4 | 47.236.192.26 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.236.192.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 43.106.117.111 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.106.117.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 8.222.177.49 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 8.222.177.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 49.213.219.10 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 49.213.219.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 170.64.229.15 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 170.64.229.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 171.12.10.176 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.12.10.176 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 209.38.83.142 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 209.38.83.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 180.95.238.162 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 114.97.190.151 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 34.79.226.232 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 34.79.226.232 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (2 commands), 2 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 45.145.41.93 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 45.145.41.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 34.29.213.75 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Council Bluffs, United States. Observed targeting healthcare sector honeypot mdms-hp-01 via h0neytr4p. 6 events. | 2026-04-07 | |
| IPv4 | 110.177.178.12 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.178.12 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 122.96.48.190 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 122.96.48.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 110.177.179.240 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.179.240 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 220.197.78.140 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 220.197.78.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 118.212.123.128 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.123.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.251.22.83 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.22.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 110.177.177.20 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.177.20 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 47.251.85.109 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.85.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 36.106.167.172 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 36.106.167.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 185.247.137.50 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 27.47.24.165 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 129.121.48.91 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 129.121.48.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 118.248.199.161 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Changsha, China (AS4134, Chinanet). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. duration: 2m 0s; 2 events. | 2026-04-07 | |
| IPv4 | 27.47.27.98 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.27.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 171.37.46.139 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.37.46.139 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 1.193.63.47 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 1.193.63.47 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 27.155.172.9 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.155.172.9 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 119.147.144.220 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 119.147.144.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 59.173.109.233 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.233 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 47.251.124.47 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.124.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 182.116.70.122 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.116.70.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.251.181.69 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.181.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 58.243.46.34 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.243.46.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 118.212.122.205 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.122.205 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 116.178.131.110 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 191.185.143.62 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 191.185.143.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 122.96.28.138 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 122.96.28.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 117.25.124.61 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.25.124.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 172.213.152.220 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 172.213.152.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 180.111.30.149 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.111.30.149 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 84.200.24.238 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Germany (AS214036, Ultahost, Inc.). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. duration: 31s; 2 events. | 2026-04-07 | |
| IPv4 | 121.29.149.235 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.149.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 139.9.65.151 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 139.9.65.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 222.176.201.251 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.251 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 209.50.173.45 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:firehol_abusers_30d. 209.50.173.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level1); AbuseIPDB (brute-force, low, reported). | 2026-04-07 | |
| IPv4 | 205.209.96.142 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from United States (AS19318, Interserver, Inc). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 170.64.227.26 | Score: 50/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Sydney, Australia (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 5.133.192.167 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 5.133.192.167 observed using TLS client fingerprint 'Unknown TLS Client (cd5ba0bbcab7)' 2 times when connecting to mdms1 between 2026-04-07 12:28 and 2026-04-07 12:28 UTC. | 2026-04-07 | |
| IPv4 | 64.227.24.204 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 121.29.84.151 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 121.29.84.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 221.207.35.199 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (221.207.35.199) is likely a botnet node or automated scanner targeting energy sector systems, observed attempting SSH brute-force attacks against a honeypot (petroleum-hp-01). The attacker used common credential patterns and leveraged Cowrie honeypot interactions, indicating low-to-moderate sophistication with potential focus on indu... | 2026-04-07 | |
| IPv4 | 110.177.183.152 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.183.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 116.178.131.216 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 116.178.128.140 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 175.107.3.50 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 175.107.3.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 47.77.216.134 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from United States (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 11s; 2 events. GTI: SUSPICIOUS | 5/94 engines flagged malicious | AS45102 (Alibaba US Technology Co., Ltd.) | 2 malicious URL(s) hosted. | 2026-04-07 | |
| IPv4 | 47.250.49.246 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Kuala Lumpur, Malaysia (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 12s; 2 events. | 2026-04-07 | |
| IPv4 | 182.119.229.201 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.229.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 220.167.232.53 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 59.173.110.171 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. This attacker IP from Wuhan, China (AS4134/Chinanet) is likely a commodity threat actor targeting energy sector infrastructure. Observed exploiting SSH/Telnet services via honeypot petroleum-hp-01 using automated brute-force techniques against default credentials. While not highly sophisticated, the persistent probing of critical infrastructure sy... | 2026-04-07 | |
| IPv4 | 220.167.232.171 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.232.171 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 58.243.47.20 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.243.47.20 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 213.177.179.107 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Taiwan (AS208137, Feo Prest SRL). Observed targeting energy sector honeypot petroleum-hp-01 via mailoney. duration: 1s; 4 events. | 2026-04-07 | |
| IPv4 | 27.47.27.165 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.27.165 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 47.77.234.232 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.77.234.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 89.117.41.54 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Low-sophistication attacker IP 89.117.41.54 from Buenos Aires, Argentina, observed targeting a healthcare sector honeypot (mdms-hp-01) via SSH/Telnet brute-force attempts using common credential patterns. The attack lasted 20 seconds with 11 events, consistent with automated scanning behavior rather than advanced persistent threats. No malware... | 2026-04-07 | |
| IPv4 | 99.238.145.210 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 99.238.145.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 116.178.130.49 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.49 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 180.95.238.85 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 45.61.185.71 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, cowrie, firehol:unlisted. IP observed in Suricata network metadata | 2026-04-07 | |
| IPv4 | 47.254.87.150 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.87.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 96.30.137.94 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 96.30.137.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 110.177.178.171 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.178.171 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 222.176.200.230 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 112.94.190.202 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 112.94.190.202 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 121.29.149.154 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 121.29.149.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 175.107.0.153 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 175.107.0.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 110.177.178.8 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 110.177.178.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 92.119.36.122 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 92.119.36.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 92.119.36.116 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 92.119.36.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ftp-brute, hacking). | 2026-04-07 | |
| IPv4 | 149.28.86.228 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 149.28.86.228 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to offbackup1 between 2026-04-07 13:34 and 2026-04-07 13:35 UTC. | 2026-04-07 | |
| IPv4 | 82.165.247.100 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 82.165.247.100 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-04-07 13:28 and 2026-04-07 13:28 UTC. | 2026-04-07 | |
| IPv4 | 171.116.46.43 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 87.251.64.144 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 87.251.64.144 observed using SSH client fingerprint 'Unknown SSH Client (0dacd4756084)' 3 times when connecting to offbackup1 between 2026-04-07 13:10 and 2026-04-07 13:10 UTC. | 2026-04-07 | |
| IPv4 | 182.151.41.228 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 182.151.41.228 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 3 times when connecting to db4lamedtech between 2026-04-07 13:04 and 2026-04-07 13:04 UTC. | 2026-04-07 | |
| IPv4 | 103.107.60.45 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 103.107.60.45 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to offbackup1 between 2026-04-07 12:18 and 2026-04-07 13:05 UTC. | 2026-04-07 | |
| IPv4 | 117.25.124.50 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Fuzhou, China (AS4134, Chinanet). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 51.158.55.141 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Paris, France (AS12876, Scaleway SAS). Observed targeting healthcare sector honeypot mdms-hp-01 via tanner. 1 events. | 2026-04-07 | |
| IPv4 | 123.245.85.134 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 182.119.226.254 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.226.254 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 182.119.230.99 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 182.119.230.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 1.193.63.86 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.193.63.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 117.29.8.150 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 117.29.8.150 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 47.254.234.104 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.234.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 116.99.169.105 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.99.169.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-07 | |
| IPv4 | 116.99.169.100 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.99.169.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-07 | |
| IPv4 | 45.144.115.137 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 45.144.115.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 131.186.22.215 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Seoul, South Korea (AS31898, Oracle Corporation). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events. | 2026-04-07 | |
| IPv4 | 43.160.233.150 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Singapore, Singapore (AS132203, Tencent Building, Kejizhongyi Avenue). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 7 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persi... | 2026-04-07 | |
| IPv4 | 112.78.3.208 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 112.78.3.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 124.117.193.35 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.193.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 36.106.167.131 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.106.167.131 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 87.251.64.159 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from United States (AS200730, ISAEV Igor). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 112.151.178.49 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Seocho-gu, South Korea (AS17858, LG POWERCOMM). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 13 failed login attempts, 13 credential pairs tried across 8 unique usernames, execution of 42 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, f... | 2026-04-07 | |
| IPv4 | 171.231.176.189 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 171.231.176.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 108.165.33.237 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Frankfurt am Main, Germany (AS213529, Sculk Ltd.). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 12 failed login attempts, 12 credential pairs tried across 9 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 16m 16s; 60 events. | 2026-04-07 | |
| IPv4 | 36.106.167.10 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 36.106.167.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 171.36.6.138 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.6.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 180.95.231.54 | Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 180.95.231.54 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 58.243.46.203 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.243.46.203 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 124.117.192.78 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 177.75.49.20 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 177.75.49.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.251.71.99 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.251.71.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 167.99.180.253 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 167.99.180.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-07 | |
| IPv4 | 178.128.36.105 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 178.128.36.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 106.13.72.128 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from China (AS38365, Beijing Baidu Netcom Science and Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. 1 events. | 2026-04-07 | |
| IPv4 | 82.97.17.167 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from France (AS8554, TAS France SAS). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 3 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 4m 39s; 20 events. | 2026-04-07 | |
| IPv4 | 110.177.181.201 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.181.201 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 182.119.229.176 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.229.176 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 4.153.177.63 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 4.153.177.63 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-04-07 14:40 and 2026-04-07 14:40 UTC. | 2026-04-07 | |
| IPv4 | 40.83.79.190 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 40.83.79.190 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-04-07 14:38 and 2026-04-07 14:38 UTC. | 2026-04-07 | |
| IPv4 | 118.212.122.21 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.21 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 180.95.231.56 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 72.167.224.140 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 72.167.224.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 222.176.200.55 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.55 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 92.97.227.74 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 92.97.227.74 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 122.186.168.242 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 122.186.168.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 116.178.130.137 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (116.178.130.137) is a low-to-medium sophistication commodity attacker likely operating from China, targeting energy sector assets via SSH brute-force attacks against honeypots like petroleum-hp-01. Observed using common credentials (e.g., 'root/admin') and automated tools, with limited impact confined to honeypot interactions. | 2026-04-07 | |
| IPv4 | 112.94.188.189 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.94.188.189 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 171.36.7.35 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 171.36.7.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-07 | |
| IPv4 | 112.94.189.254 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.94.189.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.254.213.105 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.213.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 123.245.85.243 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 123.245.85.243 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-07 | |
| IPv4 | 87.106.13.39 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 87.106.13.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 58.19.141.227 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.19.141.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 124.117.193.130 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.193.130 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 47.250.130.212 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.130.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 106.117.117.245 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.117.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 120.92.11.32 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 120.92.11.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 209.50.160.58 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 209.50.160.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 221.208.113.36 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 221.208.113.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 171.37.92.116 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.37.92.116 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-07 | |
| IPv4 | 59.52.101.184 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 59.52.101.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 219.111.221.136 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 219.111.221.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 60.13.7.92 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. This attacker IP (60.13.7.92) is likely a commodity attacker associated with China Unicom's backbone network, targeting healthcare sector systems via SSH brute-force attacks against honeypots like medtech-hp-01. The actor used basic credential patterns and command-line interface interactions, indicating low sophistication and alignment with automa... | 2026-04-07 | |
| IPv4 | 202.65.133.235 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 202.65.133.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 121.29.85.19 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.85.19 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 60.13.7.8 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (60.13.7.8) is likely a commodity attacker associated with automated scanning infrastructure targeting energy sector assets. Observed interacting with honeypot petroleum-hp-01 via SSH command sessions, leveraging common credential patterns and potentially brute-force techniques. While not highly sophisticated, the actor demon... | 2026-04-07 | |
| IPv4 | 116.99.173.137 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 116.99.173.137 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 7 times when connecting to db1lapetro between 2026-04-07 15:15 and 2026-04-07 15:31 UTC. | 2026-04-07 | |
| IPv4 | 13.89.118.191 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 13.89.118.191 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-04-07 14:58 and 2026-04-07 14:58 UTC. | 2026-04-07 | |
| IPv4 | 104.237.141.29 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Richardson, United States (AS63949, Akamai Connected Cloud) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 1s; 2 events. | 2026-04-07 | |
| IPv4 | 3.95.37.98 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 3.95.37.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 175.213.223.121 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 175.213.223.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 121.29.149.65 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.65 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 113.45.226.61 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 113.45.226.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 123.245.85.171 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (123.245.85.171) is likely a commodity attacker targeting healthcare sector devices via SSH brute-force attacks against honeypots. Observed using cowrie honeypot interactions with credential-guessing patterns, suggesting basic automation rather than advanced persistence. Limited impact confined to reconnaissance attempts on isolated h... | 2026-04-07 | |
| IPv4 | 14.135.74.185 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 175.30.48.21 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 175.30.48.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 117.251.207.161 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 117.251.207.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 80.44.222.207 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 80.44.222.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 171.8.138.225 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.8.138.225 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 182.242.169.85 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 182.242.169.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 59.52.100.225 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.52.100.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 121.229.185.160 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 121.229.185.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 58.243.46.167 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.243.46.167 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 139.135.41.37 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 139.135.41.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 124.117.192.195 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (124.117.192.195) is likely a commodity attacker targeting energy sector infrastructure, observed attempting SSH brute-force attacks against honeypot petroleum-hp-01 using default credential patterns. The low-sophistication attack aligns with automated scanning tools rather than advanced persistent threats, with limited ... | 2026-04-07 | |
| IPv4 | 18.116.239.38 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 18.116.239.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 118.212.120.33 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.120.33 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 182.119.227.234 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.227.234 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 115.190.242.203 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 115.190.242.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 219.139.151.55 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 219.139.151.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, hacking). | 2026-04-07 | |
| IPv4 | 20.61.127.50 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Amsterdam, The Netherlands (AS8075, Microsoft Corporation). Observed targeting energy sector honeypot petroleum-hp-01 via adbhoney. duration: 1m 41s; 4 events. | 2026-04-07 | |
| IPv4 | 221.207.35.85 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 221.207.35.85 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 108.30.222.203 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 108.30.222.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 182.138.158.56 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 182.138.158.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 95.214.53.42 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. Attacker IP from Poland (AS201814, MEVSPACE sp. z o.o.). Observed targeting healthcare sector honeypot medtech-hp-01 via tanner. 1 events. | 2026-04-07 | |
| IPv4 | 47.91.79.196 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.91.79.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 165.232.167.235 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 165.232.167.235 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to mdms1 between 2026-04-07 16:13 and 2026-04-07 16:55 UTC. | 2026-04-07 | |
| IPv4 | 59.173.110.24 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.24 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 1.83.125.148 | Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (1.83.125.148) is likely a commodity attacker node targeting energy sector SSH services, observed attempting brute-force access to honeypot petroleum-hp-01 using common credentials. The actor executed basic command-line interface interactions and deployed a known communicating malware sample, indicating low sophistication but focused on ... | 2026-04-07 | |
| IPv4 | 47.250.127.108 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.127.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 58.212.237.86 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.212.237.86 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level3); AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 1.85.216.36 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 1.85.216.36 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 114.97.191.163 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 118.212.120.153 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.120.153 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 124.117.192.129 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 20.251.32.17 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.251.32.17 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 86 times when connecting to mdms1 between 2026-04-07 18:02 and 2026-04-07 18:02 UTC. | 2026-04-07 | |
| IPv4 | 59.173.111.219 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.219 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-07 | |
| IPv4 | 118.212.122.121 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 118.212.120.239 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.120.239 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 183.232.212.193 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 183.232.212.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 101.249.61.51 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.61.51 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level4). | 2026-04-07 | |
| IPv4 | 116.178.129.138 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 181.78.79.21 | Score: 50/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 181.78.79.21 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 27.47.24.197 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.197 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 94.243.10.31 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 94.243.10.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 223.71.254.162 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 223.71.254.162 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 2 times when connecting to db4lamedtech between 2026-04-07 17:11 and 2026-04-07 17:11 UTC. | 2026-04-07 | |
| IPv4 | 185.233.83.180 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 185.233.83.180 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to offbackup1 between 2026-04-07 17:03 and 2026-04-07 17:47 UTC. | 2026-04-07 | |
| IPv4 | 75.133.212.224 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 75.133.212.224 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db4lamedtech between 2026-04-07 17:01 and 2026-04-07 17:02 UTC. | 2026-04-07 | |
| IPv4 | 180.95.231.55 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 180.95.238.80 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 180.95.238.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 114.97.191.251 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.251 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 47.250.95.62 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.95.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 118.212.123.55 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.123.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 36.212.132.184 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 36.212.132.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 1.83.125.230 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 180.95.238.48 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.48 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 14.103.115.54 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from China (AS4811, China Telecom Group). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. 1 events. | 2026-04-07 | |
| IPv4 | 47.245.96.96 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.245.96.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 220.167.232.41 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 116.178.131.13 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.250.55.210 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.250.55.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 222.94.32.60 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.94.32.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 8.219.126.236 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.219.126.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 178.128.170.91 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 178.128.170.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 223.166.22.13 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 223.166.22.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 58.243.47.64 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.47.64 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 222.95.168.124 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 222.95.168.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 27.47.27.136 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.27.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 220.167.232.52 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.52 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 18.97.5.95 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 18.97.5.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 193.163.125.123 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.163.125.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 124.11.64.42 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 124.11.64.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 123.145.39.98 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.145.39.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 222.155.10.122 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 222.155.10.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 170.64.239.169 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 170.64.239.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 139.59.74.206 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 139.59.74.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 220.167.233.82 | Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.233.82 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 27.47.27.36 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.27.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 36.106.166.118 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.118 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 221.207.35.81 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 221.207.35.81 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 138.94.234.120 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 138.94.234.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 180.95.231.84 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.84 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 58.212.237.124 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 114.97.191.117 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 101.249.62.224 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 101.249.62.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 164.90.186.55 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Frankfurt am Main, Germany (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. 2 events. | 2026-04-07 | |
| IPv4 | 91.92.242.3 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 91.92.242.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 47.251.20.29 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.20.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 221.207.34.119 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.119 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 121.29.149.99 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 112.46.212.38 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.212.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.250.112.250 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.250.112.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 59.173.109.96 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 36.106.166.224 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.224 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 221.208.113.125 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 221.208.113.125 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 59.173.108.113 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 59.173.108.113 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 139.59.40.35 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 139.59.40.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 58.19.76.139 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.19.76.139 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 221.207.35.71 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.71 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 47.251.189.38 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.189.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 116.178.128.20 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.178.128.20 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 27.47.27.85 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.27.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 41.82.64.42 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata | 2026-04-07 | |
| IPv4 | 59.173.109.82 | Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.109.82 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported). | 2026-04-07 | |
| IPv4 | 121.29.84.11 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 193.69.236.78 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 193.69.236.78 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 114.32.243.202 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 114.32.243.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 116.178.130.55 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.55 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 112.46.213.167 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 112.46.213.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 221.207.35.215 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 124.117.192.19 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 142.93.216.114 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 142.93.216.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 38.252.170.10 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 38.252.170.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 47.251.119.40 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.119.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 123.145.38.5 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.145.38.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 144.123.76.249 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 144.123.76.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 8.209.115.54 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 8.209.115.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 27.47.25.182 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.25.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 1.83.125.70 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.70 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 27.47.24.208 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 60.13.7.96 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.96 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 159.89.8.6 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 159.89.8.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.251.84.218 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.84.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 123.178.210.150 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 123.178.210.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 222.94.32.79 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Nanjing, China (AS4134, Chinanet). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 47.254.202.197 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.202.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 86.38.100.16 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 86.38.100.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 222.94.32.167 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 222.94.32.167 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 142.93.34.157 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 142.93.34.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, hacking). | 2026-04-07 | |
| IPv4 | 98.80.4.105 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 98.80.4.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 139.59.22.223 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bengaluru, India (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 121.29.149.70 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.70 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 51.75.24.242 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 51.75.24.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 139.212.68.246 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 139.212.68.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 114.97.191.220 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 222.94.32.170 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 222.94.32.170 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 150.255.88.168 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 150.255.88.168 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 143.110.212.110 | Score: 50/100. Labels: abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:unlisted. 143.110.212.110 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (moderate, port-scan, reported). | 2026-04-07 | |
| IPv4 | 3.149.29.253 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 3.149.29.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 104.207.43.186 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 104.207.43.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 123.245.85.9 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.85.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 180.95.238.96 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 180.95.238.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 44.208.162.44 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 44.208.162.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 65.111.3.105 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 65.111.3.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 104.207.32.109 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 104.207.32.109 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 114.97.190.49 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This attacker IP (114.97.190.49) is likely a commodity brute-forcer targeting healthcare sector systems, observed attempting SSH access against a medtech honeypot using credential stuffing techniques. The low sophistication and use of honeytrap interactions suggest automated scanning rather than advanced persistent threat activity, with potent... | 2026-04-07 | |
| IPv4 | 47.84.64.113 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 47.84.64.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 47.251.242.252 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.242.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 47.115.89.3 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 47.115.89.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 180.149.228.174 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 180.149.228.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-07 | |
| IPv4 | 60.13.7.36 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 118.212.120.30 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 118.212.120.30 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 41.210.131.212 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 41.210.131.212 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-07 | |
| IPv4 | 59.52.103.192 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.52.103.192 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 36.106.166.188 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 138.199.35.8 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 138.199.35.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 36.106.166.208 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. This attacker IP (36.106.166.208) is likely a commodity botnet node or automated scanner targeting healthcare sector SSH services, observed attempting brute-force access to honeypot medtech-hp-01 using common credentials. The low-sophistication attack pattern suggests limited persistence mechanisms and no malware deployment detected. | 2026-04-07 | |
| IPv4 | 103.26.82.193 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 103.26.82.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 112.122.236.190 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. This IP (112.122.236.190) is likely a commodity attacker node targeting healthcare sector SSH services, observed attempting brute-force access to honeypot mdms-hp-01 using common credentials like 'admin'/'password'. The actor exhibits low sophistication, relying on basic SSH scanning and credential stuffing techniques without advanced evasion, suggesting affiliat... | 2026-04-07 | |
| IPv4 | 27.47.26.132 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.26.132 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 72.61.239.93 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. 72.61.239.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 41.38.31.147 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 41.38.31.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 118.212.121.94 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-07 | |
| IPv4 | 185.177.72.9 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.177.72.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 174.114.168.200 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 174.114.168.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 118.212.122.42 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.42 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-07 | |
| IPv4 | 171.105.76.67 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 171.105.76.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.250.90.169 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.90.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 165.232.67.97 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 165.232.67.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-07 | |
| IPv4 | 58.212.237.203 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.203 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-07 | |
| IPv4 | 85.99.100.171 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 85.99.100.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 47.250.135.144 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.135.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 161.35.175.50 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 161.35.175.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 176.173.35.62 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 176.173.35.62 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 60.42.126.157 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 60.42.126.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 59.52.101.152 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 59.52.101.152 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 116.172.201.30 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.172.201.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 47.250.118.116 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.118.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 180.95.238.66 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.66 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-07 | |
| IPv4 | 151.80.133.55 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 151.80.133.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 175.107.2.11 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 175.107.2.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 116.178.128.43 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 94.243.8.255 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 94.243.8.255 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 171.8.138.160 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.8.138.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-07 | |
| IPv4 | 118.212.120.48 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 118.212.120.48 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-07 | |
| IPv4 | 103.116.52.132 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. Attacker IP from Vietnam (AS150895, EZ TECHNOLOGY COMPANY LIMITED). Observed targeting healthcare sector honeypot medtech-hp-01 via adbhoney. 1 events. | 2026-04-07 | |
| IPv4 | 104.28.203.60 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 104.28.203.60 observed using HTTP client fingerprint 'HTTP Client: Go-http-client/1.1' 41 times when connecting to db1lapetro between 2026-04-07 21:48 and 2026-04-07 21:48 UTC. | 2026-04-07 | |
| IPv4 | 150.95.112.57 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 150.95.112.57 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-04-07 21:10 and 2026-04-07 21:11 UTC. | 2026-04-07 | |
| IPv4 | 58.19.80.82 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Wuhan, China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-07 | |
| IPv4 | 170.64.165.165 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 170.64.165.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 134.199.174.251 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 134.199.174.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 50.3.85.30 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 50.3.85.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 180.177.83.26 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 180.177.83.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 209.38.21.118 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 209.38.21.118 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute). | 2026-04-07 | |
| IPv4 | 170.64.204.238 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 170.64.204.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-07 | |
| IPv4 | 157.173.103.112 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 157.173.103.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 54.211.193.79 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 54.211.193.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-07 | |
| IPv4 | 51.112.195.32 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 51.112.195.32 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-04-07 20:06 and 2026-04-07 20:06 UTC. | 2026-04-07 | |
| IPv4 | 42.118.12.47 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 42.118.12.47 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-04-07 20:05 and 2026-04-07 20:06 UTC. | 2026-04-07 | |
| IPv4 | 79.3.96.178 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 79.3.96.178 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-07 19:44 and 2026-04-07 20:23 UTC. | 2026-04-07 | |
| IPv4 | 34.174.198.163 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 34.174.198.163 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, l...' 7 times when connecting to db4lamedtech between 2026-04-07 20:30 and 2026-04-07 20:30 UTC. | 2026-04-07 | |
| IPv4 | 59.173.109.152 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 59.173.109.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-07 | |
| IPv4 | 60.13.6.165 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 60.13.6.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-07 | |
| IPv4 | 20.106.186.120 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.106.186.120 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-08 | |
| IPv4 | 121.29.149.128 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.128 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 14.135.74.161 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 154.194.251.113 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 154.194.251.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 172.59.223.52 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 172.59.223.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 113.57.185.14 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 113.57.185.14 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 125.138.19.105 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 125.138.19.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 118.212.121.184 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.184 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 158.160.205.148 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 158.160.205.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 147.135.128.94 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 147.135.128.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, hacking, moderate). | 2026-04-08 | |
| IPv4 | 47.250.95.243 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.95.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 110.177.177.133 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low. 110.177.177.133 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 116.178.130.148 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 220.250.11.215 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.11.215 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 124.117.192.20 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 220.167.233.219 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 116.178.131.242 | Score: 85/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.242 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 122.96.28.113 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 122.96.28.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 202.79.30.100 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Cambodia (AS24492, WiCAM Corporation Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 6 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 15m 57s; 50 events. | 2026-04-08 | |
| IPv4 | 140.246.111.144 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 140.246.111.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute). | 2026-04-08 | |
| IPv4 | 139.59.86.165 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bengaluru, India (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 110.177.183.65 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.183.65 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-08 | |
| IPv4 | 159.65.156.156 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 159.65.156.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, port-scan). | 2026-04-08 | |
| IPv4 | 47.254.247.11 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.247.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 46.146.234.12 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 46.146.234.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 116.178.131.137 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.178.131.137 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 222.94.32.80 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 222.94.32.80 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 43.130.60.150 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 43.130.60.150 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 5 times when connecting to db1lapetro between 2026-04-07 22:31 and 2026-04-07 22:38 UTC. | 2026-04-08 | |
| IPv4 | 155.133.7.29 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 155.133.7.29 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-04-07 22:27 and 2026-04-07 22:27 UTC. | 2026-04-08 | |
| IPv4 | 160.119.76.12 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Seychelles (AS49870, Alsycon B.V.). Observed targeting healthcare sector honeypot mdms-hp-01 via sentrypeer. 1 events. | 2026-04-08 | |
| IPv4 | 92.205.23.128 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 92.205.23.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 106.4.161.36 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.4.161.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 183.232.212.196 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 183.232.212.196 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 142.202.188.211 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 142.202.188.211 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 59.173.111.43 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 59.173.111.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-08 | |
| IPv4 | 1.20.150.18 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.20.150.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 173.239.214.70 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 173.239.214.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 120.48.135.189 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 120.48.135.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 182.119.227.119 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.227.119 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 47.251.65.123 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.65.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 108.29.207.125 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 108.29.207.125 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 1.24.16.110 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 1.24.16.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-08 | |
| IPv4 | 220.167.233.195 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 110.177.181.175 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 110.177.181.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 59.52.103.100 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.52.103.100 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 185.177.72.58 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.177.72.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 185.177.72.29 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.177.72.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 136.112.32.76 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 136.112.32.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-08 | |
| IPv4 | 222.112.46.78 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Dongjak-gu, South Korea (AS4766, Korea Telecom). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. 1 events. | 2026-04-08 | |
| IPv4 | 221.207.34.225 | Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.34.225 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 112.94.188.35 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 112.94.188.35 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 172.110.223.63 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 172.110.223.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 94.199.111.82 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Russia (AS8595, OOO WestCall Ltd.). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 12 failed login attempts, 12 credential pairs tried across 6 unique usernames, execution of 42 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, firewa... | 2026-04-08 | |
| IPv4 | 222.176.201.216 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.216 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 124.29.224.0 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 124.29.224.0 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 69.48.204.173 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from United States (AS8560, IONOS SE). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 1s; 5 events. | 2026-04-08 | |
| IPv4 | 178.154.236.131 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 178.154.236.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, iot-targeted, low). | 2026-04-08 | |
| IPv4 | 178.154.236.163 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 178.154.236.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, iot-targeted, low). | 2026-04-08 | |
| IPv4 | 116.178.131.203 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.203 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 167.86.96.161 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 167.86.96.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 123.14.120.231 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.14.120.231 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 118.212.121.208 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.121.208 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-08 | |
| IPv4 | 112.122.236.39 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.122.236.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 116.178.129.89 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 27.47.26.137 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.26.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 18.97.26.17 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 18.97.26.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 38.250.187.140 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP 38.250.187.140 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to mdms1 between 2026-04-08 00:04 and 2026-04-08 00:06 UTC. | 2026-04-08 | |
| IPv4 | 139.59.11.162 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bengaluru, India (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 171.105.76.7 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 171.105.76.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 121.29.85.199 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.85.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 188.166.35.4 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 188.166.35.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 47.250.89.14 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.89.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 94.243.15.98 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 94.243.15.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 64.227.143.210 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 64.227.143.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 182.119.228.151 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.228.151 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 183.207.45.115 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 183.207.45.115 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 123.245.84.230 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 123.245.84.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-08 | |
| IPv4 | 185.194.199.33 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Tajikistan (AS215814, Sinamo 2017 LLC). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 3 unique usernames, execution of 18 commands (SSH key persistence, password changes, system reconnaissance), delivery of 14 malware samples. SS... | 2026-04-08 | |
| IPv4 | 47.88.17.203 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.88.17.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 20.214.145.16 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Seoul, South Korea (AS8075, Microsoft Corporation). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events. | 2026-04-08 | |
| IPv4 | 101.249.61.54 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. This IP (101.249.61.54) is likely a commodity attacker node targeting energy sector infrastructure via SSH brute-force attacks against honeypots. Observed using common credentials ('admin', 'root') and basic command-line tools, indicating low sophistication. Limited impact to date, with no confirmed exploitation beyond honeytrap interactions. | 2026-04-08 | |
| IPv4 | 78.94.226.221 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 78.94.226.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 159.89.168.223 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.89.168.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 122.247.15.221 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 122.247.15.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 71.225.238.42 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 71.225.238.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 206.135.174.23 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 206.135.174.23 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-08 | |
| IPv4 | 222.176.200.236 | Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.236 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 222.94.32.139 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.94.32.139 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 185.177.72.5 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. Attacker IP 185.177.72.5 observed using HTTP client fingerprint 'HTTP Client: curl/8.7.1' 4 times when connecting to mdms1 between 2026-04-08 00:55 and 2026-04-08 00:55 UTC. | 2026-04-08 | |
| IPv4 | 111.10.246.236 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 111.10.246.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 112.122.237.36 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.122.237.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 42.48.38.56 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 42.48.38.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 180.111.30.136 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 180.111.30.136 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 209.99.189.86 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 209.99.189.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 117.62.235.154 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 117.62.235.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 209.99.184.95 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 209.99.184.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 47.251.70.209 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.70.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 115.191.27.59 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 115.191.27.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 101.237.36.2 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 101.237.36.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 209.99.187.91 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 209.99.187.91 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan). | 2026-04-08 | |
| IPv4 | 87.106.88.229 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.106.88.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 59.173.110.255 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.255 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 89.161.26.204 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 89.161.26.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 60.13.7.137 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 116.178.130.177 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.130.177 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 110.177.183.97 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.183.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 158.94.209.109 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 158.94.209.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 139.212.68.77 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 139.212.68.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 110.177.177.27 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.177.27 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 59.52.103.184 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 59.52.103.184 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 116.178.130.56 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.56 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 45.144.115.194 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 45.144.115.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-08 | |
| IPv4 | 58.19.142.46 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.19.142.46 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 116.178.128.244 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.244 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 164.90.180.189 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 164.90.180.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 118.114.15.36 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 118.114.15.36 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute). | 2026-04-08 | |
| IPv4 | 18.97.5.116 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 18.97.5.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 47.251.51.133 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.51.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 27.47.27.241 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.27.241 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 123.178.210.76 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 123.178.210.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 139.59.24.165 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 139.59.24.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 180.95.238.78 | Score: 60/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.78 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 106.117.117.86 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.117.86 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 40.85.219.177 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 40.85.219.177 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 141 times when connecting to db4lamedtech between 2026-04-08 01:24 and 2026-04-08 01:24 UTC. | 2026-04-08 | |
| IPv4 | 123.245.84.192 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 27.47.26.224 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.26.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 124.117.193.89 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.193.89 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 104.37.191.3 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 104.37.191.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 66.167.169.137 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 66.167.169.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 97.93.152.80 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 97.93.152.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 118.212.123.186 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 118.212.123.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-08 | |
| IPv4 | 196.206.225.151 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 196.206.225.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 118.212.122.196 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 209.126.3.224 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 209.126.3.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 106.117.110.108 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 106.117.110.108 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 116.178.128.231 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 151.21.92.112 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 151.21.92.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 47.250.55.156 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.55.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 141.98.11.194 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata | 2026-04-08 | |
| IPv4 | 222.176.200.222 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 193.188.123.12 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 193.188.123.12 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 114.97.191.230 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 144.48.8.86 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 144.48.8.86 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 27.47.26.85 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.26.85 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 5.42.41.225 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 5.42.41.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 47.102.100.45 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 47.102.100.45 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 144.123.77.75 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.77.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 42.48.38.126 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 42.48.38.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-08 | |
| IPv4 | 123.160.232.224 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.160.232.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 115.190.190.187 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 115.190.190.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking). | 2026-04-08 | |
| IPv4 | 85.105.16.232 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 85.105.16.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 49.158.4.12 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 49.158.4.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 60.16.205.220 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 60.16.205.220 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 121.29.85.178 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.85.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 14.1.105.81 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 14.1.105.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 176.65.148.51 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from Eygelshoven, The Netherlands (AS51396, Pfcloud UG (haftungsbeschrankt)) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 180.111.30.17 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 180.111.30.17 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 175.137.165.225 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 175.137.165.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 220.197.78.252 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.197.78.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-08 | |
| IPv4 | 153.0.125.59 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 153.0.125.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 59.173.111.165 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.111.165 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 36.106.167.94 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 121.29.149.135 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 128.0.134.130 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Moscow, Russia (AS25513, PJSC Moscow city telephone network). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 3m 54s; 10 events. | 2026-04-08 | |
| IPv4 | 185.225.41.192 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Damascus, Syria (AS29256, Syrian Telecommunication Private Closed Joint Stock Company). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events. | 2026-04-08 | |
| IPv4 | 58.212.237.157 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.157 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 221.208.113.232 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 221.208.113.232 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 196.188.187.42 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Addis Ababa, Ethiopia (AS24757, Ethiopian Telecommunication Corporation). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2m 23s; 10 events. | 2026-04-08 | |
| IPv4 | 221.208.113.196 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 221.208.113.196 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 45.249.247.126 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 45.249.247.126 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to mdms1 between 2026-04-08 02:26 and 2026-04-08 03:09 UTC. | 2026-04-08 | |
| IPv4 | 101.68.47.68 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 101.68.47.68 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 220.167.233.136 | Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.233.136 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 36.106.167.51 | Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 36.106.167.51 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-08 | |
| IPv4 | 99.184.194.220 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 99.184.194.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 157.230.159.51 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 157.230.159.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, reported). | 2026-04-08 | |
| IPv4 | 84.239.31.141 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 84.239.31.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high). | 2026-04-08 | |
| IPv4 | 223.4.15.136 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 223.4.15.136 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 3 command sessions (11 commands), 3 malware samples. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 185.247.137.31 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 1.92.93.190 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 1.92.93.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high). | 2026-04-08 | |
| IPv4 | 110.177.180.12 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.180.12 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 116.178.131.237 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 180.95.231.68 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 14.135.75.15 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 14.135.75.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 211.72.129.212 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 211.72.129.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 47.250.161.218 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.161.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 1.83.125.112 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.83.125.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 118.163.132.211 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Taipei, Taiwan (AS3462, Data Communication Business Group). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 58s; 10 events. | 2026-04-08 | |
| IPv4 | 113.200.72.202 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 113.200.72.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 59.173.110.51 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 59.173.109.240 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.240 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 116.178.130.125 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. This attacker IP is likely a commodity botnet node targeting healthcare infrastructure via brute-force SSH attacks. Observed interacting with honeypot mdms-hp-01 using SSH/Telnet protocols, potentially attempting default credential exploitation (e.g., 'admin'/'password'). Low to moderate sophistication with no advanced evasion techniques detected. | 2026-04-08 | |
| IPv4 | 213.55.85.179 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 213.55.85.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 73.212.241.237 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 73.212.241.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 222.94.32.73 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.94.32.73 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-08 | |
| IPv4 | 121.29.149.145 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking). | 2026-04-08 | |
| IPv4 | 185.250.37.153 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.250.37.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 2 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 185.177.72.24 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.177.72.24 observed using HTTP client fingerprint 'HTTP Client: curl/8.7.1' 26 times when connecting to mdms1 between 2026-04-08 03:26 and 2026-04-08 03:45 UTC. | 2026-04-08 | |
| IPv4 | 185.177.72.11 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.177.72.11 observed using HTTP client fingerprint 'HTTP Client: curl/8.7.1' 20 times when connecting to mdms1 between 2026-04-08 03:25 and 2026-04-08 03:39 UTC. | 2026-04-08 | |
| IPv4 | 185.177.72.70 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.177.72.70 observed using HTTP client fingerprint 'HTTP Client: curl/8.7.1' 26 times when connecting to mdms1 between 2026-04-08 03:25 and 2026-04-08 03:44 UTC. | 2026-04-08 | |
| IPv4 | 149.88.85.208 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 149.88.85.208 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to db1lapetro between 2026-04-08 02:59 and 2026-04-08 03:41 UTC. | 2026-04-08 | |
| IPv4 | 123.145.38.21 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 158.173.25.117 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 158.173.25.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 221.204.53.170 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 221.204.53.170 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 171.37.93.101 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.37.93.101 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, ftp-brute, hacking). | 2026-04-08 | |
| IPv4 | 116.178.130.245 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.178.130.245 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 62.210.198.200 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 62.210.198.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 47.88.10.250 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.88.10.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 202.112.238.56 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 202.112.238.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 27.47.26.94 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. This attacker IP from Guangzhou, China, likely represents a commodity botnet node targeting energy sector infrastructure. Observed attempting SSH brute-force attacks against honeypot petroleum-hp-01 using common credentials like 'admin' and 'root', indicative of low-sophistication automated scanning. Limited impact confined to honeypot interactions ... | 2026-04-08 | |
| IPv4 | 47.251.184.127 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.184.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 101.126.20.199 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan, abuseipdb:reported. 101.126.20.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, hacking). | 2026-04-08 | |
| IPv4 | 113.206.129.249 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 113.206.129.249 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 118.212.123.194 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 118.212.123.194 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 171.36.7.82 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.36.7.82 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 103.244.172.9 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. Attacker IP from Karachi, Pakistan (AS9541, Cyber Internet Services Pvt Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. duration: 3m 40s; 35 events. | 2026-04-08 | |
| IPv4 | 171.36.6.203 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.6.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 110.177.178.122 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.178.122 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 47.237.194.15 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.194.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 47.251.118.213 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.118.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 221.207.35.143 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 65.49.20.107 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 65.49.20.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 116.178.131.82 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.178.131.82 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 36.106.167.149 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 110.177.179.208 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.179.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 116.178.129.54 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 8.222.188.255 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 8.222.188.255 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 58.19.142.116 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.19.142.116 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-08 | |
| IPv4 | 41.83.201.24 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Dakar, Senegal (AS8346, SONATEL SONATEL-AS Autonomous System). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events. | 2026-04-08 | |
| IPv4 | 175.6.109.238 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 175.6.109.238 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 3 times when connecting to db1lapetro between 2026-04-08 04:43 and 2026-04-08 05:04 UTC. | 2026-04-08 | |
| IPv4 | 118.163.132.212 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 118.163.132.212 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 5 times when connecting to mdms1 between 2026-04-08 04:41 and 2026-04-08 04:52 UTC. | 2026-04-08 | |
| IPv4 | 211.72.129.211 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 211.72.129.211 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 10 times when connecting to mdms1 between 2026-04-08 04:35 and 2026-04-08 04:53 UTC. | 2026-04-08 | |
| IPv4 | 154.124.47.38 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 154.124.47.38 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 4 times when connecting to mdms1 between 2026-04-08 04:32 and 2026-04-08 04:46 UTC. | 2026-04-08 | |
| IPv4 | 47.245.139.86 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.139.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 222.223.62.8 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Tianjin, China (AS4134, Chinanet). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. duration: 3s; 2 events. | 2026-04-08 | |
| IPv4 | 144.123.76.174 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 144.123.76.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 180.95.231.154 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.95.231.154 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 114.97.191.185 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.191.185 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 116.178.131.223 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (116.178.131.223) is likely a commodity attacker node targeting healthcare sector infrastructure via SSH brute-force attacks against honeypots. Observed using honeytrap mdms-hp-01 with credential patterns suggesting automated scanning tools, indicative of low-to-moderate sophistication. No confirmed malware or data exfiltration detect... | 2026-04-08 | |
| IPv4 | 217.160.64.171 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 217.160.64.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 216.218.206.90 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 216.218.206.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 118.196.39.255 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 118.196.39.255 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-08 | |
| IPv4 | 44.220.188.12 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 44.220.188.12 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 104.248.132.50 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 104.248.132.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 59.52.103.104 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.52.103.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 60.16.222.119 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 60.16.222.119 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 121.237.10.220 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 121.237.10.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute). | 2026-04-08 | |
| IPv4 | 59.173.111.246 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.246 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-08 | |
| IPv4 | 47.251.169.81 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.251.169.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 27.47.25.10 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.25.10 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 60.13.7.250 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.250 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 59.173.111.84 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.111.84 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 118.212.120.6 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 118.212.120.6 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 123.160.235.245 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.160.235.245 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 60.16.214.178 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 60.16.214.178 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 47.86.250.191 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 47.86.250.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-08 | |
| IPv4 | 148.153.56.62 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 148.153.56.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 79.45.101.239 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Rome, Italy (AS3269, TIM). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 1m 43s; 10 events. | 2026-04-08 | |
| IPv4 | 45.169.128.70 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Juiz de Fora, Brazil (AS268114, THM Tecnologia Net Ltda). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 3 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 9m 23s; 30 events. | 2026-04-08 | |
| IPv4 | 85.198.108.147 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Russia (AS48282, Hosting technology LTD) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 4m 29s; 10 events. | 2026-04-08 | |
| IPv4 | 84.18.139.134 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 84.18.139.134 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to offbackup1 between 2026-04-08 05:37 and 2026-04-08 06:17 UTC. | 2026-04-08 | |
| IPv4 | 103.30.40.198 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.30.40.198 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to db1lapetro between 2026-04-08 04:48 and 2026-04-08 05:27 UTC. | 2026-04-08 | |
| IPv4 | 187.62.192.99 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 187.62.192.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 121.37.97.147 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 121.37.97.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 59.126.237.20 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 59.126.237.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 220.167.232.89 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 116.178.131.108 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.108 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 89.23.97.106 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 89.23.97.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 116.178.130.16 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.16 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 220.167.232.250 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (220.167.232.250) is likely a commodity attacker node associated with automated SSH brute-force campaigns targeting healthcare sector devices. Observed interacting with honeypot mdms-hp-01 via honeytrap, attempting default credentials like 'admin'/'password' and using basic command-line interface techniques. The attack pattern suggests low-... | 2026-04-08 | |
| IPv4 | 110.177.180.204 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.180.204 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 180.95.238.72 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.72 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 174.129.205.0 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 174.129.205.0 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 194.187.179.206 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 89.117.41.196 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 89.117.41.196 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 59.173.110.249 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.110.249 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 185.136.151.235 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.136.151.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 112.102.227.101 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.102.227.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 123.245.85.3 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. This IP (123.245.85.3) is likely a commodity attacker using automated tools to probe healthcare sector systems via SSH brute-force attacks, observed interacting with the cowrie honeypot mdms-hp-01. The low-sophistication approach suggests targeting weak credentials or misconfigured SSH services, with limited impact confined to honeypot engagem... | 2026-04-08 | |
| IPv4 | 116.178.129.223 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.178.129.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 59.173.111.40 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.111.40 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 60.13.7.15 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 60.13.7.15 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 58.243.47.223 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.47.223 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 124.117.192.86 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.192.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-08 | |
| IPv4 | 66.132.172.226 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.172.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 47.251.244.32 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.244.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 193.24.211.95 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Germany (AS215929, Data Campus Limited). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh2_1.11.0 (HASSH: 14b2ddda386a...); duration: 1s; 7 events. | 2026-04-08 | |
| IPv4 | 47.88.94.171 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.88.94.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 59.52.101.155 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.52.101.155 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 18.97.26.19 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 18.97.26.19 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 164.92.132.222 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 164.92.132.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 8.139.5.212 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. Attacker IP 8.139.5.212 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 54 times when connecting to db4lamedtech between 2026-04-08 07:15 and 2026-04-08 07:15 UTC. | 2026-04-08 | |
| IPv4 | 145.239.69.40 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 145.239.69.40 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 9 times when connecting to db1lapetro between 2026-04-08 06:28 and 2026-04-08 06:28 UTC. | 2026-04-08 | |
| IPv4 | 41.82.63.128 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 41.82.63.128 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to mdms1 between 2026-04-08 05:52 and 2026-04-08 06:32 UTC. | 2026-04-08 | |
| IPv4 | 47.250.136.75 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.136.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 65.49.20.81 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 65.49.20.81 classified as scanning infrastructure conducting network reconnaissance (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (critical, ddos, reported). | 2026-04-08 | |
| IPv4 | 112.122.237.214 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 112.122.237.214 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 164.92.80.127 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 164.92.80.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 110.36.80.166 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 110.36.80.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 112.122.236.181 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 112.122.236.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 23.234.74.45 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 23.234.74.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-08 | |
| IPv4 | 146.70.168.253 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 146.70.168.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-08 | |
| IPv4 | 27.47.27.78 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.27.78 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 59.173.110.59 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 116.178.129.250 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.250 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 222.176.201.100 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 59.173.110.96 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 66.240.236.109 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from United States (AS10439, CariNet, Inc.). Observed targeting healthcare sector honeypot mdms-hp-01 via dionaea. 1 events. | 2026-04-08 | |
| IPv4 | 92.62.120.102 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 92.62.120.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 59.173.108.89 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.89 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 103.233.24.205 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.233.24.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 47.250.160.88 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.160.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 59.173.109.166 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.166 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 1.193.63.175 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 1.193.63.175 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 47.254.195.238 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.195.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 171.37.47.83 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.37.47.83 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 123.245.85.7 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-08 | |
| IPv4 | 47.250.11.146 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.11.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 116.178.130.25 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 171.231.197.53 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Da Nang, Vietnam (AS7552, Viettel Group). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 2s; 5 events. | 2026-04-08 | |
| IPv4 | 171.231.194.119 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 171.231.194.119 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 7 times when connecting to db4lamedtech between 2026-04-08 07:54 and 2026-04-08 08:30 UTC. | 2026-04-08 | |
| IPv4 | 116.178.131.64 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.64 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 222.94.32.166 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.94.32.166 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 36.106.166.73 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 59.173.108.231 | Score: 85/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.231 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 220.167.232.240 | Score: 70/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 220.167.232.240 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported). | 2026-04-08 | |
| IPv4 | 59.173.111.161 | Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.161 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 180.95.231.137 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 116.178.131.45 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 220.167.232.72 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (220.167.232.72) is likely a commodity attacker node originating from China, targeting healthcare sector devices via SSH brute-force attacks against honeypots. Observed using basic credential patterns ('ssh username@target') and leveraging Qinghai Telecom infrastructure, indicating low sophistication but potential integration with lar... | 2026-04-08 | |
| IPv4 | 164.92.181.71 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 164.92.181.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 104.207.39.176 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported. 104.207.39.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level4); AbuseIPDB (brute-force, ddos, hacking). | 2026-04-08 | |
| IPv4 | 213.35.128.24 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Tallinn, Estonia (AS3249, Telia Eesti AS). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 7 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 15m 36s; 50 events. | 2026-04-08 | |
| IPv4 | 101.249.61.136 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 101.249.61.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 102.207.60.150 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 102.207.60.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 223.123.73.218 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 223.123.73.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 218.255.65.12 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 218.255.65.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 5.130.230.129 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 5.130.230.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 185.156.46.149 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Ashburn, United States (AS212238, Datacamp Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via ciscoasa. 3 events. | 2026-04-08 | |
| IPv4 | 222.73.51.249 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from China (AS4811, China Telecom Group). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. 1 events. | 2026-04-08 | |
| IPv4 | 112.122.236.54 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from China (AS140726, UNICOM AnHui province network). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 180.95.238.128 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.128 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 175.107.211.60 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP from Lahore, Pakistan (AS9541, Cyber Internet Services Pvt Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. duration: 40s; 7 events. | 2026-04-08 | |
| IPv4 | 47.84.143.228 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.143.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 204.44.119.62 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 204.44.119.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 122.97.214.153 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 122.97.214.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 119.73.207.206 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 119.73.207.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 112.122.236.115 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.122.236.115 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-08 | |
| IPv4 | 58.153.33.13 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 58.153.33.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 122.96.28.59 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 122.96.28.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 44.220.185.31 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. This attacker IP (44.220.185.31) is likely a commodity botnet node targeting energy sector infrastructure via SSH/Telnet brute-force attacks. Observed interacting with a honeypot (petroleum-hp-01) using Cowrie, executing 7 events in 6 seconds, suggesting automated scanning for weak credentials. Limited sophistication indicated by lack of persi... | 2026-04-08 | |
| IPv4 | 23.234.69.30 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from Denver, United States (AS11878, tzulo, inc.). Observed targeting energy sector honeypot petroleum-hp-01 via ciscoasa. duration: 7s; 3 events. | 2026-04-08 | |
| IPv4 | 37.19.210.30 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 37.19.210.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 37.19.221.147 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 37.19.221.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 45.134.142.216 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 45.134.142.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 124.117.193.90 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.193.90 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 185.247.137.69 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 36.106.167.110 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 36.106.167.110 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 64.227.41.39 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 64.227.41.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 142.93.115.5 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 142.93.115.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 68.235.46.26 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 68.235.46.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 114.97.190.231 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.231 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 221.207.35.56 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.35.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 117.40.114.53 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 117.40.114.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 58.249.130.154 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 58.249.130.154 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 59.53.166.240 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.53.166.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 66.167.166.153 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.167.166.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 106.117.111.108 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.117.111.108 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 164.90.220.178 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 164.90.220.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 4.149.168.134 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 4.149.168.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 117.40.113.227 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.40.113.227 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 116.178.130.207 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.207 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 47.254.95.84 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. duration: 22s; 3 events. | 2026-04-08 | |
| IPv4 | 180.95.238.252 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 114.97.191.215 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (114.97.191.215) is likely a botnet node or automated scanner originating from China, targeting healthcare sector systems via SSH brute-force attacks against honeypots like mdms-hp-01. The attacker used credential stuffing techniques and deployed at least one known communicating malware sample, indicating potential data exfiltration i... | 2026-04-08 | |
| IPv4 | 117.40.113.133 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.40.113.133 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 183.131.107.184 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 183.131.107.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 87.251.64.150 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS200730, ISAEV Igor). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 27.47.24.221 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.24.221 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 220.167.233.46 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 194.187.179.59 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 8.211.19.250 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.211.19.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 59.52.101.242 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.52.101.242 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-08 | |
| IPv4 | 124.117.193.60 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.193.60 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 139.59.145.254 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 139.59.145.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 68.235.46.58 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Chicago, United States (AS11878, tzulo, inc.). Observed targeting healthcare sector honeypot mdms-hp-01 via ciscoasa. duration: 8s; 3 events. | 2026-04-08 | |
| IPv4 | 45.86.202.38 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 45.86.202.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 87.236.176.246 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 87.236.176.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 221.207.35.119 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.35.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high). | 2026-04-08 | |
| IPv4 | 182.242.169.79 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.242.169.79 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 118.212.123.187 | Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 118.212.123.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 118.212.123.116 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.123.116 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 116.178.130.95 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 116.178.130.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 118.212.122.222 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.222 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 60.13.7.119 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.119 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 114.97.191.86 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.191.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 222.176.201.171 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.171 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-08 | |
| IPv4 | 116.178.128.47 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 116.178.128.47 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 58.212.237.94 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 144.123.77.81 | Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 144.123.77.81 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 167.71.175.236 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 167.71.175.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 124.227.31.97 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 124.227.31.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 217.182.194.16 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 217.182.194.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, ddos, hacking). | 2026-04-08 | |
| IPv4 | 92.46.38.226 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Almaty, Kazakhstan (AS9198, JSC Kazakhtelecom). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 9 failed login attempts, 9 credential pairs tried across 7 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 13m 59s; 45 events. | 2026-04-08 | |
| IPv4 | 23.234.71.156 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Denver, United States (AS11878, tzulo, inc.). Observed targeting energy sector honeypot petroleum-hp-01 via ciscoasa. duration: 8s; 3 events. | 2026-04-08 | |
| IPv4 | 4.245.49.102 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 4.245.49.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 62.12.26.91 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 62.12.26.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 118.212.123.129 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.123.129 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 175.107.213.147 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 175.107.213.147 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 159.89.127.165 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 159.89.127.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 112.94.189.136 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.94.189.136 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 144.123.76.215 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.76.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 139.212.68.158 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 139.212.68.158 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-08 | |
| IPv4 | 222.176.201.226 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 68.183.87.132 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 68.183.87.132 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-04-08 10:27 and 2026-04-08 10:27 UTC. | 2026-04-08 | |
| IPv4 | 51.91.242.106 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 51.91.242.106 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to db4lamedtech between 2026-04-08 10:26 and 2026-04-08 10:26 UTC. | 2026-04-08 | |
| IPv4 | 116.178.130.152 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.152 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 116.178.130.68 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 114.97.190.160 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.160 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 147.135.213.27 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 147.135.213.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 112.46.212.195 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.212.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 180.95.231.131 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 106.75.224.96 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 106.75.224.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-08 | |
| IPv4 | 175.30.48.214 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 175.30.48.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 206.81.24.227 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 206.81.24.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 47.251.64.123 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 47.251.64.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 67.205.174.130 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 67.205.174.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 27.47.26.53 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.26.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 180.95.231.96 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 221.207.35.11 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.11 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 116.178.130.247 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 47.84.103.215 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.103.215 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-08 | |
| IPv4 | 171.12.10.37 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 171.12.10.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 223.190.228.99 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 223.190.228.99 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted). | 2026-04-08 | |
| IPv4 | 38.135.25.141 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 38.135.25.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, ddos, hacking). | 2026-04-08 | |
| IPv4 | 192.42.116.145 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 192.42.116.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 171.36.7.168 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.36.7.168 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 123.245.85.197 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.85.197 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 36.106.166.116 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 36.106.166.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 60.13.6.227 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.227 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 144.123.77.202 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 144.123.77.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 47.250.84.254 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.84.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 110.177.181.45 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 110.177.181.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 171.12.10.180 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.12.10.180 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 144.123.76.155 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 144.123.76.155 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 106.4.161.129 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 106.4.161.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 171.37.93.163 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.37.93.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 58.19.143.45 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.19.143.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 51.68.111.202 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 51.68.111.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 4.232.91.230 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 4.232.91.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 68.235.46.27 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Chicago, United States (AS11878, tzulo, inc.). Observed targeting healthcare sector honeypot mdms-hp-01 via ciscoasa. duration: 4s; 3 events. | 2026-04-08 | |
| IPv4 | 84.8.96.180 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Riyadh, Saudi Arabia (AS31898, Oracle Corporation). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: d27c75dad3e9...); duration: 7s; 12 events. | 2026-04-08 | |
| IPv4 | 123.163.114.134 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4134, Chinanet). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 159.89.234.184 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 192.36.198.147 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 192.36.198.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 192.36.166.94 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 192.36.166.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 193.181.41.21 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 193.181.41.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 86.21.81.138 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 86.21.81.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 45.153.34.120 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.153.34.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 18.97.26.21 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 18.97.26.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking). | 2026-04-08 | |
| IPv4 | 68.183.216.31 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 68.183.216.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 202.131.233.35 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 202.131.233.35 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 189.8.5.118 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 189.8.5.118 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 144.172.65.152 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. Attacker IP from United States (AS14956, RouterHosting LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via sentrypeer. 1 events. | 2026-04-08 | |
| IPv4 | 103.59.163.132 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.59.163.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 182.119.227.125 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 182.119.227.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 18.97.19.130 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Low-risk IP likely associated with automated scanning activity targeting healthcare sector SSH services. Observed brief interaction with honeypot medtech-hp-01 using standard SSH protocols, with no evidence of credential compromise or malware deployment. The attacker's limited engagement (5s/5 events) and alignment with Amazon AS14618 su... | 2026-04-08 | |
| IPv4 | 18.97.19.200 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 18.97.19.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-08 | |
| IPv4 | 59.173.111.149 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.149 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 36.106.166.127 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (36.106.166.127) is likely a commodity attacker targeting healthcare sector devices via SSH brute-force attacks against honeypots. Observed using cowrie honeypot interactions with basic credential guessing (e.g., 'root'/'password'), indicating low sophistication. Limited impact confined to reconnaissance attempts against heal... | 2026-04-08 | |
| IPv4 | 8.211.46.23 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.211.46.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 23.234.107.45 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Dallas, United States (AS11878, tzulo, inc.). Observed targeting healthcare sector honeypot medtech-hp-01 via ciscoasa. duration: 8s; 3 events. | 2026-04-08 | |
| IPv4 | 116.178.129.118 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.118 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 159.89.89.153 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 45.90.237.177 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 45.90.237.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 47.84.101.217 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.101.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 59.173.110.202 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.202 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 121.29.149.176 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 60.13.7.211 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This attacker IP (60.13.7.211) is likely a commodity attacker associated with China Unicom's backbone network, targeting healthcare sector systems via SSH brute-force attempts against honeypot mdms-hp-01. The actor used basic credential patterns and automated tools to probe for vulnerabilities, indicating low sophistication but potential alignme... | 2026-04-08 | |
| IPv4 | 113.239.120.41 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 113.239.120.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 139.212.70.122 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 139.212.70.122 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 34.162.35.223 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 34.162.35.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 59.173.109.195 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 104.207.42.47 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 104.207.42.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, hacking). | 2026-04-08 | |
| IPv4 | 158.158.121.169 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 158.158.121.169 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 76 times when connecting to db4lamedtech between 2026-04-08 12:48 and 2026-04-08 12:48 UTC. | 2026-04-08 | |
| IPv4 | 2.27.63.102 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from United States (AS210457, Kyonix Networks Limited). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events. | 2026-04-08 | |
| IPv4 | 122.166.167.154 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 122.166.167.154 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 14 times when connecting to offbackup1 between 2026-04-08 12:36 and 2026-04-08 13:25 UTC. | 2026-04-08 | |
| IPv4 | 27.112.79.178 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 27.112.79.178 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 33 times when connecting to offbackup1 between 2026-04-08 12:35 and 2026-04-08 13:22 UTC. | 2026-04-08 | |
| IPv4 | 157.245.204.205 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 157.245.204.205 observed using TLS client fingerprint 'Unknown TLS Client (922ca5a04ed4)' 2 times when connecting to db1lapetro between 2026-04-08 12:37 and 2026-04-08 12:37 UTC. | 2026-04-08 | |
| IPv4 | 115.247.108.202 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 115.247.108.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 36.106.167.234 | Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 36.106.167.234 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported). | 2026-04-08 | |
| IPv4 | 207.154.197.113 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 207.154.197.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 110.177.182.237 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.182.237 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 222.94.32.177 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (222.94.32.177) is likely a commodity attacker originating from Nanjing, China, targeting healthcare sector systems via SSH brute-force attacks against honeypots. Observed interaction with medtech-hp-01 honeytrap involved attempted credential guessing and command execution (e.g., 'ls', 'id'), indicative of low-sophistication reconnaissan... | 2026-04-08 | |
| IPv4 | 124.117.193.34 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.193.34 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 106.117.117.207 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.117.117.207 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 36.106.166.176 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 36.106.166.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 39.73.126.106 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 39.73.126.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 14.135.74.227 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 68.235.46.119 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 68.235.46.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 116.178.129.135 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 58.19.141.164 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.19.141.164 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-08 | |
| IPv4 | 222.176.201.21 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 47.254.159.97 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.159.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 116.178.130.82 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.82 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 121.29.85.204 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 121.29.85.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 118.212.123.190 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 170.106.194.26 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 170.106.194.26 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 123.245.85.82 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 68.235.46.70 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 68.235.46.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 138.68.82.23 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 138.68.82.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 116.178.130.90 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.130.90 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 180.111.30.187 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.111.30.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 58.19.79.126 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.19.79.126 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-08 | |
| IPv4 | 89.44.137.152 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 89.44.137.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 180.95.238.52 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 180.95.238.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 159.223.120.79 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 159.223.120.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking). | 2026-04-08 | |
| IPv4 | 123.245.85.55 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 139.135.46.126 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 139.135.46.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 45.153.34.231 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.153.34.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 1.24.16.239 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 1.24.16.239 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 77.32.96.84 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 77.32.96.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 121.29.149.102 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 118.212.121.13 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.121.13 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 47.254.248.130 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.248.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 93.123.109.58 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 93.123.109.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 123.163.114.218 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This attacker IP (123.163.114.218) is likely a commodity attacker targeting healthcare sector SSH services, observed attempting brute-force access to a honeypot (mdms-hp-01) using common credentials. The low sophistication and limited detection across engines suggest automated scanning rather than advanced persistent threat activity, with m... | 2026-04-08 | |
| IPv4 | 68.183.30.1 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 143.244.47.75 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from New York, United States (AS212238, Datacamp Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via ciscoasa. duration: 4s; 3 events. | 2026-04-08 | |
| IPv4 | 116.178.128.42 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.42 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 221.207.35.149 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.149 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 47.254.122.67 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.122.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 36.106.166.204 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 220.250.11.63 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.11.63 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 178.20.210.185 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 178.20.210.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 79.9.209.146 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 79.9.209.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 110.177.182.128 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.182.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 47.84.101.73 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.101.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 171.36.7.201 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.7.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 98.80.4.11 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 98.80.4.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 27.47.25.159 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 27.47.25.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 58.243.47.179 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.243.47.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 220.250.11.199 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.11.199 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 141.98.11.209 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 141.98.11.209 observed using TLS client fingerprint 'Unknown TLS Client (cbdcf107e32e)' 2 times when connecting to db4lamedtech between 2026-04-08 14:38 and 2026-04-08 14:38 UTC. | 2026-04-08 | |
| IPv4 | 157.245.242.63 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 118.212.120.107 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.120.107 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 116.178.129.29 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.29 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 110.177.181.4 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.181.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 220.250.10.229 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.10.229 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 18.97.5.113 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 18.97.5.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 79.127.217.44 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 79.127.217.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 23.234.115.233 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 23.234.115.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 223.199.166.71 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 223.199.166.71 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 182.138.158.55 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 182.138.158.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 123.245.84.116 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 59.173.108.108 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP from Wuhan, China, is likely a commodity attacker targeting energy sector systems via SSH/Telnet brute-force attempts. Observed interacting with honeypot petroleum-hp-01 using honeytrap techniques, suggesting automated tooling focused on credential exploitation rather than advanced persistence. Low sophistication indicated by... | 2026-04-08 | |
| IPv4 | 68.235.46.132 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Chicago, United States (AS11878, tzulo, inc.). Observed targeting energy sector honeypot petroleum-hp-01 via ciscoasa. duration: 5s; 2 events. | 2026-04-08 | |
| IPv4 | 180.149.125.163 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Mongolia (AS45204, GEMNET LLC). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 206.189.93.37 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 206.189.93.37 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 60.13.7.246 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 95.165.8.90 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Moscow, Russia (AS25513, PJSC Moscow city telephone network). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 13 failed login attempts, 13 credential pairs tried across 9 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron pers... | 2026-04-08 | |
| IPv4 | 36.106.167.20 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 36.106.167.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 123.59.232.173 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 123.59.232.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, hacking). | 2026-04-08 | |
| IPv4 | 116.178.130.112 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.112 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 112.51.27.81 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 112.51.27.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 2 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 36.106.167.196 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 36.106.167.196 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 138.197.173.34 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 138.197.173.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 46.21.146.162 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Amsterdam, The Netherlands (AS29802, HIVELOCITY, Inc.). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. duration: 2s; 2 events. | 2026-04-08 | |
| IPv4 | 51.68.111.209 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 51.68.111.209 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v2.0.5; http://mj12bot.com/...' 2 times when connecting to db4lamedtech between 2026-04-08 16:26 and 2026-04-08 16:26 UTC. | 2026-04-08 | |
| IPv4 | 172.178.119.20 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Washington, United States (AS8075, Microsoft Corporation). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 1s; 5 events. | 2026-04-08 | |
| IPv4 | 3.208.208.90 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Ashburn, United States. Observed targeting healthcare sector honeypot mdms-hp-01 via h0neytr4p. 1 events. | 2026-04-08 | |
| IPv4 | 36.153.93.122 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. Attacker IP from China (AS56046, China Mobile communications corporation). Observed targeting energy sector honeypot petroleum-hp-01 via dionaea. duration: 7s; 11 events. | 2026-04-08 | |
| IPv4 | 220.167.233.239 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 123.245.85.31 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.31 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 180.149.126.12 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 180.149.126.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 119.179.249.148 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 119.179.249.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 20.127.170.152 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.127.170.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 139.135.59.80 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 139.135.59.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 47.251.48.11 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.48.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 222.176.201.65 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-08 | |
| IPv4 | 184.72.173.149 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 184.72.173.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 146.190.255.91 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 146.190.255.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 112.122.237.84 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.122.237.84 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 14.135.75.33 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 14.135.75.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 59.173.110.43 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.43 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 59.173.110.209 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 59.173.110.209 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 114.97.190.155 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 180.149.125.172 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 180.149.125.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 47.251.190.201 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.190.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 165.22.215.119 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 165.22.215.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 104.248.251.144 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 104.248.251.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 155.2.191.245 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from United States (AS136557, Host Universal Pty Ltd). Observed targeting energy sector honeypot petroleum-hp-01 via ciscoasa. duration: 7s; 3 events. | 2026-04-08 | |
| IPv4 | 37.19.221.162 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Houston, United States (AS212238, Datacamp Limited). Observed targeting energy sector honeypot petroleum-hp-01 via ciscoasa. duration: 23s; 3 events. | 2026-04-08 | |
| IPv4 | 45.148.10.62 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 45.148.10.62 observed using TLS client fingerprint 'Unknown TLS Client (c023668399b5)' 3 times when connecting to mdms1 between 2026-04-08 16:33 and 2026-04-08 16:33 UTC. | 2026-04-08 | |
| IPv4 | 185.93.89.167 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.93.89.167 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/...' 378 times when connecting to db1lapetro between 2026-04-08 16:30 and 2026-04-08 16:30 UTC. | 2026-04-08 | |
| IPv4 | 121.29.149.111 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 3.83.241.80 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 3.83.241.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 47.251.122.153 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.122.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 66.132.186.219 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 66.132.186.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 44.220.185.236 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 44.220.185.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 45.144.115.35 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 45.144.115.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 116.178.131.49 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 116.178.131.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 80.96.109.228 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 80.96.109.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 171.36.6.59 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.6.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 123.160.174.212 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.160.174.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 216.48.176.84 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from India (AS132420, 282, Sector 19). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. duration: 1m 34s; 18 events. | 2026-04-08 | |
| IPv4 | 180.149.126.2 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 180.149.126.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 220.167.233.152 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 220.167.233.152 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 68.235.46.150 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Chicago, United States (AS11878, tzulo, inc.). Observed targeting healthcare sector honeypot mdms-hp-01 via ciscoasa. duration: 7s; 3 events. | 2026-04-08 | |
| IPv4 | 1.83.125.227 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.227 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 141.94.76.134 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 141.94.76.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 79.127.222.200 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from McAllen, United States (AS60068, Datacamp Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via ciscoasa. duration: 3s; 3 events. | 2026-04-08 | |
| IPv4 | 47.251.101.198 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.101.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 43.156.28.204 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 43.156.28.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 118.212.121.241 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 118.212.121.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 101.249.61.22 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.61.22 classified as scanning infrastructure conducting network reconnaissance (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (minimal, reported). | 2026-04-08 | |
| IPv4 | 209.38.122.16 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 209.38.122.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 27.47.27.27 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.27.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 118.212.121.10 | Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.10 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 59.173.109.162 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Wuhan, China (AS4134, Chinanet). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 112.94.190.36 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.94.190.36 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 220.167.232.38 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 110.177.183.203 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.183.203 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 185.236.25.175 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.236.25.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 103.217.201.110 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS146817, Hubei Feixun Network Co., Ltd). Observed targeting healthcare sector honeypot medtech-hp-01 via dionaea. duration: 3m 37s; 2 events. | 2026-04-08 | |
| IPv4 | 185.103.241.41 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from The Netherlands (AS48635, Your Hosting B.V.) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via dionaea. duration: 20s; 5 events. | 2026-04-08 | |
| IPv4 | 4.236.173.163 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Washington, United States (AS8075, Microsoft Corporation). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 1s; 5 events. | 2026-04-08 | |
| IPv4 | 101.47.159.50 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 101.47.159.50 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to db1lapetro between 2026-04-08 17:30 and 2026-04-08 18:12 UTC. | 2026-04-08 | |
| IPv4 | 91.186.219.240 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 91.186.219.240 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 20 times when connecting to db1lapetro between 2026-04-08 17:30 and 2026-04-08 18:18 UTC. | 2026-04-08 | |
| IPv4 | 168.144.86.6 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 114.97.191.56 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.191.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 51.38.112.81 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 51.38.112.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 110.177.182.172 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.182.172 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 182.242.168.180 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.242.168.180 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-08 | |
| IPv4 | 64.227.3.53 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 64.227.3.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 37.19.210.20 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Denver, United States (AS212238, Datacamp Limited). Observed targeting energy sector honeypot petroleum-hp-01 via ciscoasa. duration: 17s; 3 events. | 2026-04-08 | |
| IPv4 | 51.107.9.165 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 51.107.9.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 143.110.222.42 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 143.110.222.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 185.249.74.198 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Austria (AS8560, IONOS SE). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 6 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 15m 30s; 50 events. | 2026-04-08 | |
| IPv4 | 207.188.6.245 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Dallas, United States. Observed targeting healthcare sector honeypot mdms-hp-01 via h0neytr4p. 4 events. | 2026-04-08 | |
| IPv4 | 9.223.176.221 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Sweden (AS8075, Microsoft Corporation). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 12 failed login attempts, 12 credential pairs tried across 9 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of 19 ma... | 2026-04-08 | |
| IPv4 | 203.90.110.186 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Pune, India (AS45528, Tikona Infinet Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 9 failed login attempts, 9 credential pairs tried across 4 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, fi... | 2026-04-08 | |
| IPv4 | 27.47.27.18 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.27.18 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 112.248.124.146 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 112.248.124.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 116.178.130.81 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 106.53.97.124 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Guangzhou, China (AS45090, Shenzhen Tencent Computer Systems Company Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 14m 22s; 48 events. | 2026-04-08 | |
| IPv4 | 182.119.224.102 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.224.102 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 178.150.14.250 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 178.150.14.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 143.110.209.113 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 143.110.209.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 47.250.42.200 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.42.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 47.84.136.223 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.136.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 167.99.182.209 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 167.99.182.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 197.48.118.3 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 197.48.118.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 138.197.142.116 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 138.197.142.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 36.106.166.21 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 36.106.166.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 112.122.237.213 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 112.122.237.213 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 54.89.155.82 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 54.89.155.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 47.251.120.157 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.251.120.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-08 | |
| IPv4 | 36.41.75.167 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 36.41.75.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 103.81.231.31 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from Ashburn, United States (AS203020, HostRoyale Technologies Pvt Ltd). Observed targeting healthcare sector honeypot mdms-hp-01 via ciscoasa. duration: 5s; 3 events. | 2026-04-08 | |
| IPv4 | 47.251.161.178 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.161.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 185.225.191.217 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.225.191.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 117.72.65.44 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 117.72.65.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 60.13.7.144 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 221.207.34.96 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 221.207.34.96 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 36.106.166.192 | Score: 70/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 36.106.166.192 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 124.117.193.190 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.193.190 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 59.173.108.57 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.57 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 36.132.36.203 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 36.132.36.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-08 | |
| IPv4 | 14.135.74.195 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.195 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 117.40.114.151 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.40.114.151 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 85.130.181.215 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 85.130.181.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 59.173.108.101 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.101 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 101.231.133.210 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 101.231.133.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-08 | |
| IPv4 | 143.110.208.98 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 143.110.208.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 112.122.236.182 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.122.236.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 18.97.5.67 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 18.97.5.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 221.207.35.135 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 221.207.35.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 194.187.179.136 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 171.37.190.239 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.37.190.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 60.13.6.24 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 123.245.85.211 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.211 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 124.117.192.172 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.192.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 220.250.10.34 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 220.250.10.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 114.33.223.137 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 114.33.223.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 190.165.144.32 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 190.165.144.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 110.177.179.248 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.179.248 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 180.149.126.6 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 180.149.126.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-08 | |
| IPv4 | 37.19.221.140 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Houston, United States (AS212238, Datacamp Limited). Observed targeting energy sector honeypot petroleum-hp-01 via ciscoasa. duration: 5s; 2 events. | 2026-04-08 | |
| IPv4 | 37.19.210.37 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 37.19.210.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 175.30.48.219 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 175.30.48.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-08 | |
| IPv4 | 106.117.106.4 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.117.106.4 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 180.76.235.114 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 180.76.235.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 69.92.153.146 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 69.92.153.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 122.96.28.83 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 122.96.28.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 112.94.188.176 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.94.188.176 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 47.250.120.35 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.120.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 165.22.215.32 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 165.22.215.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 104.248.48.89 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 2 events. | 2026-04-08 | |
| IPv4 | 47.245.142.53 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.142.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 171.36.7.253 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 171.36.7.253 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 159.89.164.146 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.89.164.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 59.173.108.240 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 171.37.47.224 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.37.47.224 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 23.234.113.233 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 23.234.113.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-08 | |
| IPv4 | 180.95.231.28 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (180.95.231.28) is likely a commodity attacker node targeting healthcare sector systems via SSH brute-force attacks against honeypots. Observed using basic credential patterns (e.g., default usernames/passwords) to exploit vulnerable SSH services, consistent with low-sophistication threat actors leveraging automated tools for lateral moveme... | 2026-04-08 | |
| IPv4 | 59.173.109.129 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.129 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 182.119.227.130 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.227.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 1.83.125.188 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 1.83.125.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, ftp-brute, hacking). | 2026-04-08 | |
| IPv4 | 114.34.187.209 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 114.34.187.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 182.119.224.226 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.224.226 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 116.178.131.78 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 116.178.129.137 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 194.187.179.182 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 194.187.179.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-08 | |
| IPv4 | 194.187.179.142 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 194.187.179.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-08 | |
| IPv4 | 100.29.192.37 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 100.29.192.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-08 | |
| IPv4 | 59.173.111.79 | Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.79 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 59.52.102.75 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.52.102.75 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-08 | |
| IPv4 | 221.208.113.101 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 221.208.113.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 61.197.152.248 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 61.197.152.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 118.212.121.153 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.153 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 60.13.7.189 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.189 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 87.120.165.214 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 87.120.165.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 143.244.132.153 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 143.244.132.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 27.47.27.71 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.27.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 112.94.191.77 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.191.77 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 121.29.149.148 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 101.89.194.56 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 101.89.194.56 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-04-08 20:23 and 2026-04-08 21:18 UTC. | 2026-04-08 | |
| IPv4 | 138.197.133.4 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Toronto, Canada (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 168.144.21.238 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Bengaluru, India (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 118.212.122.11 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 116.178.130.187 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.187 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 139.212.69.225 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 139.212.69.225 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-08 | |
| IPv4 | 164.92.201.0 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 164.92.201.0 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-08 | |
| IPv4 | 27.47.24.223 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 99.241.36.212 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 99.241.36.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 23.234.79.30 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from Raleigh, United States (AS11878, tzulo, inc.). Observed targeting energy sector honeypot petroleum-hp-01 via ciscoasa. duration: 9s; 3 events. | 2026-04-08 | |
| IPv4 | 124.117.193.244 | Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.193.244 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 222.176.200.114 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (222.176.200.114) is likely a commodity attacker node targeting healthcare sector honeypots via SSH brute-force attacks using common credentials. Observed exploiting honeytrap mdms-hp-01 with low-sophistication techniques, suggesting automated scanning rather than advanced persistent threat activity. | 2026-04-08 | |
| IPv4 | 143.244.47.69 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from New York, United States (AS212238, Datacamp Limited). Observed targeting energy sector honeypot petroleum-hp-01 via ciscoasa. duration: 7s; 3 events. | 2026-04-08 | |
| IPv4 | 182.119.226.184 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 182.119.226.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 180.95.238.229 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.229 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 180.95.238.192 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.192 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 221.208.113.207 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 221.208.113.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 124.117.192.202 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.192.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-08 | |
| IPv4 | 221.199.73.124 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.199.73.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 171.105.76.29 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 171.105.76.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 27.47.27.128 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.27.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 51.77.43.72 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 51.77.43.72 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 4 times when connecting to db4lamedtech between 2026-04-08 21:42 and 2026-04-08 21:43 UTC. | 2026-04-08 | |
| IPv4 | 159.203.44.18 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Toronto, Canada (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 85.239.147.9 | Score: 50/100. Labels: abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Bulgaria (AS213474, HomeLine Broadband LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 118.212.122.11 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 116.178.130.187 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.187 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 139.212.69.225 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 139.212.69.225 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-08 | |
| IPv4 | 164.92.201.0 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 164.92.201.0 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-08 | |
| IPv4 | 27.47.24.223 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 99.241.36.212 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 99.241.36.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-08 | |
| IPv4 | 23.234.79.30 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from Raleigh, United States (AS11878, tzulo, inc.). Observed targeting energy sector honeypot petroleum-hp-01 via ciscoasa. duration: 9s; 3 events. | 2026-04-08 | |
| IPv4 | 124.117.193.244 | Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.193.244 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-08 | |
| IPv4 | 222.176.200.114 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (222.176.200.114) is likely a commodity attacker node targeting healthcare sector honeypots via SSH brute-force attacks using common credentials. Observed exploiting honeytrap mdms-hp-01 with low-sophistication techniques, suggesting automated scanning rather than advanced persistent threat activity. | 2026-04-08 | |
| IPv4 | 143.244.47.69 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from New York, United States (AS212238, Datacamp Limited). Observed targeting energy sector honeypot petroleum-hp-01 via ciscoasa. duration: 7s; 3 events. | 2026-04-08 | |
| IPv4 | 182.119.226.184 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 182.119.226.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 180.95.238.229 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.229 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 180.95.238.192 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.192 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-08 | |
| IPv4 | 221.208.113.207 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 221.208.113.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 124.117.192.202 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.192.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-08 | |
| IPv4 | 221.199.73.124 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.199.73.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 171.105.76.29 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 171.105.76.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 27.47.27.128 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.27.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-08 | |
| IPv4 | 51.77.43.72 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 51.77.43.72 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 4 times when connecting to db4lamedtech between 2026-04-08 21:42 and 2026-04-08 21:43 UTC. | 2026-04-08 | |
| IPv4 | 159.203.44.18 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Toronto, Canada (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 85.239.147.9 | Score: 50/100. Labels: abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Bulgaria (AS213474, HomeLine Broadband LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-08 | |
| IPv4 | 117.20.227.25 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 117.20.227.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 121.29.149.35 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 222.176.200.125 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 221.208.113.182 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.208.113.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 8.211.23.105 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.211.23.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 45.134.142.209 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 45.134.142.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-09 | |
| IPv4 | 171.36.7.96 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.7.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 45.119.85.237 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 45.119.85.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 31.39.70.31 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 31.39.70.31 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 1.85.219.183 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 1.85.219.183 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 180.149.125.167 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 180.149.125.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 61.221.207.130 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 61.221.207.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 106.75.29.99 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 106.75.29.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-09 | |
| IPv4 | 117.33.242.180 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 117.33.242.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 152.32.201.119 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 152.32.201.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 146.88.241.60 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 146.88.241.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 221.208.113.178 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 221.208.113.178 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 222.176.201.241 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 122.242.79.43 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 122.242.79.43 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 182.119.228.186 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.228.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 5.16.181.160 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 5.16.181.160 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 147.182.217.138 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, cowrie. 147.182.217.138 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan). | 2026-04-09 | |
| IPv4 | 37.19.200.159 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Dallas, United States (AS212238, Datacamp Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via ciscoasa. duration: 13s; 3 events. | 2026-04-09 | |
| IPv4 | 180.111.30.110 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.111.30.110 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 121.29.85.114 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.85.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 59.173.109.68 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.109.68 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 222.94.32.116 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.94.32.116 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 182.119.231.34 | Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.231.34 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 68.35.144.220 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 68.35.144.220 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 118.212.121.156 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (118.212.121.156) is likely a commodity attacker using automated tools to conduct SSH brute-force attacks against energy sector honeypots. Observed targeting petroleum-hp-01 via honeytrap with low sophistication, employing default credentials and basic command-line interface interactions. Limited impact confined to reconnaiss... | 2026-04-09 | |
| IPv4 | 196.221.165.86 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 196.221.165.86 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (15 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 196.221.164.144 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 196.221.164.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 180.149.125.166 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 180.149.125.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 59.173.109.219 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 185.247.137.130 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 185.247.137.46 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 220.250.10.238 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 220.250.10.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 58.19.141.141 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.19.141.141 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 180.95.231.5 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 180.95.231.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 47.254.36.130 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.36.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 102.209.119.231 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 102.209.119.231 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 18 times when connecting to mdms1 between 2026-04-08 23:01 and 2026-04-08 23:01 UTC. | 2026-04-09 | |
| IPv4 | 37.19.221.166 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Houston, United States (AS212238, Datacamp Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via ciscoasa. 3 events. | 2026-04-09 | |
| IPv4 | 116.110.30.82 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Da Nang, Vietnam (AS24086, Viettel Corporation). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 2m 20s; 10 events. | 2026-04-09 | |
| IPv4 | 116.110.18.218 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Da Nang, Vietnam (AS24086, Viettel Corporation). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 9s; 5 events. | 2026-04-09 | |
| IPv4 | 44.220.185.218 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 44.220.185.218 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 116.178.130.143 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 20.5.50.50 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 20.5.50.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-09 | |
| IPv4 | 124.117.192.223 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.223 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 209.38.219.99 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 209.38.219.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 173.239.254.212 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh. 173.239.254.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 85.8.130.19 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. 85.8.130.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 173.239.254.223 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 173.239.254.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 120.36.82.210 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 120.36.82.210 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 47.251.105.28 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.105.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 205.250.174.95 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 205.250.174.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 5.39.19.237 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata | 2026-04-09 | |
| IPv4 | 222.94.32.162 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 222.94.32.162 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean). | 2026-04-09 | |
| IPv4 | 114.97.190.181 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 124.117.193.45 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.193.45 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-09 | |
| IPv4 | 121.29.85.239 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 121.29.85.239 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 59.52.176.151 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.52.176.151 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 180.149.126.9 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 180.149.126.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-09 | |
| IPv4 | 27.47.25.20 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.25.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 113.183.169.57 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 113.183.169.57 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 27.47.27.240 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.27.240 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 172.110.223.121 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Philippines (AS47154, Husam A. H. Hijazi). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-09 | |
| IPv4 | 123.144.28.75 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.144.28.75 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 118.103.228.178 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. Attacker IP from Multan, Pakistan (AS140900, Getlinks SMC-Private Limited). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. duration: 2m 22s; 23 events. | 2026-04-09 | |
| IPv4 | 79.127.222.217 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from McAllen, United States (AS60068, Datacamp Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via ciscoasa. duration: 7s; 3 events. | 2026-04-09 | |
| IPv4 | 27.47.27.77 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.27.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 222.94.32.69 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 222.94.32.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 119.48.134.8 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 119.48.134.8 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 58.212.237.166 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 27.47.24.172 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.24.172 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 14.135.75.129 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4134, Chinanet). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-09 | |
| IPv4 | 47.254.242.70 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.242.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 27.47.26.70 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.26.70 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, ftp-brute, hacking). | 2026-04-09 | |
| IPv4 | 83.142.209.216 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 83.142.209.216 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db4lamedtech between 2026-04-09 00:33 and 2026-04-09 00:33 UTC. | 2026-04-09 | |
| IPv4 | 182.96.95.66 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 182.96.95.66 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 3 times when connecting to db1lapetro between 2026-04-09 00:31 and 2026-04-09 00:31 UTC. | 2026-04-09 | |
| IPv4 | 68.235.46.196 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Chicago, United States (AS11878, tzulo, inc.). Observed targeting energy sector honeypot petroleum-hp-01 via ciscoasa. duration: 7s; 3 events. | 2026-04-09 | |
| IPv4 | 182.242.168.44 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-09 | |
| IPv4 | 37.19.221.159 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Houston, United States (AS212238, Datacamp Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via ciscoasa. duration: 11s; 3 events. | 2026-04-09 | |
| IPv4 | 59.173.111.204 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.111.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 180.95.231.145 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 180.95.231.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 144.123.77.53 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 144.123.77.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 14.135.74.38 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 14.135.74.38 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 59.173.108.251 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 209.97.133.128 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 209.97.133.128 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking). | 2026-04-09 | |
| IPv4 | 222.176.200.180 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 113.57.186.238 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 113.57.186.238 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 112.122.237.254 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.122.237.254 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 5.133.192.136 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 5.133.192.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 182.88.190.209 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.88.190.209 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 60.13.6.61 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (60.13.6.61) is likely a commodity attacker node targeting energy sector SSH/Telnet services, observed attempting brute-force access to honeypot petroleum-hp-01 using default credentials. The actor employed basic tooling to exploit weak authentication, with limited sophistication but potential for lateral movement if successful. Two k... | 2026-04-09 | |
| IPv4 | 83.97.111.116 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 83.97.111.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-09 | |
| IPv4 | 95.79.34.101 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 95.79.34.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 216.218.206.95 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 216.218.206.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 106.75.241.127 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 106.75.241.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 59.173.111.181 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.111.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 118.212.123.118 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.118 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 36.106.167.204 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 116.178.129.58 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This attacker IP (116.178.129.58) is likely a commodity attacker targeting energy sector infrastructure, observed attempting SSH brute-force attacks against honeypot petroleum-hp-01 using default credentials. The low sophistication suggests automated tooling rather than advanced persistent threat actors, with limited impact confined to honeypot int... | 2026-04-09 | |
| IPv4 | 110.177.182.243 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.182.243 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 37.19.200.133 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Dallas, United States (AS212238, Datacamp Limited). Observed targeting energy sector honeypot petroleum-hp-01 via ciscoasa. duration: 8s; 3 events. | 2026-04-09 | |
| IPv4 | 139.135.45.49 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 139.135.45.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 118.212.120.151 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.120.151 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 121.29.84.9 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 173.199.119.32 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 173.199.119.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 101.96.194.130 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 101.96.194.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 182.119.230.224 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.230.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 66.175.223.161 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.175.223.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 123.245.84.14 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 123.178.210.229 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.178.210.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 124.117.192.244 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.192.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-09 | |
| IPv4 | 121.29.149.77 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.149.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 47.86.173.116 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.86.173.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high). | 2026-04-09 | |
| IPv4 | 3.14.82.245 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 3.14.82.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 182.242.168.104 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 182.119.227.58 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. This attacker IP from Zhengzhou, China, is likely a commodity threat actor targeting healthcare sector SSH services via brute-force attacks against honeypots like medtech-hp-01. Observed using automated tools to exploit weak credentials, with limited sophistication but focused on credential theft and system access. No direct malware or data exfilt... | 2026-04-09 | |
| IPv4 | 152.32.212.162 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 152.32.212.162 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 35 times when connecting to mdms1 between 2026-04-09 00:30 and 2026-04-09 01:13 UTC. | 2026-04-09 | |
| IPv4 | 27.47.25.233 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.25.233 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 47.251.247.149 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.247.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 59.103.104.29 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 59.103.104.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 59.151.192.14 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 59.151.192.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 114.132.60.131 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 114.132.60.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 121.121.121.224 | Score: 50/100. Labels: abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:unlisted. 121.121.121.224 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, port-scan, reported). | 2026-04-09 | |
| IPv4 | 180.95.238.172 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 14.63.192.228 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 14.63.192.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 123.245.84.229 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.245.84.229 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 182.119.226.81 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.226.81 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 101.126.23.159 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 101.126.23.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 44.220.188.149 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 44.220.188.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 158.94.210.208 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:reported. Attacker IP from Amsterdam, The Netherlands (AS202412, Omegatech LTD). Observed targeting healthcare sector honeypot medtech-hp-01 via tanner. duration: 1m 7s; 223 events. | 2026-04-09 | |
| IPv4 | 200.11.141.86 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Venezuela (AS8048, CANTV Servicios, Venezuela). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 7s; 5 events. | 2026-04-09 | |
| IPv4 | 139.135.60.0 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 139.135.60.0 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 47.250.80.121 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.80.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 171.8.138.69 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 171.8.138.69 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-09 | |
| IPv4 | 114.97.190.167 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.190.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 180.149.126.17 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. This attacker IP (180.149.126.17) is likely a commodity threat actor employing automated SSH brute-force attacks against energy sector targets. Observed targeting the petroleum-hp-01 honeypot via honeytrap, leveraging common credential patterns and command-line interfaces to probe for vulnerabilities. The attack demonstrates low-to-medium soph... | 2026-04-09 | |
| IPv4 | 107.197.219.49 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 107.197.219.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 59.173.111.20 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.20 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 116.178.129.69 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 206.168.201.74 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. Attacker IP from Gujranwala, Pakistan (AS9541, Cyber Internet Services Pvt Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. duration: 3m 1s; 29 events. | 2026-04-09 | |
| IPv4 | 59.173.111.210 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.111.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 36.90.174.20 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Malang, Indonesia (AS7713, PT Telekomunikasi Indonesia). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 4 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), deliv... | 2026-04-09 | |
| IPv4 | 144.123.76.180 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 144.123.76.180 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 194.163.170.77 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 194.163.170.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 182.242.169.29 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.242.169.29 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 47.251.121.150 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.121.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 162.250.125.119 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 162.250.125.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 120.48.135.8 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 120.48.135.8 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 4 times when connecting to db4lamedtech between 2026-04-09 02:24 and 2026-04-09 02:24 UTC. | 2026-04-09 | |
| IPv4 | 123.245.85.239 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 31.59.105.179 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Paris, France (AS56971, Cgi Global Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 3 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 9m 5s; 16 events. | 2026-04-09 | |
| IPv4 | 20.220.57.112 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.220.57.112 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 8 times when connecting to db4lamedtech between 2026-04-09 01:15 and 2026-04-09 01:15 UTC. | 2026-04-09 | |
| IPv4 | 1.24.16.87 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. This IP (1.24.16.87) is likely a commodity attacker or botnet node targeting energy sector infrastructure via SSH brute-force attacks against honeypots like petroleum-hp-01. The actor used credential stuffing techniques and attempted command execution through SSH, leveraging China Unicom's AS4837 network. While not highly sophisticated, the attack pat... | 2026-04-09 | |
| IPv4 | 59.173.108.166 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 123.245.85.48 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. This IP (123.245.85.48) is likely a low-sophistication automated actor targeting energy sector SSH services, evidenced by its interaction with the petroleum-hp-01 honeypot using brute-force credential attempts. The attacker leveraged Cowrie-based honeytrap infrastructure, suggesting focus on exploiting weak SSH configurations rather than advanced persistence mechani... | 2026-04-09 | |
| IPv4 | 18.97.26.2 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 18.97.26.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-09 | |
| IPv4 | 170.239.255.181 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 170.239.255.181 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (3 commands), 3 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 72.255.32.117 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. Attacker IP from Lahore, Pakistan (AS9541, Cyber Internet Services Pvt Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. duration: 4m 45s; 45 events. | 2026-04-09 | |
| IPv4 | 185.156.46.166 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. Attacker IP from Ashburn, United States (AS212238, Datacamp Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via ciscoasa. duration: 5s; 3 events. | 2026-04-09 | |
| IPv4 | 112.122.237.184 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.122.237.184 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 180.149.126.3 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 180.149.126.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 116.178.130.211 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 116.178.130.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 118.212.121.39 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (118.212.121.39) is likely a commodity attacker associated with automated scanning infrastructure targeting healthcare sector systems. Observed attempting SSH brute-force attacks against honeypot mdms-hp-01 using common credentials, indicative of low-sophistication tooling. Limited impact detected due to honeypot containment, but pose... | 2026-04-09 | |
| IPv4 | 211.91.150.107 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting government sector honeypot backup-hp-01 via cowrie. duration: 6m 3s; 7 events. | 2026-04-09 | |
| IPv4 | 58.212.237.14 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (58.212.237.14) is likely a commodity attacker targeting healthcare sector SSH services, observed attempting brute-force access to a honeypot (mdms-hp-01) using common credentials. The attack pattern aligns with low-sophistication automated tools, leveraging SSH/Telnet protocols with minimal evasion techniques, suggesting limited... | 2026-04-09 | |
| IPv4 | 196.218.61.182 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 196.218.61.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 168.144.88.9 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 168.144.88.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 222.95.168.237 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 222.95.168.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 116.178.131.111 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.178.131.111 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-09 | |
| IPv4 | 104.207.33.106 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported. 104.207.33.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 118.212.122.63 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.63 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-09 | |
| IPv4 | 123.245.84.213 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.213 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 191.253.105.30 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 191.253.105.30 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to db1lapetro between 2026-04-09 02:33 and 2026-04-09 02:55 UTC. | 2026-04-09 | |
| IPv4 | 57.134.139.188 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 57.134.139.188 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to db1lapetro between 2026-04-09 02:30 and 2026-04-09 03:09 UTC. | 2026-04-09 | |
| IPv4 | 172.239.103.159 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from London, United Kingdom. Observed targeting energy sector honeypot petroleum-hp-01 via h0neytr4p. 1 events. | 2026-04-09 | |
| IPv4 | 114.97.191.193 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.193 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 106.117.108.189 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.108.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 47.250.171.20 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.171.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 27.47.26.25 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 27.47.26.25 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 58.243.46.6 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.243.46.6 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 111.36.54.6 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 111.36.54.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 35.185.190.125 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 35.185.190.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 59.173.108.217 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.217 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 139.212.70.91 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 139.212.70.91 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 220.250.11.118 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 220.250.11.118 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 168.144.20.79 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 168.144.20.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 14.225.1.31 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 14.225.1.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 112.122.237.31 | Score: 55/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.122.237.31 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 27.47.26.124 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.26.124 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 116.178.129.205 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.205 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 104.36.50.39 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 104.36.50.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 222.176.201.209 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 137.74.16.111 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 137.74.16.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 112.46.213.120 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.213.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 168.0.121.130 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 168.0.121.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 123.145.18.40 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.145.18.40 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 220.250.10.153 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.10.153 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 106.117.110.195 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 106.117.110.195 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 121.209.8.43 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 121.209.8.43 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 119.48.135.122 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 119.48.135.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 1.85.216.43 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 1.85.216.43 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 23.162.8.80 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 23.162.8.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 1.83.125.99 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 1.83.125.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 184.105.139.109 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 184.105.139.109 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 144.123.76.204 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (144.123.76.204) is likely a commodity threat actor targeting healthcare sector IT infrastructure, observed attempting SSH brute-force attacks against a medtech honeypot (medtech-hp-01). The actor used automated tools to probe for weak credentials, consistent with low-sophistication scanning campaigns. While not highly advanc... | 2026-04-09 | |
| IPv4 | 173.249.47.111 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 173.249.47.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 180.182.141.117 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 180.182.141.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 117.15.188.40 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-09 | |
| IPv4 | 144.31.186.117 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Frankfurt am Main, Germany (AS215590, DpkgSoft International Limited). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 6 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron pe... | 2026-04-09 | |
| IPv4 | 216.106.179.248 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Dallas, United States (AS63023, GTHost). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 6 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 9m 26s; 35 events. | 2026-04-09 | |
| IPv4 | 37.19.221.146 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Houston, United States (AS212238, Datacamp Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via ciscoasa. duration: 4s; 3 events. | 2026-04-09 | |
| IPv4 | 172.239.118.224 | Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from London, United Kingdom. Observed targeting healthcare sector honeypot mdms-hp-01 via h0neytr4p. 1 events. | 2026-04-09 | |
| IPv4 | 147.182.152.238 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 147.182.152.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 123.245.84.232 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.232 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 118.212.122.231 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.231 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 139.59.14.154 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 139.59.14.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 60.13.7.199 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 68.235.46.198 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Chicago, United States (AS11878, tzulo, inc.). Observed targeting healthcare sector honeypot medtech-hp-01 via ciscoasa. duration: 6s; 3 events. | 2026-04-09 | |
| IPv4 | 110.177.182.117 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.182.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 183.110.116.65 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from South Korea (AS4766, Korea Telecom). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 12m 16s; 18 events. | 2026-04-09 | |
| IPv4 | 121.142.4.243 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 121.142.4.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 180.76.250.38 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 180.76.250.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 87.236.176.39 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 87.236.176.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 58.243.46.156 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.243.46.156 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 180.149.126.14 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan, abuseipdb:reported. 180.149.126.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high). | 2026-04-09 | |
| IPv4 | 27.47.24.108 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.24.108 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 222.176.200.131 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.131 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-09 | |
| IPv4 | 180.149.125.168 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 180.149.125.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 116.178.129.204 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 116.178.129.204 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 181.237.100.97 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pereira, Colombia (AS3816, COLOMBIA TELECOMUNICACIONES S.A. ESP BIC). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 3m 36s; 15 events. | 2026-04-09 | |
| IPv4 | 223.166.22.88 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (223.166.22.88) is likely a botnet node or automated scanner originating from China Unicom Shanghai, targeting healthcare sector devices via SSH brute-force attacks against honeypots like mdms-hp-01. The attacker used basic credential patterns and exhibited low-to-moderate sophistication, consistent with commodity attack tools rather than a... | 2026-04-09 | |
| IPv4 | 123.245.85.252 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.252 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 58.243.47.157 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (58.243.47.157) is likely a commodity botnet node or automated scanner targeting healthcare sector systems via SSH brute-force attacks. Observed attempting access to honeypot medtech-hp-01 using generic credentials and command-line tools, indicative of low-to-moderate sophistication. The attack aligns with patterns seen ... | 2026-04-09 | |
| IPv4 | 171.37.92.11 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.37.92.11 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 167.99.226.145 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 6s; 7 events. | 2026-04-09 | |
| IPv4 | 137.255.13.209 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 137.255.13.209 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to db1lapetro between 2026-04-09 04:18 and 2026-04-09 05:04 UTC. | 2026-04-09 | |
| IPv4 | 39.78.141.222 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Jinan, China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-09 | |
| IPv4 | 120.48.60.18 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 120.48.60.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ftp-brute). | 2026-04-09 | |
| IPv4 | 146.88.241.130 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 146.88.241.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 52.167.144.20 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 52.167.144.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 59.173.109.172 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 106.117.105.14 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.117.105.14 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 139.59.178.194 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 139.59.178.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 109.237.27.234 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 109.237.27.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 113.57.187.244 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 113.57.187.244 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-09 | |
| IPv4 | 119.48.134.54 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 119.48.134.54 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 206.189.132.87 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 206.189.132.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 123.245.84.106 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.84.106 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 101.249.63.24 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (101.249.63.24) is likely a botnet node or automated scanner originating from China, targeting energy sector infrastructure via SSH brute-force attacks against honeypots like petroleum-hp-01. The attacker used common credential patterns and command-line interfaces to probe for vulnerabilities, indicating low-to-moderate sophistication... | 2026-04-09 | |
| IPv4 | 123.178.210.246 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 123.178.210.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 124.219.163.29 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 124.219.163.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 1.83.125.103 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 144.123.77.176 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.77.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 20.63.32.44 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.63.32.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 185.156.46.160 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Ashburn, United States (AS212238, Datacamp Limited). Observed targeting energy sector honeypot petroleum-hp-01 via ciscoasa. duration: 7s; 3 events. | 2026-04-09 | |
| IPv4 | 72.255.19.199 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 72.255.19.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 139.59.14.163 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 139.59.14.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, moderate, multi-reported). | 2026-04-09 | |
| IPv4 | 152.32.189.59 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Hong Kong, Hong Kong (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 3m 13... | 2026-04-09 | |
| IPv4 | 116.178.129.182 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.178.129.182 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 4.186.31.101 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Pune, India (AS8075, Microsoft Corporation). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 2s; 5 events. | 2026-04-09 | |
| IPv4 | 104.194.134.203 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Zaandam, The Netherlands (AS14956, RouterHosting LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via sentrypeer. duration: 11m 36s; 4 events. | 2026-04-09 | |
| IPv4 | 42.59.86.45 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 42.59.86.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 60.13.6.236 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 60.13.6.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 112.94.188.116 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.188.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 223.166.22.91 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 223.166.22.91 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 221.207.34.41 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.34.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 104.194.159.157 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Frankfurt am Main, Germany (AS14956, RouterHosting LLC) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via sentrypeer. 1 events. | 2026-04-09 | |
| IPv4 | 145.239.65.236 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 145.239.65.236 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-04-09 05:35 and 2026-04-09 05:35 UTC. | 2026-04-09 | |
| IPv4 | 115.190.56.152 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 115.190.56.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 106.12.148.74 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 106.12.148.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute). | 2026-04-09 | |
| IPv4 | 45.194.70.249 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.194.70.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 176.104.119.19 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Poland (AS42374, Instalnet Szabat Rydzewski Spolka Jawna). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. duration: 2m 54s; 27 events. | 2026-04-09 | |
| IPv4 | 47.251.174.68 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.174.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 91.137.27.140 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 91.137.27.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 180.149.125.164 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 180.149.125.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 167.172.71.25 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 167.172.71.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-09 | |
| IPv4 | 180.177.66.132 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 180.177.66.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 118.212.120.77 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.120.77 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 114.97.191.232 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 59.173.108.225 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 59.173.109.217 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 106.75.21.206 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 106.75.21.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-09 | |
| IPv4 | 123.245.85.148 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low. This attacker IP (123.245.85.148) is likely a commodity botnet node or automated scanner originating from China, targeting energy sector systems via SSH brute-force attacks against honeypots like petroleum-hp-01. The actor used basic credential patterns and exhibited low sophistication, consistent with mass-scanning campaigns rather than targeted APT a... | 2026-04-09 | |
| IPv4 | 47.251.173.60 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.173.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 118.233.164.58 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.233.164.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 60.16.215.59 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 60.16.215.59 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 27.47.25.179 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.25.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 202.58.242.243 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 202.58.242.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 137.184.44.24 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 137.184.44.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 180.149.126.13 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 180.149.126.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high). | 2026-04-09 | |
| IPv4 | 194.170.189.196 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 194.170.189.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 137.74.16.123 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata | 2026-04-09 | |
| IPv4 | 194.102.63.113 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 194.102.63.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 155.2.191.119 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from United States (AS136557, Host Universal Pty Ltd). Observed targeting energy sector honeypot petroleum-hp-01 via ciscoasa. duration: 7s; 3 events. | 2026-04-09 | |
| IPv4 | 180.149.126.16 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 180.149.126.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 176.211.30.69 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 176.211.30.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 123.160.174.90 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.160.174.90 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 165.22.13.186 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 165.22.13.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-09 | |
| IPv4 | 124.29.194.190 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 124.29.194.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 149.40.50.117 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS212238, Datacamp Limited). Observed targeting healthcare sector honeypot medtech-hp-01 via ciscoasa. duration: 6s; 3 events. | 2026-04-09 | |
| IPv4 | 142.147.89.222 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from San Jose, United States (AS6233, xTom). Observed targeting healthcare sector honeypot medtech-hp-01 via ciscoasa. duration: 9s; 3 events. | 2026-04-09 | |
| IPv4 | 139.135.46.174 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 139.135.46.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 116.178.129.178 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 220.167.232.248 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 220.167.232.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, moderate, multi-reported). | 2026-04-09 | |
| IPv4 | 114.97.190.189 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.189 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 60.13.6.212 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 168.144.87.198 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 168.144.87.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 218.4.179.173 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 218.4.179.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 66.132.224.22 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.224.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 43.133.174.69 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 43.133.174.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 221.215.99.69 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.215.99.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-09 | |
| IPv4 | 49.228.239.106 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 49.228.239.106 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 5 times when connecting to db4lamedtech between 2026-04-09 08:25 and 2026-04-09 08:29 UTC. | 2026-04-09 | |
| IPv4 | 92.39.31.168 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 92.39.31.168 observed using SSH client fingerprint 'Unknown SSH Client (78c05d999799)' 2 times when connecting to mdms1 between 2026-04-09 08:13 and 2026-04-09 08:13 UTC. | 2026-04-09 | |
| IPv4 | 14.225.36.144 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 14.225.36.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 134.209.186.164 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 134.209.186.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 8.34.210.56 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 8.34.210.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 118.212.120.177 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.120.177 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 74.7.243.233 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 74.7.243.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-09 | |
| IPv4 | 122.97.215.234 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 122.97.215.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted). | 2026-04-09 | |
| IPv4 | 146.70.187.137 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 146.70.187.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 171.36.7.84 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.36.7.84 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 209.97.175.77 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 209.97.175.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 43.110.36.210 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.110.36.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 217.154.47.221 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 217.154.47.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 45.135.194.83 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Germany (AS51396, Pfcloud UG (haftungsbeschrankt)) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-09 | |
| IPv4 | 47.117.115.83 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 47.117.115.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 118.99.80.3 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Indonesia (AS17451, BIZNET NETWORKS). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 9 failed login attempts, 9 credential pairs tried across 5 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 14m 36s; 45 events. | 2026-04-09 | |
| IPv4 | 103.82.37.34 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Vietnam (AS149089, CLOUDFLY CORPORATION) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 7 unique usernames. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 16m 1s; 50 events. | 2026-04-09 | |
| IPv4 | 47.98.182.133 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.98.182.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-09 | |
| IPv4 | 193.182.100.54 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 193.182.100.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 134.199.163.73 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 134.199.163.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-09 | |
| IPv4 | 134.199.152.99 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Sydney, Australia (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-09 | |
| IPv4 | 66.132.172.230 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.132.172.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 120.230.181.229 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 120.230.181.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 123.245.85.69 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (123.245.85.69) is likely a commodity attacker targeting healthcare sector infrastructure, observed attempting SSH brute-force access to a honeypot (mdms-hp-01) using default credentials. The low-sophistication attack pattern suggests automated scanning rather than advanced persistent threat activity, with limited impact confined to IT syst... | 2026-04-09 | |
| IPv4 | 167.88.165.94 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata | 2026-04-09 | |
| IPv4 | 47.251.71.112 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.71.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 87.236.176.67 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 45.61.150.59 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata | 2026-04-09 | |
| IPv4 | 118.131.69.86 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 118.131.69.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 128.199.244.247 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 128.199.244.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 175.146.247.67 | Score: 95/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 175.146.247.67 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 23.234.118.157 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 23.234.118.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 84.32.70.213 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Chicago, United States. Observed targeting healthcare sector honeypot mdms-hp-01 via h0neytr4p. 1 events. | 2026-04-09 | |
| IPv4 | 47.88.19.130 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from United States (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 22s; 3 events. | 2026-04-09 | |
| IPv4 | 192.210.233.230 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 192.210.233.230 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to db4lamedtech between 2026-04-09 08:19 and 2026-04-09 08:57 UTC. | 2026-04-09 | |
| IPv4 | 112.94.190.190 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Guangzhou, China (AS17622, China Unicom Guangzhou network). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-09 | |
| IPv4 | 220.167.232.85 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.232.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 20.168.127.116 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.168.127.116 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-09 | |
| IPv4 | 180.111.30.92 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 180.111.30.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 62.210.198.175 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 62.210.198.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 182.119.225.190 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.225.190 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 144.31.48.59 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 144.31.48.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 123.178.210.191 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 123.178.210.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 14.135.74.41 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.41 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 106.117.106.30 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.117.106.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 222.94.32.185 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 222.94.32.185 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 151.33.121.83 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Turin, Italy (AS1267, Wind Tre S.p.A.). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 9 failed login attempts, 9 credential pairs tried across 5 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of 19 malw... | 2026-04-09 | |
| IPv4 | 221.11.51.21 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 221.11.51.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 113.239.226.211 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 113.239.226.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 170.64.176.223 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 170.64.176.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 147.182.143.178 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 147.182.143.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, moderate, port-scan). | 2026-04-09 | |
| IPv4 | 139.135.41.101 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 139.135.41.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 193.163.125.204 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 193.163.125.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 220.158.234.48 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 220.158.234.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 34.68.34.94 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 34.68.34.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 101.249.61.155 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.249.61.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 192.3.226.179 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 192.3.226.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 134.199.155.28 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sydney, Australia (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. 1 events. | 2026-04-09 | |
| IPv4 | 222.94.32.66 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 222.94.32.66 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 180.149.126.4 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 180.149.126.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 58.19.107.105 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Wuhan, China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events. | 2026-04-09 | |
| IPv4 | 58.243.47.134 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.243.47.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 161.35.26.96 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 161.35.26.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 180.149.126.15 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 180.149.126.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 103.75.183.233 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 103.75.183.233 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 36.106.167.57 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 36.106.167.57 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 94.16.120.89 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 94.16.120.89 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 116.178.128.59 | Score: 70/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.128.59 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported). | 2026-04-09 | |
| IPv4 | 112.94.190.133 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 112.94.190.133 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 47.254.177.181 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.177.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 68.173.18.170 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 68.173.18.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 122.96.28.170 | Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 122.96.28.170 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 87.121.84.70 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 87.121.84.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 54.83.180.239 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 54.83.180.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 54.164.106.236 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 54.164.106.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 79.127.217.57 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 79.127.217.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 84.32.48.15 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Chicago, United States (AS204770, UAB Cherry Servers). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events. | 2026-04-09 | |
| IPv4 | 84.32.70.216 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Chicago, United States (AS204770, UAB Cherry Servers). Observed targeting healthcare sector honeypot mdms-hp-01 via honeytrap. duration: 7m 10s; 3 events. | 2026-04-09 | |
| IPv4 | 60.204.193.142 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 60.204.193.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking). | 2026-04-09 | |
| IPv4 | 112.94.190.138 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.94.190.138 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 170.64.177.28 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 170.64.177.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 61.110.195.135 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Seoul, South Korea (AS54994, Meteverse Limited.). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 12 failed login attempts, 12 credential pairs tried across 5 unique usernames, execution of 42 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process k... | 2026-04-09 | |
| IPv4 | 37.19.221.149 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 37.19.221.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 212.102.46.44 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 212.102.46.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 143.198.80.188 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 143.198.80.188 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 36.106.166.207 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.207 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-09 | |
| IPv4 | 123.160.233.30 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.160.233.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 171.37.93.125 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.37.93.125 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 157.20.254.47 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 157.20.254.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 137.184.175.87 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 137.184.175.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 106.117.110.196 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 106.117.110.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 101.249.63.3 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.63.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 112.101.75.9 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 112.101.75.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 134.199.218.93 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 134.199.218.93 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 172.234.203.40 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 172.234.203.40 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);' 2 times when connecting to mdms1 between 2026-04-09 11:00 and 2026-04-09 11:00 UTC. | 2026-04-09 | |
| IPv4 | 64.227.4.54 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 14s; 14 events. | 2026-04-09 | |
| IPv4 | 134.122.33.218 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 134.122.33.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-09 | |
| IPv4 | 47.245.138.1 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.245.138.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 37.19.210.18 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 37.19.210.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 52.188.146.204 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 52.188.146.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 8.222.188.36 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 8.222.188.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 89.232.184.176 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 89.232.184.176 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to db1lapetro between 2026-04-09 11:58 and 2026-04-09 12:41 UTC. | 2026-04-09 | |
| IPv4 | 89.190.156.121 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 89.190.156.121 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to db1lapetro between 2026-04-09 11:57 and 2026-04-09 12:32 UTC. | 2026-04-09 | |
| IPv4 | 145.239.195.38 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 145.239.195.38 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 5 times when connecting to db4lamedtech between 2026-04-09 11:54 and 2026-04-09 11:54 UTC. | 2026-04-09 | |
| IPv4 | 171.37.191.80 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.37.191.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 1.83.125.10 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (1.83.125.10) is likely a commodity attacker originating from Xi'an, China, targeting energy sector systems via SSH brute-force attacks against honeypots like petroleum-hp-01. The actor used automated tools to probe for weak credentials, consistent with low-sophistication threat actors scanning for vulnerable infrastructure. While not... | 2026-04-09 | |
| IPv4 | 116.178.129.231 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.231 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 43.138.40.107 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 43.138.40.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 60.13.7.251 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 116.178.130.127 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.127 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 94.183.178.40 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 94.183.178.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 60.16.215.85 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.16.215.85 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 113.57.187.64 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 113.57.187.64 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 168.144.85.188 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 168.144.85.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 188.166.28.92 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 188.166.28.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 64.78.245.164 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 64.78.245.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 143.202.210.122 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 143.202.210.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 221.207.34.18 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. This IP address (221.207.34.18) is likely a commodity attacker originating from China, targeting healthcare sector honeypots via SSH/Telnet brute-force attempts using honeytrap decoys. The actor exhibited low sophistication, attempting credential guessing against a Cowrie SSH honeypot with no observed malware deployment or persistent acc... | 2026-04-09 | |
| IPv4 | 171.37.191.229 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.37.191.229 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 14.103.116.74 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 14.103.116.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 180.149.126.8 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 180.149.126.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 59.173.109.6 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.6 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 220.250.10.108 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.10.108 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 14.135.75.48 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 14.135.75.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 58.212.237.65 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 58.212.237.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 142.93.219.7 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 142.93.219.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 60.13.7.172 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 60.13.7.172 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 138.197.132.63 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 138.197.132.63 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-09 | |
| IPv4 | 170.64.197.197 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 170.64.197.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 170.64.196.178 | Score: 65/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 170.64.196.178 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 203.101.186.18 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 203.101.186.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 57.129.110.67 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 57.129.110.67 observed using SSH client fingerprint 'Unknown SSH Client (57e4cc8ee36c)' 2 times when connecting to db1lapetro between 2026-04-09 12:49 and 2026-04-09 12:49 UTC. | 2026-04-09 | |
| IPv4 | 159.69.82.29 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 159.69.82.29 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-09 12:39 and 2026-04-09 12:55 UTC. | 2026-04-09 | |
| IPv4 | 14.135.74.152 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. This IP (14.135.74.152) is likely a commodity attacker node associated with automated SSH brute-force campaigns targeting healthcare sector systems. Observed interacting with honeypot medtech-hp-01 via honeytrap, attempting credential access with common username/password pairs. Limited sophistication, consistent with script-based scanning rath... | 2026-04-09 | |
| IPv4 | 47.254.215.142 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.215.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 89.151.188.237 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 89.151.188.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 41.83.126.184 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Dakar, Senegal (AS8346, SONATEL SONATEL-AS Autonomous System). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 5 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), del... | 2026-04-09 | |
| IPv4 | 47.251.27.105 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.27.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 221.207.35.100 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 221.207.35.100 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 111.249.79.131 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 111.249.79.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 194.110.247.62 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 194.110.247.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 210.192.95.22 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 210.192.95.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 47.254.197.50 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.197.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 112.94.188.103 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.188.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 116.178.131.145 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 116.178.131.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 121.29.149.61 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.61 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 123.163.114.170 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.163.114.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 113.101.33.19 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 113.101.33.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute). | 2026-04-09 | |
| IPv4 | 47.250.55.42 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.55.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 165.227.41.228 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 165.227.41.228 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, high). | 2026-04-09 | |
| IPv4 | 185.191.171.16 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.191.171.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 152.32.186.46 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Hong Kong, Hong Kong (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 5 unique usernames, execution of 22 commands (SSH key persistence, password changes, sys... | 2026-04-09 | |
| IPv4 | 38.250.161.250 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Peru (AS3132, Red Cientifica Peruana). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 5 unique usernames, execution of 44 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of 21 malwa... | 2026-04-09 | |
| IPv4 | 59.173.108.140 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.140 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 116.178.131.154 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.154 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 49.142.82.104 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 49.142.82.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 36.95.194.51 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from South Tangerang, Indonesia (AS7713, PT Telekomunikasi Indonesia). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 6 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), ... | 2026-04-09 | |
| IPv4 | 121.7.228.45 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 121.7.228.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 58.212.237.74 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.212.237.74 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 20.101.191.74 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.101.191.74 observed using SSH client fingerprint 'Unknown SSH Client (57e4cc8ee36c)' 2 times when connecting to db1lapetro between 2026-04-09 13:54 and 2026-04-09 13:54 UTC. | 2026-04-09 | |
| IPv4 | 20.98.176.228 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.98.176.228 observed using SSH client fingerprint 'Unknown SSH Client (57e4cc8ee36c)' 2 times when connecting to db1lapetro between 2026-04-09 13:34 and 2026-04-09 13:35 UTC. | 2026-04-09 | |
| IPv4 | 165.154.105.128 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 165.154.105.128 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 7 times when connecting to mdms1 between 2026-04-09 12:37 and 2026-04-09 13:37 UTC. | 2026-04-09 | |
| IPv4 | 182.119.224.112 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.224.112 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-09 | |
| IPv4 | 114.97.191.224 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 114.97.191.224 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 79.135.225.50 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 79.135.225.50 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (15 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 114.97.191.135 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.191.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 209.141.46.254 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 209.141.46.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 118.212.122.214 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. This IP address, likely associated with a commodity attacker or botnet node in China, targeted a healthcare sector honeypot using SSH brute-force attempts. The attacker employed basic credential guessing techniques against the mdms-hp-01 honeytrap, indicating low sophistication and potential use of automated scanning tools. While no malware was det... | 2026-04-09 | |
| IPv4 | 198.199.83.11 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata | 2026-04-09 | |
| IPv4 | 203.110.233.225 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 203.110.233.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 116.178.128.146 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 45.66.249.27 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.66.249.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 84.200.73.111 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 84.200.73.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 171.12.10.158 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.12.10.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 206.189.137.34 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 206.189.137.34 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 45.86.202.113 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 45.86.202.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, hacking, moderate). | 2026-04-09 | |
| IPv4 | 193.93.228.171 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 193.93.228.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 68.183.41.227 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 68.183.41.227 observed using SSH client fingerprint 'Unknown SSH Client (57e4cc8ee36c)' 2 times when connecting to db1lapetro between 2026-04-09 14:50 and 2026-04-09 14:50 UTC. | 2026-04-09 | |
| IPv4 | 52.3.26.180 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 52.3.26.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 175.208.192.186 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 175.208.192.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 180.149.126.7 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 180.149.126.7 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 60.13.7.69 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 58.212.237.91 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 213.57.170.43 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 213.57.170.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 114.97.190.19 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.19 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 36.106.166.113 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 36.106.166.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, low). | 2026-04-09 | |
| IPv4 | 118.145.151.135 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 118.145.151.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-09 | |
| IPv4 | 220.167.233.189 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 182.119.230.124 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.230.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 216.158.233.14 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 216.158.233.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 114.97.191.121 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 220.250.11.109 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.11.109 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 222.176.201.50 | Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 222.176.201.50 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported). | 2026-04-09 | |
| IPv4 | 110.177.181.189 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.181.189 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 59.52.102.11 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.52.102.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 141.95.54.157 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 141.95.54.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 60.13.6.210 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 60.13.6.210 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 59.173.108.191 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.108.191 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 45.149.235.45 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 45.149.235.45 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 2 times when connecting to offbackup1 between 2026-04-09 15:47 and 2026-04-09 15:51 UTC. | 2026-04-09 | |
| IPv4 | 43.134.113.23 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 43.134.113.23 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 28 times when connecting to db1lapetro between 2026-04-09 15:21 and 2026-04-09 15:58 UTC. | 2026-04-09 | |
| IPv4 | 103.180.237.169 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 103.180.237.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 47.153.184.75 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 47.153.184.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 139.59.59.84 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 139.59.59.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 114.97.191.192 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (114.97.191.192) is likely part of a commodity attack group targeting healthcare sector infrastructure via SSH/Telnet brute force attempts against honeypots. Observed interacting with medtech-hp-01 honeytrap using credential stuffing techniques, indicative of low-to-moderate sophistication. The AS4134 (Chinanet)-affiliated IP... | 2026-04-09 | |
| IPv4 | 129.226.90.235 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 129.226.90.235 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 69.5.7.176 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 69.5.7.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 87.121.84.182 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 87.121.84.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 64.227.187.215 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 64.227.187.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 110.177.179.1 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.179.1 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 171.231.198.201 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 171.231.198.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 122.96.28.219 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 122.96.28.219 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3). | 2026-04-09 | |
| IPv4 | 106.4.161.131 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 106.4.161.131 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 67.144.16.170 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 67.144.16.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 221.207.35.82 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 221.208.113.2 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 221.208.113.2 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 139.212.71.248 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 139.212.71.248 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 94.243.9.17 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 94.243.9.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 154.125.100.80 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:reported, abuseipdb:ssh, auth:failed. Attacker IP 154.125.100.80 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 10 times when connecting to db1lapetro between 2026-04-09 16:33 and 2026-04-09 16:50 UTC. | 2026-04-09 | |
| IPv4 | 95.27.16.33 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP 95.27.16.33 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.11 (KHTML, like...' 5 times when connecting to db1lapetro between 2026-04-09 16:28 and 2026-04-09 16:28 UTC. | 2026-04-09 | |
| IPv4 | 146.190.75.198 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 146.190.75.198 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-09 16:17 and 2026-04-09 16:53 UTC. | 2026-04-09 | |
| IPv4 | 20.61.134.254 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.61.134.254 observed using SSH client fingerprint 'Unknown SSH Client (57e4cc8ee36c)' 2 times when connecting to db1lapetro between 2026-04-09 16:16 and 2026-04-09 16:47 UTC. | 2026-04-09 | |
| IPv4 | 46.161.50.109 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 46.161.50.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 51.75.23.120 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 51.75.23.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 51.158.203.246 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 51.158.203.246 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-09 | |
| IPv4 | 147.235.230.235 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 147.235.230.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 5.188.206.202 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 5.188.206.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 68.183.145.138 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata | 2026-04-09 | |
| IPv4 | 3.23.104.96 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 3.23.104.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 192.71.142.40 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 192.71.142.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 94.72.114.183 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 94.72.114.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 27.218.153.243 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 27.218.153.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 171.37.46.191 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.37.46.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 118.212.121.78 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 20.151.141.131 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.151.141.131 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 2 times when connecting to db1lapetro between 2026-04-09 17:51 and 2026-04-09 18:13 UTC. | 2026-04-09 | |
| IPv4 | 103.147.159.91 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.147.159.91 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 27 times when connecting to db1lapetro between 2026-04-09 17:14 and 2026-04-09 17:38 UTC. | 2026-04-09 | |
| IPv4 | 141.148.151.4 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 141.148.151.4 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 11 times when connecting to offbackup1 between 2026-04-09 16:24 and 2026-04-09 17:18 UTC. | 2026-04-09 | |
| IPv4 | 62.84.185.56 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 62.84.185.56 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 181.46.139.99 | Score: 50/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 181.46.139.99 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 167.71.234.118 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 167.71.234.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 147.135.252.182 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 147.135.252.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 20.116.9.125 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.116.9.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 60.13.6.85 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 64.227.182.57 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 64.227.182.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 57.129.139.60 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 57.129.139.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 110.44.217.163 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 110.44.217.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 102.210.148.166 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 102.210.148.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 125.63.74.146 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 125.63.74.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 98.94.27.155 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 98.94.27.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 59.5.190.226 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 59.5.190.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 74.194.5.98 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 74.194.5.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 66.132.186.214 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.186.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 43.134.8.192 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 43.134.8.192 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 35 times when connecting to offbackup1 between 2026-04-09 17:43 and 2026-04-09 18:27 UTC. | 2026-04-09 | |
| IPv4 | 27.79.1.85 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 27.79.1.85 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 13 times when connecting to db4lamedtech between 2026-04-09 17:42 and 2026-04-09 18:35 UTC. | 2026-04-09 | |
| IPv4 | 103.192.80.132 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 103.192.80.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 45.227.254.130 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.227.254.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 45.227.254.132 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.227.254.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 27.47.25.101 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.25.101 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-09 | |
| IPv4 | 111.39.230.69 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 111.39.230.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-09 | |
| IPv4 | 195.46.112.102 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 195.46.112.102 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-09 | |
| IPv4 | 180.95.238.169 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 180.95.238.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 51.158.206.117 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 51.158.206.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 165.22.210.250 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 165.22.210.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 45.79.190.95 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 45.79.190.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 153.99.92.163 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 153.99.92.163 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 168.110.192.182 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 168.110.192.182 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 17 times when connecting to mdms1 between 2026-04-09 19:44 and 2026-04-09 19:44 UTC. | 2026-04-09 | |
| IPv4 | 216.167.32.116 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 216.167.32.116 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to offbackup1 between 2026-04-09 19:27 and 2026-04-09 19:28 UTC. | 2026-04-09 | |
| IPv4 | 185.177.72.67 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 185.177.72.67 observed using HTTP client fingerprint 'HTTP Client: curl/8.7.1' 2917 times when connecting to mdms1 between 2026-04-09 19:09 and 2026-04-09 19:18 UTC. | 2026-04-09 | |
| IPv4 | 136.115.28.36 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:reported-export, abuseipdb:web-attack. Attacker IP 136.115.28.36 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_5) AppleWebKit/605...' 7 times when connecting to mdms1 between 2026-04-09 19:16 and 2026-04-09 19:16 UTC. | 2026-04-09 | |
| IPv4 | 20.4.240.58 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.4.240.58 observed using SSH client fingerprint 'Unknown SSH Client (57e4cc8ee36c)' 2 times when connecting to db1lapetro between 2026-04-09 18:47 and 2026-04-09 20:05 UTC. | 2026-04-09 | |
| IPv4 | 59.173.109.14 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 175.165.82.143 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 175.165.82.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 167.71.28.141 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 14 failed login attempts, 14 credential pairs tried across 6 unique usernames, execution of 42 commands (SSH key persistence, password changes, system reconnaissance, cron ... | 2026-04-09 | |
| IPv4 | 47.254.43.235 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.43.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 125.115.83.105 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 125.115.83.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 24.235.159.202 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 24.235.159.202 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted). | 2026-04-09 | |
| IPv4 | 47.251.241.188 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.241.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 147.182.151.123 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 147.182.151.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 117.187.180.215 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 117.187.180.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 153.99.92.109 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 153.99.92.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 112.169.22.124 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 112.169.22.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 83.168.78.82 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Wroclaw, Poland (AS35179, Korbank S. A.). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 9 failed login attempts, 9 credential pairs tried across 4 unique usernames, execution of 64 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, fi... | 2026-04-09 | |
| IPv4 | 100.29.192.75 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 100.29.192.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 161.97.123.249 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 161.97.123.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 50.116.23.135 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 50.116.23.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 176.65.139.101 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 176.65.139.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands). Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 74.7.241.13 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 74.7.241.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 147.45.60.22 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 147.45.60.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-09 | |
| IPv4 | 59.173.109.121 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-09 | |
| IPv4 | 101.96.192.184 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 101.96.192.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 139.144.29.34 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 139.144.29.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-09 | |
| IPv4 | 43.110.38.5 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 43.110.38.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 47.254.255.111 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.255.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-09 | |
| IPv4 | 212.80.7.21 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Frankfurt am Main, Germany (AS215439, Play2go International Limited). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 5 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron per... | 2026-04-09 | |
| IPv4 | 2.26.105.167 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 2.26.105.167 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to offbackup1 between 2026-04-09 20:40 and 2026-04-09 21:20 UTC. | 2026-04-09 | |
| IPv4 | 47.251.143.69 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.143.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 165.22.210.131 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 165.22.210.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 64.227.172.64 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 64.227.172.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 64.227.162.79 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 64.227.162.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 201.46.124.252 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 201.46.124.252 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 38.137.249.60 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 38.137.249.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 87.121.54.31 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 87.121.54.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 36.154.71.247 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 36.154.71.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-10 | |
| IPv4 | 195.178.110.65 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 195.178.110.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 85.204.70.100 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 85.204.70.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 171.37.47.76 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.37.47.76 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-10 | |
| IPv4 | 47.84.112.68 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.112.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 47.251.101.89 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.101.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 211.14.237.58 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 211.14.237.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 87.236.176.198 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 42.235.54.53 | Score: 85/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 42.235.54.53 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-10 | |
| IPv4 | 189.138.207.197 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 189.138.207.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 121.186.52.165 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 121.186.52.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 85.239.249.51 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 85.239.249.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 93.123.109.180 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 93.123.109.180 observed using TLS client fingerprint 'Unknown TLS Client (490200078131)' 2 times when connecting to mdms1 between 2026-04-09 23:59 and 2026-04-09 23:59 UTC. | 2026-04-10 | |
| IPv4 | 139.9.140.40 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 139.9.140.40 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-04-09 23:35 and 2026-04-09 23:35 UTC. | 2026-04-10 | |
| IPv4 | 83.249.236.122 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 83.249.236.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 110.177.177.243 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.177.243 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-10 | |
| IPv4 | 123.178.210.14 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.178.210.14 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 103.107.182.44 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 103.107.182.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-10 | |
| IPv4 | 206.168.201.202 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 206.168.201.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 113.56.35.44 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 113.56.35.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 221.207.35.4 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (221.207.35.4) is likely a commodity attacker node associated with automated SSH brute-force campaigns targeting healthcare sector devices. Observed interacting with honeypot mdms-hp-01 via honeytrap, attempting credential access with common username/password pairs. Limited sophistication indicated by lack of evasive techniques and re... | 2026-04-10 | |
| IPv4 | 106.4.161.3 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.4.161.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 104.28.158.209 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack, cowrie. Attacker IP 104.28.158.209 observed using TLS client fingerprint 'Unknown TLS Client (8ec17a2c2f8b)' 7 times when connecting to db1lapetro between 2026-04-10 01:06 and 2026-04-10 01:06 UTC. | 2026-04-10 | |
| IPv4 | 189.127.109.198 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 189.127.109.198 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 3 times when connecting to mdms1 between 2026-04-10 00:37 and 2026-04-10 00:37 UTC. | 2026-04-10 | |
| IPv4 | 58.229.188.59 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 58.229.188.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 105.186.197.122 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 105.186.197.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 47.254.32.115 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.32.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 195.184.76.43 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 195.184.76.43 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3). | 2026-04-10 | |
| IPv4 | 192.81.131.174 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 192.81.131.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 171.8.138.90 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.8.138.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 168.144.30.164 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 168.144.30.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 134.209.236.204 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 134.209.236.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 168.144.94.12 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 168.144.94.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 59.173.110.180 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.180 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-10 | |
| IPv4 | 45.56.118.133 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.56.118.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 213.21.253.208 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 213.21.253.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 36.230.47.234 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 36.230.47.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 112.46.214.86 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 112.46.214.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 220.76.162.171 | Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, commands:executed. 220.76.162.171 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-10 | |
| IPv4 | 195.184.76.250 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 195.184.76.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 64.227.186.98 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 64.227.186.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-10 | |
| IPv4 | 184.105.247.220 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 184.105.247.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 58.222.86.210 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 58.222.86.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 200.227.84.242 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 200.227.84.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 66.132.186.240 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.132.186.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 20.87.233.62 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 20.87.233.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-10 | |
| IPv4 | 216.218.206.99 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 216.218.206.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 152.53.245.166 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 152.53.245.166 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 33 times when connecting to offbackup1 between 2026-04-10 01:30 and 2026-04-10 02:07 UTC. | 2026-04-10 | |
| IPv4 | 156.225.21.203 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 156.225.21.203 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 2 times when connecting to mdms1 between 2026-04-10 01:20 and 2026-04-10 01:20 UTC. | 2026-04-10 | |
| IPv4 | 18.97.19.140 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 18.97.19.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 194.34.105.40 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 194.34.105.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, low). | 2026-04-10 | |
| IPv4 | 223.123.41.69 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 223.123.41.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 144.91.94.28 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 144.91.94.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 157.10.48.89 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 157.10.48.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-10 | |
| IPv4 | 47.79.127.194 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 47.79.127.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 52.35.225.205 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 52.35.225.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 74.82.47.12 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 74.82.47.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 96.0.160.144 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 96.0.160.144 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Buil...' 2 times when connecting to db4lamedtech between 2026-04-10 03:03 and 2026-04-10 03:03 UTC. | 2026-04-10 | |
| IPv4 | 163.61.39.161 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 163.61.39.161 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-04-10 02:51 and 2026-04-10 02:52 UTC. | 2026-04-10 | |
| IPv4 | 51.158.248.239 | Score: 50/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 51.158.248.239 observed using TLS client fingerprint 'Unknown TLS Client (1114e3625f56)' 2 times when connecting to mdms1 between 2026-04-10 02:18 and 2026-04-10 02:18 UTC. | 2026-04-10 | |
| IPv4 | 157.230.104.210 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Frankfurt am Main, Germany (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames, delivery of 1 malware sample. 9 events. | 2026-04-10 | |
| IPv4 | 78.36.43.218 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 78.36.43.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 171.15.52.50 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 171.15.52.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-10 | |
| IPv4 | 47.245.113.53 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.245.113.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 209.97.175.8 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 209.97.175.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-10 | |
| IPv4 | 213.55.245.95 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 213.55.245.95 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted). | 2026-04-10 | |
| IPv4 | 111.229.172.2 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 111.229.172.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 47.84.100.48 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.100.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 216.218.206.71 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 216.218.206.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 180.179.236.253 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. This IP (180.179.236.253) is a commodity attacker likely operating from India, targeting healthcare sector systems via SSH brute-force attacks against honeypots like medtech-hp-01 using dionaea. The actor exhibits low-to-medium sophistication, leveraging common credentials and automated scanning tools, with potential impact on medical device n... | 2026-04-10 | |
| IPv4 | 121.204.251.144 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 121.204.251.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 119.152.228.82 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 119.152.228.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 182.150.25.70 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 182.150.25.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 188.143.244.136 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 188.143.244.136 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 X11; Ubuntu; Linux x86_64; rv:126.0 Gecko/201001...' 356 times when connecting to db1lapetro between 2026-04-10 03:44 and 2026-04-10 04:01 UTC. | 2026-04-10 | |
| IPv4 | 2.26.61.107 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 2.26.61.107 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 4 times when connecting to offbackup1 between 2026-04-10 03:27 and 2026-04-10 03:34 UTC. | 2026-04-10 | |
| IPv4 | 103.215.74.185 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP 103.215.74.185 observed using TLS client fingerprint 'Unknown TLS Client (ef0b82154c8b)' 2 times when connecting to mdms1 between 2026-04-10 03:11 and 2026-04-10 03:11 UTC. | 2026-04-10 | |
| IPv4 | 8.211.41.99 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.211.41.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 98.80.4.70 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 98.80.4.70 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 43.135.124.152 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 43.135.124.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 157.230.99.106 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 157.230.99.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 134.122.32.208 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 134.122.32.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 138.197.142.166 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 138.197.142.166 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-10 | |
| IPv4 | 138.197.138.192 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 138.197.138.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 89.238.167.150 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 89.238.167.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high). | 2026-04-10 | |
| IPv4 | 87.236.176.130 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 66.167.147.94 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 66.167.147.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 220.72.32.117 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 220.72.32.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 47.251.185.170 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.185.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 47.251.249.41 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.249.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 167.71.47.74 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 167.71.47.74 observed using HTTP client fingerprint 'HTTP Client (d41d8cd98f00)' 3 times when connecting to db4lamedtech between 2026-04-10 04:46 and 2026-04-10 04:46 UTC. | 2026-04-10 | |
| IPv4 | 61.240.17.66 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 61.240.17.66 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 2 times when connecting to offbackup1 between 2026-04-10 04:40 and 2026-04-10 04:40 UTC. | 2026-04-10 | |
| IPv4 | 51.158.238.87 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 51.158.238.87 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 29 times when connecting to mdms1 between 2026-04-10 04:26 and 2026-04-10 04:27 UTC. | 2026-04-10 | |
| IPv4 | 217.182.194.45 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 217.182.194.45 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-04-10 04:22 and 2026-04-10 04:22 UTC. | 2026-04-10 | |
| IPv4 | 156.227.236.24 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 156.227.236.24 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 88 times when connecting to offbackup1 between 2026-04-10 04:13 and 2026-04-10 04:27 UTC. | 2026-04-10 | |
| IPv4 | 191.101.59.182 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 191.101.59.182 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 33 times when connecting to db1lapetro between 2026-04-10 04:07 and 2026-04-10 05:11 UTC. | 2026-04-10 | |
| IPv4 | 113.226.77.166 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 113.226.77.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 66.167.169.154 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.167.169.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 115.191.50.222 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. 115.191.50.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-10 | |
| IPv4 | 153.99.92.29 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 153.99.92.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-10 | |
| IPv4 | 184.105.139.118 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 184.105.139.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 218.16.60.20 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 218.16.60.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 172.173.200.62 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Washington, United States (AS8075, Microsoft Corporation). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 4 unique usernames, execution of 40 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, pro... | 2026-04-10 | |
| IPv4 | 47.76.228.222 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 47.76.228.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 47.250.148.88 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.148.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 120.48.137.21 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 120.48.137.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 45.81.23.10 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 45.81.23.10 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to db4lamedtech between 2026-04-10 05:30 and 2026-04-10 06:06 UTC. | 2026-04-10 | |
| IPv4 | 203.23.199.88 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 203.23.199.88 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 28 times when connecting to db1lapetro between 2026-04-10 05:04 and 2026-04-10 05:46 UTC. | 2026-04-10 | |
| IPv4 | 15.204.249.142 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 15.204.249.142 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to db1lapetro between 2026-04-10 05:04 and 2026-04-10 05:42 UTC. | 2026-04-10 | |
| IPv4 | 177.234.169.6 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 177.234.169.6 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to db4lamedtech between 2026-04-10 04:47 and 2026-04-10 05:36 UTC. | 2026-04-10 | |
| IPv4 | 176.65.139.111 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 176.65.139.111 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 346 times when connecting to db4lamedtech between 2026-04-10 04:45 and 2026-04-10 05:38 UTC. | 2026-04-10 | |
| IPv4 | 188.143.244.145 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 188.143.244.145 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 X11; Ubuntu; Linux x86_64; rv:126.0 Gecko/201001...' 952 times when connecting to db4lamedtech between 2026-04-10 04:30 and 2026-04-10 05:20 UTC. | 2026-04-10 | |
| IPv4 | 125.43.44.255 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 125.43.44.255 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-10 | |
| IPv4 | 188.30.63.92 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 188.30.63.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-10 | |
| IPv4 | 47.77.223.125 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.77.223.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 122.96.31.148 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 122.96.31.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 122.97.209.199 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 122.97.209.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted). | 2026-04-10 | |
| IPv4 | 125.109.62.39 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 125.109.62.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 172.96.12.33 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 172.96.12.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 47.251.17.127 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.17.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 167.99.133.55 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 167.99.133.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 172.86.69.24 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 172.86.69.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 178.128.229.60 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 178.128.229.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 79.122.53.143 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 79.122.53.143 observed using SSH client fingerprint 'Unknown SSH Client (ae8bd7dd0997)' 2 times when connecting to db4lamedtech between 2026-04-10 07:18 and 2026-04-10 07:18 UTC. | 2026-04-10 | |
| IPv4 | 47.250.161.217 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.250.161.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 159.89.113.170 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.89.113.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 78.187.40.195 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 78.187.40.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 47.89.234.183 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.89.234.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 66.179.139.194 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 66.179.139.194 observed using TLS client fingerprint 'Unknown TLS Client (e3054c7bab8b)' 2 times when connecting to mdms1 between 2026-04-10 07:00 and 2026-04-10 07:00 UTC. | 2026-04-10 | |
| IPv4 | 45.129.185.7 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 45.129.185.7 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-10 06:17 and 2026-04-10 06:58 UTC. | 2026-04-10 | |
| IPv4 | 47.250.137.24 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.137.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 138.68.27.184 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 138.68.27.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 143.244.132.98 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 143.244.132.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 157.245.244.250 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 157.245.244.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 128.199.0.170 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 128.199.0.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 162.243.92.74 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.243.92.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 118.194.252.40 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 118.194.252.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 159.223.214.57 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 159.223.214.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 162.243.91.172 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 162.243.91.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 159.65.42.37 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 159.65.42.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 134.209.5.65 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 134.209.5.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 162.243.207.9 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.243.207.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 185.247.137.210 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 104.236.83.40 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 104.236.83.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 76.11.71.59 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 76.11.71.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 157.245.133.81 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 157.245.133.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 222.176.201.170 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.170 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 27.47.27.106 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.27.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 221.208.113.140 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 221.208.113.140 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 113.57.185.255 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 113.57.185.255 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-10 | |
| IPv4 | 62.164.130.55 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 62.164.130.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 113.45.222.118 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 113.45.222.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-10 | |
| IPv4 | 8.229.217.24 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh. 8.229.217.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-10 | |
| IPv4 | 46.8.237.64 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 46.8.237.64 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 17 times when connecting to db1lapetro between 2026-04-10 07:56 and 2026-04-10 08:22 UTC. | 2026-04-10 | |
| IPv4 | 110.177.179.82 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 110.177.179.82 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 117.40.113.20 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.40.113.20 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 64.227.82.243 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 64.227.82.243 classified as scanning infrastructure conducting network reconnaissance (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (minimal, reported). | 2026-04-10 | |
| IPv4 | 207.154.215.181 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 207.154.215.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 116.140.173.57 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 116.140.173.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 103.72.8.117 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 103.72.8.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 219.151.43.25 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 219.151.43.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 202.107.89.181 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 202.107.89.181 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-10 | |
| IPv4 | 206.212.255.94 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 206.212.255.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 85.239.147.7 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 85.239.147.7 observed using TLS client fingerprint 'Unknown TLS Client (99c7a9678a4d)' 2 times when connecting to db1lapetro between 2026-04-10 09:05 and 2026-04-10 09:05 UTC. | 2026-04-10 | |
| IPv4 | 31.190.21.21 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 31.190.21.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 116.178.128.218 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.178.128.218 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 194.11.246.196 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 194.11.246.196 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 15 times when connecting to db4lamedtech between 2026-04-10 08:47 and 2026-04-10 08:57 UTC. | 2026-04-10 | |
| IPv4 | 103.1.64.36 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 103.1.64.36 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to db1lapetro between 2026-04-10 07:56 and 2026-04-10 08:38 UTC. | 2026-04-10 | |
| IPv4 | 146.190.222.131 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 146.190.222.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate). | 2026-04-10 | |
| IPv4 | 39.126.138.29 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from Busan, South Korea (AS23584, PUSAN CABLE TV SYSTEM CO., LTD.). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. duration: 13s; 2 events. GTI: MALICIOUS | 7/94 engines flagged malicious | AS23584 (PUSAN CABLE TV SYSTEM CO., LTD.) | 1 malicious URL(s) hosted. | 2026-04-10 | |
| IPv4 | 157.156.75.187 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 157.156.75.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 172.179.62.85 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 172.179.62.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-10 | |
| IPv4 | 206.135.161.33 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 206.135.161.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 66.116.205.39 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 66.116.205.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 45.38.41.112 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.38.41.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 20.253.65.175 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 20.253.65.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 77.90.185.45 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 77.90.185.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 183.250.52.220 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 183.250.52.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 44.220.188.223 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. This IP (44.220.188.223) is likely a commodity attacker or botnet node targeting energy sector assets via SSH brute-force attacks against honeypots. Observed initiating 7 rapid connection attempts in 7 seconds using Cowrie, suggesting automated credential stuffing with common username/password pairs. While not highly sophisticated, the focus on energy ... | 2026-04-10 | |
| IPv4 | 113.237.4.86 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 113.237.4.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 213.177.179.26 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 213.177.179.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 111.248.25.26 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 111.248.25.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 124.123.125.62 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 124.123.125.62 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 3 times when connecting to offbackup1 between 2026-04-10 09:27 and 2026-04-10 09:27 UTC. | 2026-04-10 | |
| IPv4 | 118.196.27.130 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 118.196.27.130 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 28 times when connecting to offbackup1 between 2026-04-10 09:13 and 2026-04-10 09:25 UTC. | 2026-04-10 | |
| IPv4 | 157.230.244.194 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 157.230.244.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 206.189.205.240 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 206.189.205.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 114.33.2.111 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 114.33.2.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 47.250.93.212 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.93.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 150.242.202.199 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 150.242.202.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 206.189.49.128 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 206.189.49.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 44.220.185.212 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 44.220.185.212 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, multi-reported, reported). | 2026-04-10 | |
| IPv4 | 47.251.122.183 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.122.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 47.89.209.143 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.89.209.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 159.223.64.146 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 159.223.64.146 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level4). | 2026-04-10 | |
| IPv4 | 185.93.89.128 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.93.89.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 18.97.5.16 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 18.97.5.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-10 | |
| IPv4 | 164.92.252.16 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 164.92.252.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 185.93.89.130 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.93.89.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 106.51.75.252 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 106.51.75.252 observed using SSH client fingerprint 'Unknown SSH Client (57e4cc8ee36c)' 2 times when connecting to db1lapetro between 2026-04-10 10:44 and 2026-04-10 10:44 UTC. | 2026-04-10 | |
| IPv4 | 171.231.198.212 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 171.231.198.212 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 5 times when connecting to db1lapetro between 2026-04-10 10:35 and 2026-04-10 10:49 UTC. | 2026-04-10 | |
| IPv4 | 171.231.195.7 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 171.231.195.7 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 6 times when connecting to mdms1 between 2026-04-10 10:36 and 2026-04-10 10:47 UTC. | 2026-04-10 | |
| IPv4 | 112.164.20.69 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 112.164.20.69 observed using SSH client fingerprint 'Unknown SSH Client (ec7378c1a92f)' 2 times when connecting to db1lapetro between 2026-04-10 10:29 and 2026-04-10 10:29 UTC. | 2026-04-10 | |
| IPv4 | 116.99.168.105 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 116.99.168.105 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 7 times when connecting to db1lapetro between 2026-04-10 09:53 and 2026-04-10 10:23 UTC. | 2026-04-10 | |
| IPv4 | 171.231.199.243 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 171.231.199.243 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 5 times when connecting to mdms1 between 2026-04-10 09:55 and 2026-04-10 10:20 UTC. | 2026-04-10 | |
| IPv4 | 183.221.2.177 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 183.221.2.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 171.25.158.53 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 171.25.158.53 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (44 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 175.107.2.171 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 175.107.2.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 47.251.171.255 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.171.255 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 47.250.125.42 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.250.125.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 124.227.31.52 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.227.31.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-10 | |
| IPv4 | 3.144.120.14 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 3.144.120.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 161.35.227.218 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 161.35.227.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 187.110.238.141 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 187.110.238.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 41.205.23.59 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 41.205.23.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 139.59.5.68 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 139.59.5.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 47.250.194.224 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.194.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 47.251.24.141 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.24.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 139.59.169.42 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 139.59.169.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 177.12.159.176 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 177.12.159.176 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db4lamedtech between 2026-04-10 12:02 and 2026-04-10 12:02 UTC. | 2026-04-10 | |
| IPv4 | 171.244.61.223 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 171.244.61.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 180.111.30.252 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.111.30.252 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 74.82.47.13 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 74.82.47.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 98.80.4.68 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 98.80.4.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-10 | |
| IPv4 | 134.122.94.108 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 134.122.94.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-10 | |
| IPv4 | 194.143.151.52 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 194.143.151.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 47.251.116.61 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.116.61 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 114.116.191.170 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.116.191.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 172.94.9.124 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 172.94.9.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 44.220.185.221 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 44.220.185.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-10 | |
| IPv4 | 69.17.3.51 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 69.17.3.51 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db4lamedtech between 2026-04-10 13:21 and 2026-04-10 13:21 UTC. | 2026-04-10 | |
| IPv4 | 103.143.11.229 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.143.11.229 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 5 times when connecting to db4lamedtech between 2026-04-10 12:22 and 2026-04-10 12:32 UTC. | 2026-04-10 | |
| IPv4 | 159.89.12.99 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 159.89.12.99 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 2 times when connecting to db1lapetro between 2026-04-10 12:01 and 2026-04-10 13:07 UTC. | 2026-04-10 | |
| IPv4 | 112.78.10.55 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 112.78.10.55 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 33 times when connecting to mdms1 between 2026-04-10 11:53 and 2026-04-10 12:39 UTC. | 2026-04-10 | |
| IPv4 | 191.17.128.97 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 191.17.128.97 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 33 times when connecting to mdms1 between 2026-04-10 11:54 and 2026-04-10 12:42 UTC. | 2026-04-10 | |
| IPv4 | 167.235.75.226 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 167.235.75.226 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 2 times when connecting to db1lapetro between 2026-04-10 11:48 and 2026-04-10 12:54 UTC. | 2026-04-10 | |
| IPv4 | 168.144.25.246 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 168.144.25.246 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 50 times when connecting to mdms1 between 2026-04-10 12:29 and 2026-04-10 12:35 UTC. | 2026-04-10 | |
| IPv4 | 45.15.227.120 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.15.227.120 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 172.105.158.122 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 172.105.158.122 classified as scanning infrastructure conducting network reconnaissance (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (low, port-scan, reported). | 2026-04-10 | |
| IPv4 | 121.29.84.157 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 151.115.99.198 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 151.115.99.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-10 | |
| IPv4 | 1.193.63.45 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.193.63.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 123.245.84.236 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 150.95.27.209 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 150.95.27.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 105.225.40.120 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 105.225.40.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 161.132.38.88 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 161.132.38.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 86.150.104.142 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 86.150.104.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 172.110.223.85 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata | 2026-04-10 | |
| IPv4 | 172.245.111.212 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 172.245.111.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 221.207.34.5 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 221.207.34.5 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 85.198.109.186 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 85.198.109.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 103.97.176.199 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 103.97.176.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 18.97.26.122 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 18.97.26.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-10 | |
| IPv4 | 221.199.73.92 | Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.199.73.92 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-10 | |
| IPv4 | 66.132.186.250 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 66.132.186.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 66.228.34.203 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 66.228.34.203 observed using TLS client fingerprint 'Unknown TLS Client (bd5aa1685e2f)' 41 times when connecting to offbackup1 between 2026-04-10 13:48 and 2026-04-10 13:50 UTC. | 2026-04-10 | |
| IPv4 | 171.36.6.43 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.36.6.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 156.67.30.132 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 156.67.30.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 46.151.182.166 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 46.151.182.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 107.173.111.128 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 107.173.111.128 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 18.97.19.178 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 18.97.19.178 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 103.239.185.31 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.239.185.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 47.251.107.237 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.107.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 47.251.243.238 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.243.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 184.105.247.212 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 184.105.247.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 78.24.220.190 | Score: 80/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported. 78.24.220.190 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (ddos, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 20.238.64.167 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.238.64.167 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 76 times when connecting to db4lamedtech between 2026-04-10 15:26 and 2026-04-10 15:27 UTC. | 2026-04-10 | |
| IPv4 | 34.19.127.177 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 34.19.127.177 observed using TLS client fingerprint 'Unknown TLS Client (154048e4d80d)' 2 times when connecting to offbackup1 between 2026-04-10 15:22 and 2026-04-10 15:22 UTC. | 2026-04-10 | |
| IPv4 | 112.122.237.138 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.122.237.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 80.82.70.40 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 80.82.70.40 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 2 times when connecting to db1lapetro between 2026-04-10 14:59 and 2026-04-10 14:59 UTC. | 2026-04-10 | |
| IPv4 | 172.213.0.120 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 172.213.0.120 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 167 times when connecting to db4lamedtech between 2026-04-10 14:35 and 2026-04-10 14:35 UTC. | 2026-04-10 | |
| IPv4 | 46.24.47.94 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 46.24.47.94 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to offbackup1 between 2026-04-10 14:10 and 2026-04-10 14:52 UTC. | 2026-04-10 | |
| IPv4 | 103.69.96.120 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.69.96.120 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-10 14:09 and 2026-04-10 14:54 UTC. | 2026-04-10 | |
| IPv4 | 194.87.110.24 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 194.87.110.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 60.13.7.44 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.44 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-10 | |
| IPv4 | 59.173.110.3 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.3 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-10 | |
| IPv4 | 182.42.111.156 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 182.42.111.156 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 119.3.230.28 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 119.3.230.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 47.89.251.186 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.89.251.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 162.240.163.162 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.240.163.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-10 | |
| IPv4 | 47.77.227.171 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.77.227.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 144.31.220.105 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 144.31.220.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 114.116.234.89 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 114.116.234.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-10 | |
| IPv4 | 51.158.180.252 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 51.158.180.252 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-10 | |
| IPv4 | 98.95.152.161 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 98.95.152.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 218.46.54.50 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 218.46.54.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 198.163.193.211 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 198.163.193.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-10 | |
| IPv4 | 167.71.133.68 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 167.71.133.68 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 zgrab/0.x' 3 times when connecting to db1lapetro between 2026-04-10 16:07 and 2026-04-10 16:07 UTC. | 2026-04-10 | |
| IPv4 | 156.245.246.50 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 156.245.246.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 112.94.188.36 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 112.94.188.36 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-10 | |
| IPv4 | 47.89.244.160 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.89.244.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 47.77.222.124 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.77.222.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 36.106.166.15 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 36.41.172.191 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 36.41.172.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 68.183.22.137 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 68.183.22.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-10 | |
| IPv4 | 115.191.66.84 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from China (AS137718, Beijing Volcano Engine Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 4 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persist... | 2026-04-10 | |
| IPv4 | 209.38.249.119 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 209.38.249.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-10 | |
| IPv4 | 5.183.102.33 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 5.183.102.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 220.123.74.61 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 220.123.74.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 165.154.231.46 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Tokyo, Japan (AS142002, Scloud Pte Ltd) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 7 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persisten... | 2026-04-10 | |
| IPv4 | 47.250.95.66 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.95.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 176.131.118.162 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 176.131.118.162 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-10 | |
| IPv4 | 62.84.185.67 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP 62.84.185.67 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-04-10 17:21 and 2026-04-10 17:22 UTC. | 2026-04-10 | |
| IPv4 | 47.254.200.126 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.200.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 106.4.161.202 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 106.4.161.202 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-10 | |
| IPv4 | 204.168.200.190 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 204.168.200.190 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-04-10 16:58 and 2026-04-10 16:58 UTC. | 2026-04-10 | |
| IPv4 | 163.172.139.67 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 163.172.139.67 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 10 times when connecting to db1lapetro between 2026-04-10 16:43 and 2026-04-10 16:44 UTC. | 2026-04-10 | |
| IPv4 | 103.188.170.216 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Jakarta, Indonesia (AS58369, PT. Fiber Networks Indonesia). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username, execution of 1 commands (system reconnaissance), delivery of 1 malware sample. SSH client: SSH-2.0-Go (HASSH: 1... | 2026-04-10 | |
| IPv4 | 14.225.206.111 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Vietnam (AS135905, VIETNAM POSTS AND TELECOMMUNICATIONS GROUP). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username, execution of 1 commands (system reconnaissance), delivery of 1 malware sample. SSH client: SSH-2.0-Go (HA... | 2026-04-10 | |
| IPv4 | 62.73.120.45 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 62.73.120.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 42.240.131.211 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 42.240.131.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 46.29.167.168 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 46.29.167.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 120.78.9.93 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 120.78.9.93 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 36.255.40.133 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 36.255.40.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 194.187.179.105 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 194.187.179.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-10 | |
| IPv4 | 47.251.121.118 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.121.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 4.145.113.4 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 4.145.113.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 36.106.167.18 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.106.167.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-10 | |
| IPv4 | 47.109.207.100 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.109.207.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 47.84.102.225 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.102.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 47.88.94.31 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.88.94.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 47.250.83.82 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.83.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 192.42.116.52 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.42.116.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level2); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-10 | |
| IPv4 | 103.203.46.133 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 103.203.46.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 68.221.64.41 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 68.221.64.41 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 126 times when connecting to db4lamedtech between 2026-04-10 18:08 and 2026-04-10 18:08 UTC. | 2026-04-10 | |
| IPv4 | 165.154.6.127 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 165.154.6.127 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to mdms1 between 2026-04-10 17:16 and 2026-04-10 17:56 UTC. | 2026-04-10 | |
| IPv4 | 172.237.38.213 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 172.237.38.213 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 352 times when connecting to mdms1 between 2026-04-10 17:13 and 2026-04-10 17:50 UTC. | 2026-04-10 | |
| IPv4 | 120.230.142.96 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 120.230.142.96 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db4lamedtech between 2026-04-10 17:06 and 2026-04-10 17:41 UTC. | 2026-04-10 | |
| IPv4 | 115.71.233.62 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from South Korea (AS45996, DAOU TECHNOLOGY). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username, execution of 1 commands (system reconnaissance), delivery of 1 malware sample. SSH client: SSH-2.0-Go (HASSH: 16443846184e...);... | 2026-04-10 | |
| IPv4 | 80.223.197.75 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 80.223.197.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 51.77.210.64 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 51.77.210.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 60.13.7.202 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.202 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 27.47.27.149 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.27.149 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 167.99.1.98 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 167.99.1.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 194.187.179.244 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 207.154.230.149 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Frankfurt am Main, Germany (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames, execution of 3 commands (system reconnaissance), delivery of 4 malware samples. SSH client: SS... | 2026-04-10 | |
| IPv4 | 194.187.179.16 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 194.187.179.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-10 | |
| IPv4 | 47.251.105.107 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.105.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 216.73.216.154 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. Attacker IP 216.73.216.154 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl...' 2 times when connecting to db1lapetro between 2026-04-10 18:52 and 2026-04-10 18:52 UTC. | 2026-04-10 | |
| IPv4 | 149.22.83.17 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:reported. Attacker IP 149.22.83.17 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-04-10 18:48 and 2026-04-10 18:49 UTC. | 2026-04-10 | |
| IPv4 | 161.97.98.178 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 161.97.98.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 185.39.204.145 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.39.204.145 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 118.196.152.44 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 118.196.152.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 105.184.2.50 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 105.184.2.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 87.121.84.8 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.121.84.8 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 157.137.190.85 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 157.137.190.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 169.40.5.44 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Riga, Latvia (AS42532, SIA VEESP). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 14 failed login attempts, 14 credential pairs tried across 8 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of 19 malware... | 2026-04-10 | |
| IPv4 | 194.187.179.232 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 193.163.125.125 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.163.125.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 194.187.179.246 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 122.96.28.159 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 122.96.28.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 88.147.173.55 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 88.147.173.55 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 2 times when connecting to mdms1 between 2026-04-10 19:48 and 2026-04-10 19:48 UTC. | 2026-04-10 | |
| IPv4 | 149.13.56.148 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 149.13.56.148 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to db1lapetro between 2026-04-10 19:26 and 2026-04-10 19:59 UTC. | 2026-04-10 | |
| IPv4 | 117.207.219.205 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 117.207.219.205 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to mdms1 between 2026-04-10 18:46 and 2026-04-10 19:37 UTC. | 2026-04-10 | |
| IPv4 | 123.245.85.70 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.245.85.70 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-10 | |
| IPv4 | 160.30.172.107 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 160.30.172.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 117.13.174.68 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.13.174.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 132.145.122.251 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 132.145.122.251 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (22 commands), 5 malware samples. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 170.254.229.191 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Bogotá, Colombia (AS27951, Media Commerce Partners S.A). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 5 unique usernames, execution of 42 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, proc... | 2026-04-10 | |
| IPv4 | 47.254.206.59 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.206.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 66.167.166.175 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.167.166.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 103.168.58.222 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.168.58.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 194.187.179.185 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 194.187.179.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-10 | |
| IPv4 | 117.24.15.132 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. Attacker IP 117.24.15.132 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-04-10 21:10 and 2026-04-10 21:11 UTC. | 2026-04-10 | |
| IPv4 | 52.5.136.60 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 52.5.136.60 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 497 times when connecting to db4lamedtech between 2026-04-10 21:01 and 2026-04-10 21:02 UTC. | 2026-04-10 | |
| IPv4 | 172.213.241.33 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 172.213.241.33 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 144 times when connecting to db4lamedtech between 2026-04-10 20:58 and 2026-04-10 20:58 UTC. | 2026-04-10 | |
| IPv4 | 77.105.132.10 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 77.105.132.10 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to db1lapetro between 2026-04-10 20:26 and 2026-04-10 21:00 UTC. | 2026-04-10 | |
| IPv4 | 34.174.2.115 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, fatt. Attacker IP 34.174.2.115 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20...' 7 times when connecting to mdms1 between 2026-04-10 19:50 and 2026-04-10 19:50 UTC. | 2026-04-10 | |
| IPv4 | 104.236.48.124 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Clifton, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username, execution of 1 commands (system reconnaissance), delivery of 1 malware sample. SSH client: SS... | 2026-04-10 | |
| IPv4 | 66.116.199.61 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Mumbai, India (AS31898, Oracle Corporation). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username, execution of 1 commands (system reconnaissance), delivery of 1 malware sample. SSH client: SSH-2.0-Go (HASSH: 16443846184e...)... | 2026-04-10 | |
| IPv4 | 216.167.35.4 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 216.167.35.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 194.187.179.65 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 206.135.174.78 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 206.135.174.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 47.77.218.221 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.77.218.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-10 | |
| IPv4 | 27.47.26.56 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 27.47.26.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-10 | |
| IPv4 | 182.119.224.70 | Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.224.70 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-10 | |
| IPv4 | 162.240.107.28 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 162.240.107.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 218.64.60.241 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 218.64.60.241 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-10 | |
| IPv4 | 47.88.28.30 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.88.28.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-10 | |
| IPv4 | 77.2.34.152 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 77.2.34.152 observed using SSH client fingerprint 'Unknown SSH Client (ec7378c1a92f)' 3 times when connecting to offbackup1 between 2026-04-10 22:24 and 2026-04-10 22:24 UTC. | 2026-04-10 | |
| IPv4 | 117.40.114.6 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.40.114.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-10 | |
| IPv4 | 47.251.92.23 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.92.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 112.46.213.79 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 112.46.213.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 85.100.41.138 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 85.100.41.138 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-11 | |
| IPv4 | 110.177.177.99 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.177.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 194.187.179.154 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 151.115.167.144 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 151.115.167.144 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 29 times when connecting to mdms1 between 2026-04-10 23:20 and 2026-04-10 23:21 UTC. | 2026-04-11 | |
| IPv4 | 20.203.232.30 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.203.232.30 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 144 times when connecting to mdms1 between 2026-04-10 22:58 and 2026-04-10 22:59 UTC. | 2026-04-11 | |
| IPv4 | 43.153.136.231 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 43.153.136.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 194.187.179.217 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ftp-brute, hacking). | 2026-04-11 | |
| IPv4 | 82.67.205.95 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 82.67.205.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 23.88.103.45 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 23.88.103.45 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-11 | |
| IPv4 | 47.250.89.137 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.89.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 27.40.98.231 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 27.40.98.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 122.189.240.118 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 122.189.240.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-11 | |
| IPv4 | 45.10.175.17 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.10.175.17 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: FireHOL (firehol_anonymous, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 183.205.179.132 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 183.205.179.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 47.251.122.40 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.122.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 101.68.47.35 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 101.68.47.35 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-11 | |
| IPv4 | 136.144.253.66 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 136.144.253.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 194.187.179.175 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 194.187.179.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 66.23.115.214 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.23.115.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 89.190.156.34 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 89.190.156.34 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 5 times when connecting to db4lamedtech between 2026-04-11 00:09 and 2026-04-11 00:09 UTC. | 2026-04-11 | |
| IPv4 | 103.166.182.35 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.166.182.35 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 22 times when connecting to offbackup1 between 2026-04-10 23:39 and 2026-04-11 00:36 UTC. | 2026-04-11 | |
| IPv4 | 64.23.180.110 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 64.23.180.110 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 22 times when connecting to offbackup1 between 2026-04-10 23:37 and 2026-04-11 00:31 UTC. | 2026-04-11 | |
| IPv4 | 165.154.6.138 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 165.154.6.138 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to mdms1 between 2026-04-10 23:29 and 2026-04-11 00:09 UTC. | 2026-04-11 | |
| IPv4 | 194.187.179.233 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 194.187.179.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-11 | |
| IPv4 | 36.106.166.31 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 36.106.166.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-11 | |
| IPv4 | 223.199.190.109 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 223.199.190.109 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-11 | |
| IPv4 | 47.254.53.137 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.53.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 64.188.119.33 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Frankfurt am Main, Germany (AS215590, DpkgSoft International Limited). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 12 failed login attempts, 12 credential pairs tried across 9 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron p... | 2026-04-11 | |
| IPv4 | 117.174.82.51 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 117.174.82.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 47.251.126.2 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.126.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 27.47.26.55 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.26.55 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-11 | |
| IPv4 | 36.230.29.221 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 36.230.29.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 66.167.147.115 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 66.167.147.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 185.247.137.163 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 137.74.16.121 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 137.74.16.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 110.177.180.232 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.180.232 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-11 | |
| IPv4 | 223.123.73.177 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 223.123.73.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 47.254.28.41 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.28.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 18.97.5.25 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 18.97.5.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 91.92.242.68 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 91.92.242.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 171.213.222.77 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 171.213.222.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 108.61.119.34 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 108.61.119.34 observed using TLS client fingerprint 'Unknown TLS Client (9de7749151c7)' 2 times when connecting to db1lapetro between 2026-04-11 02:08 and 2026-04-11 02:28 UTC. | 2026-04-11 | |
| IPv4 | 204.168.234.56 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP 204.168.234.56 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-04-11 01:43 and 2026-04-11 01:43 UTC. | 2026-04-11 | |
| IPv4 | 14.248.82.58 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 14.248.82.58 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 22 times when connecting to mdms1 between 2026-04-11 01:05 and 2026-04-11 01:48 UTC. | 2026-04-11 | |
| IPv4 | 34.19.127.213 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 34.19.127.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-11 | |
| IPv4 | 193.104.222.138 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 193.104.222.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, low). | 2026-04-11 | |
| IPv4 | 78.128.113.46 | Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 78.128.113.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 171.12.10.133 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.12.10.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 114.97.190.75 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.75 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-11 | |
| IPv4 | 194.187.179.176 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 194.187.179.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 198.23.212.13 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Buffalo, United States (AS36352, HostPapa). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 8 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of 19 m... | 2026-04-11 | |
| IPv4 | 4.172.1.22 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 4.172.1.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 47.251.181.61 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.181.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 194.187.179.161 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 65.49.20.116 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 65.49.20.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 36.140.97.130 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP 36.140.97.130 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 2 times when connecting to mdms1 between 2026-04-11 02:42 and 2026-04-11 02:42 UTC. | 2026-04-11 | |
| IPv4 | 209.38.69.153 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 209.38.69.153 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to db1lapetro between 2026-04-11 02:14 and 2026-04-11 02:51 UTC. | 2026-04-11 | |
| IPv4 | 90.25.145.86 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 90.25.145.86 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 32 times when connecting to db1lapetro between 2026-04-11 02:11 and 2026-04-11 02:54 UTC. | 2026-04-11 | |
| IPv4 | 47.84.137.176 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.137.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 47.251.175.17 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.175.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 49.207.243.57 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 49.207.243.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 92.186.69.254 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 92.186.69.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 182.119.231.48 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.231.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 65.49.20.82 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 65.49.20.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 194.187.179.241 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 44.220.188.243 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 44.220.188.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 43.99.72.107 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 43.99.72.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 194.187.179.66 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 194.187.179.111 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 171.231.187.107 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 171.231.187.107 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 16 times when connecting to db4lamedtech between 2026-04-11 03:51 and 2026-04-11 04:42 UTC. | 2026-04-11 | |
| IPv4 | 171.231.185.170 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 171.231.185.170 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 9 times when connecting to offbackup1 between 2026-04-11 03:51 and 2026-04-11 04:39 UTC. | 2026-04-11 | |
| IPv4 | 114.55.175.13 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 114.55.175.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 209.99.188.250 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 209.99.188.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands). Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 133.205.53.190 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 133.205.53.190 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-11 | |
| IPv4 | 47.250.55.77 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.55.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 140.245.121.61 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 140.245.121.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 2 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 189.154.188.221 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Chihuahua City, Mexico (AS8151, UNINET). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 7 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of 19 malwa... | 2026-04-11 | |
| IPv4 | 93.158.91.12 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 93.158.91.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 58.210.7.34 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 58.210.7.34 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 216.218.206.94 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 216.218.206.94 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-11 | |
| IPv4 | 152.42.176.32 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 152.42.176.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 180.111.30.254 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. This IP (180.111.30.254) is likely a botnet node conducting SSH brute-force attacks against energy sector honeypots, specifically targeting petroleum-hp-01 via honeytrap interactions. The attacker used common credential patterns and command-line interface techniques, indicating low sophistication but potential for reconnaissance against critical infrastructure. | 2026-04-11 | |
| IPv4 | 193.163.125.234 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 193.163.125.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 150.5.135.108 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. This IP (150.5.135.108) is likely a botnet node associated with Byteplus Pte. Ltd., observed conducting SSH brute-force attacks against healthcare sector honeypots using Cowrie. The attacker attempted credential access with generic usernames/passwords, indicating moderate sophistication and focus on exploiting weak SSH configurations in medical... | 2026-04-11 | |
| IPv4 | 194.107.115.11 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 194.107.115.11 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to db1lapetro between 2026-04-11 06:24 and 2026-04-11 07:05 UTC. | 2026-04-11 | |
| IPv4 | 47.77.233.162 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.77.233.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 98.80.4.127 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 98.80.4.127 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-11 | |
| IPv4 | 47.77.223.200 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.77.223.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 171.36.7.151 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.7.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 194.187.179.12 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 58.19.141.27 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.19.141.27 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-11 | |
| IPv4 | 114.97.190.113 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 114.97.190.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 1.83.125.157 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.157 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-11 | |
| IPv4 | 101.249.61.181 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 101.249.61.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 185.247.137.118 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 47.250.188.105 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.188.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 47.251.117.187 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.117.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 103.214.20.198 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 103.214.20.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 144.31.81.21 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 144.31.81.21 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-04-11 07:46 and 2026-04-11 07:46 UTC. | 2026-04-11 | |
| IPv4 | 222.95.168.24 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.95.168.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 106.4.161.238 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.4.161.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 47.251.7.228 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.7.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 59.52.102.111 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.52.102.111 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-11 | |
| IPv4 | 47.254.39.203 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.39.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 194.187.179.113 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, hacking). | 2026-04-11 | |
| IPv4 | 194.187.179.2 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted). | 2026-04-11 | |
| IPv4 | 219.121.50.86 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 219.121.50.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 47.254.95.208 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.95.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 47.251.105.241 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.105.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 194.187.179.19 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 101.249.61.235 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 101.249.61.235 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low). | 2026-04-11 | |
| IPv4 | 31.133.0.235 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 31.133.0.235 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (iPad; CPU OS 13_4_1 like Mac OS X) AppleWebKit/...' 7 times when connecting to db1lapetro between 2026-04-11 08:51 and 2026-04-11 08:51 UTC. | 2026-04-11 | |
| IPv4 | 172.200.23.68 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 172.200.23.68 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 20 times when connecting to db1lapetro between 2026-04-11 07:54 and 2026-04-11 09:23 UTC. | 2026-04-11 | |
| IPv4 | 47.254.202.19 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.202.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 203.156.216.10 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 203.156.216.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 47.254.213.222 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.213.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 123.12.227.40 | Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.12.227.40 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-11 | |
| IPv4 | 146.88.241.98 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 146.88.241.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 47.254.72.143 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.72.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 116.178.131.160 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.160 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-11 | |
| IPv4 | 171.37.190.244 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.37.190.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 100.29.192.35 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 100.29.192.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 14.135.75.23 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.75.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 110.177.183.136 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.183.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 180.95.238.183 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 47.88.89.31 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.88.89.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 47.89.251.210 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.89.251.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 27.47.24.80 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.24.80 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-11 | |
| IPv4 | 194.187.179.62 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 149.88.88.251 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 149.88.88.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 194.187.179.199 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 45.38.41.162 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 45.38.41.162 observed using SSH client fingerprint 'Unknown SSH Client (63ae64767f33)' 3 times when connecting to offbackup1 between 2026-04-11 09:56 and 2026-04-11 09:56 UTC. | 2026-04-11 | |
| IPv4 | 114.34.91.48 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 114.34.91.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 139.135.41.22 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 139.135.41.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 182.46.8.246 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 182.46.8.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 149.56.160.225 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 149.56.160.225 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; Dataprovider.com)' 2 times when connecting to mdms1 between 2026-04-11 11:21 and 2026-04-11 11:21 UTC. | 2026-04-11 | |
| IPv4 | 106.117.111.176 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 106.117.111.176 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-11 | |
| IPv4 | 121.29.85.58 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 121.29.85.58 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-11 | |
| IPv4 | 91.144.21.210 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 91.144.21.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 194.187.179.31 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-11 | |
| IPv4 | 167.71.56.9 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 167.71.56.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-11 | |
| IPv4 | 60.13.6.63 | Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 60.13.6.63 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-11 | |
| IPv4 | 122.222.214.14 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 122.222.214.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 116.178.129.101 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 116.178.129.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 206.135.169.79 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 206.135.169.79 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-11 | |
| IPv4 | 121.165.59.62 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 121.165.59.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 203.161.30.162 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 203.161.30.162 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-11 | |
| IPv4 | 194.187.179.164 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 194.187.179.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-11 | |
| IPv4 | 128.140.59.195 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 128.140.59.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-11 | |
| IPv4 | 52.176.211.73 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 52.176.211.73 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-11 11:25 and 2026-04-11 12:06 UTC. | 2026-04-11 | |
| IPv4 | 51.68.107.151 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 51.68.107.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 18.97.26.121 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 18.97.26.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute). | 2026-04-11 | |
| IPv4 | 64.226.101.186 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 64.226.101.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 101.249.63.0 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.249.63.0 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 220.167.232.209 | Score: 95/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.232.209 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-11 | |
| IPv4 | 202.112.47.27 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 202.112.47.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 191.101.59.198 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from City of London, United Kingdom (AS42831, UK Dedicated Servers Limited) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 4 unique usernames, execution of 13 commands (system reconnaissance, cron persistence), deliv... | 2026-04-11 | |
| IPv4 | 58.243.47.13 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.243.47.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 114.97.191.51 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 58.19.83.65 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.19.83.65 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-11 | |
| IPv4 | 183.136.170.167 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 183.136.170.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-11 | |
| IPv4 | 222.95.168.81 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 222.95.168.81 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-11 | |
| IPv4 | 176.236.20.181 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 176.236.20.181 observed using SSH client fingerprint 'Unknown SSH Client (ae8bd7dd0997)' 2 times when connecting to mdms1 between 2026-04-11 12:59 and 2026-04-11 12:59 UTC. | 2026-04-11 | |
| IPv4 | 152.89.170.227 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 152.89.170.227 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 35 times when connecting to db4lamedtech between 2026-04-11 12:36 and 2026-04-11 13:19 UTC. | 2026-04-11 | |
| IPv4 | 4.240.82.91 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 4.240.82.91 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 11 times when connecting to db1lapetro between 2026-04-11 12:00 and 2026-04-11 13:09 UTC. | 2026-04-11 | |
| IPv4 | 124.117.193.217 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. This attacker IP (124.117.193.217) is likely a commodity attacker associated with automated SSH brute-force campaigns targeting healthcare sector infrastructure. Observed attempting access to honeypot mdms-hp-01 using credential patterns consistent with default or weak usernames/passwords, and linked to 1 known communicating malware sample. Th... | 2026-04-11 | |
| IPv4 | 103.163.220.35 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported. 103.163.220.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-11 | |
| IPv4 | 104.139.21.165 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 104.139.21.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking). | 2026-04-11 | |
| IPv4 | 109.199.118.129 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 109.199.118.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 192.42.116.144 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 192.42.116.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 36.106.166.129 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 182.16.77.98 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 182.16.77.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 23.95.191.205 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 23.95.191.205 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to db4lamedtech between 2026-04-11 13:36 and 2026-04-11 14:13 UTC. | 2026-04-11 | |
| IPv4 | 14.135.75.49 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 14.135.75.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-11 | |
| IPv4 | 182.119.231.173 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.231.173 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-11 | |
| IPv4 | 47.251.45.2 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.251.45.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 182.138.158.175 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 182.138.158.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 153.37.96.38 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 153.37.96.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 221.207.34.212 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 59.50.28.13 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 59.50.28.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 116.178.131.180 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 45.135.194.20 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 45.135.194.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 118.212.122.8 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.8 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-11 | |
| IPv4 | 72.255.26.49 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 72.255.26.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 217.76.44.36 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 217.76.44.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 112.46.212.84 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.212.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 112.46.213.22 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.213.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 57.129.35.242 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, cowrie. Attacker IP 57.129.35.242 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 2 times when connecting to mdms1 between 2026-04-11 16:30 and 2026-04-11 16:30 UTC. | 2026-04-11 | |
| IPv4 | 47.251.248.226 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.248.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 39.175.51.58 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 39.175.51.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 47.84.132.63 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.84.132.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 143.255.104.79 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 143.255.104.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 51.83.7.81 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP 51.83.7.81 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-04-11 15:45 and 2026-04-11 15:45 UTC. | 2026-04-11 | |
| IPv4 | 195.85.207.253 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 195.85.207.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 90.189.152.114 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 90.189.152.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 46.236.108.125 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 46.236.108.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 112.46.212.225 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.212.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 173.255.236.134 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 173.255.236.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 47.254.72.52 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.254.72.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 45.205.1.28 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 45.205.1.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 118.212.121.152 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 217.60.61.246 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 217.60.61.246 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-04-11 16:03 and 2026-04-11 17:08 UTC. | 2026-04-11 | |
| IPv4 | 85.225.135.184 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 85.225.135.184 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 110.36.64.245 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 110.36.64.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 87.229.95.144 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 87.229.95.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute). | 2026-04-11 | |
| IPv4 | 93.39.209.147 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 93.39.209.147 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 120.48.20.170 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Beijing, China (AS38365, Beijing Baidu Netcom Science and Technology Co., Ltd.). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 4 unique usernames, execution of 44 commands (SSH key persistence, password changes, system reconnaissance, ... | 2026-04-11 | |
| IPv4 | 178.104.116.220 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Nuremberg, Germany (AS24940, Hetzner Online GmbH) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 6 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance... | 2026-04-11 | |
| IPv4 | 59.151.214.29 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 59.151.214.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 112.185.73.211 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 112.185.73.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 206.42.14.196 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Juazeiro do Norte, Brazil (AS28126, BRISANET SERVICOS DE TELECOMUNICACOES S.A). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 5 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissan... | 2026-04-11 | |
| IPv4 | 140.235.83.44 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 140.235.83.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 213.210.4.113 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 213.210.4.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 72.255.32.80 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 72.255.32.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 212.51.34.197 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 212.51.34.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 47.250.159.245 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.159.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 220.190.103.234 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 220.190.103.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 191.101.59.180 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 191.101.59.180 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to db4lamedtech between 2026-04-11 17:11 and 2026-04-11 18:08 UTC. | 2026-04-11 | |
| IPv4 | 209.38.28.81 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 209.38.28.81 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, port-scan). | 2026-04-11 | |
| IPv4 | 38.159.51.82 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 38.159.51.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 213.230.92.123 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 213.230.92.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 47.250.132.207 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.132.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 125.3.238.102 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 125.3.238.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 103.26.86.66 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 103.26.86.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 143.110.255.189 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 143.110.255.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 47.251.122.225 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.122.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 14.161.0.184 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 14.161.0.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 47.77.232.193 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.77.232.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 47.251.117.128 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.117.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 220.95.27.68 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 220.95.27.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 194.187.179.123 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 182.88.190.100 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.88.190.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 87.251.64.149 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 87.251.64.149 observed using SSH client fingerprint 'Unknown SSH Client (0dacd4756084)' 4 times when connecting to offbackup1 between 2026-04-11 19:24 and 2026-04-11 19:24 UTC. | 2026-04-11 | |
| IPv4 | 170.64.135.47 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 170.64.135.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 170.64.143.42 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 170.64.143.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 182.119.231.70 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.231.70 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-11 | |
| IPv4 | 49.0.83.157 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 49.0.83.157 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to offbackup1 between 2026-04-11 18:02 and 2026-04-11 18:47 UTC. | 2026-04-11 | |
| IPv4 | 194.187.179.39 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 177.157.200.55 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 177.157.200.55 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (22 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 61.77.171.12 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 61.77.171.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 185.244.152.15 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 185.244.152.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, low). | 2026-04-11 | |
| IPv4 | 18.97.26.65 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 18.97.26.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-11 | |
| IPv4 | 84.54.70.8 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 84.54.70.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 50.212.175.97 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 50.212.175.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 194.187.179.252 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 134.199.175.140 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 134.199.175.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 213.230.86.28 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 213.230.86.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 134.199.169.226 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 134.199.169.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 194.187.179.163 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 194.187.179.86 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 47.251.251.235 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.251.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 110.93.219.131 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 110.93.219.131 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to offbackup1 between 2026-04-11 20:01 and 2026-04-11 20:45 UTC. | 2026-04-11 | |
| IPv4 | 27.79.3.114 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 27.79.3.114 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 13 times when connecting to db4lamedtech between 2026-04-11 19:52 and 2026-04-11 20:43 UTC. | 2026-04-11 | |
| IPv4 | 203.161.47.131 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 203.161.47.131 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to db1lapetro between 2026-04-11 19:51 and 2026-04-11 20:33 UTC. | 2026-04-11 | |
| IPv4 | 27.79.45.116 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 27.79.45.116 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 4 times when connecting to offbackup1 between 2026-04-11 19:48 and 2026-04-11 19:54 UTC. | 2026-04-11 | |
| IPv4 | 148.230.169.229 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from León, Mexico (AS22884, TOTAL PLAY TELECOMUNICACIONES SA DE CV). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 8 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron per... | 2026-04-11 | |
| IPv4 | 192.36.109.78 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 192.36.109.78 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-11 | |
| IPv4 | 194.187.179.254 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-11 | |
| IPv4 | 44.220.185.200 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 44.220.185.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 190.217.148.227 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 190.217.148.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 82.180.144.91 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 82.180.144.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 47.250.119.77 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.119.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 85.11.167.49 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 85.11.167.49 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, l...' 19 times when connecting to db4lamedtech between 2026-04-11 21:41 and 2026-04-11 21:42 UTC. | 2026-04-11 | |
| IPv4 | 194.187.179.71 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 137.59.230.221 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 137.59.230.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 221.162.202.105 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 221.162.202.105 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-11 | |
| IPv4 | 172.245.219.236 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 172.245.219.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 103.159.54.61 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.159.54.61 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 26 times when connecting to mdms1 between 2026-04-11 20:12 and 2026-04-11 21:11 UTC. | 2026-04-11 | |
| IPv4 | 103.112.173.212 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 103.112.173.212 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 33 times when connecting to offbackup1 between 2026-04-11 20:11 and 2026-04-11 21:01 UTC. | 2026-04-11 | |
| IPv4 | 38.54.89.62 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 38.54.89.62 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to offbackup1 between 2026-04-11 20:10 and 2026-04-11 20:54 UTC. | 2026-04-11 | |
| IPv4 | 223.199.185.199 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 223.199.185.199 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-11 | |
| IPv4 | 41.38.31.34 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 41.38.31.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 190.181.25.210 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 190.181.25.210 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 114.216.178.3 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.216.178.3 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-11 | |
| IPv4 | 212.56.33.224 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 212.56.33.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 123.136.31.130 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 123.136.31.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 59.173.110.172 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.172 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-11 | |
| IPv4 | 207.237.36.173 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 207.237.36.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 85.208.96.211 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. This IP (85.208.96.211) is likely a commodity attacker targeting healthcare sector systems, observed probing a medtech honeypot (medtech-hp-01) using SSH brute-force attacks via the Tanner tool. The actor demonstrates low sophistication, relying on automated scanning and credential stuffing rather than advanced evasion techniques, with limited imp... | 2026-04-11 | |
| IPv4 | 47.89.192.3 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.89.192.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 194.187.179.4 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-11 | |
| IPv4 | 47.250.132.90 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.132.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 1.213.196.20 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 1.213.196.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-11 | |
| IPv4 | 36.132.36.134 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 36.132.36.134 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-04-11 22:23 and 2026-04-11 22:24 UTC. | 2026-04-11 | |
| IPv4 | 58.250.244.36 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.250.244.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-11 | |
| IPv4 | 47.251.124.111 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.124.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-11 | |
| IPv4 | 59.103.104.249 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 59.103.104.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 182.138.158.201 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 182.138.158.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-11 | |
| IPv4 | 121.29.85.218 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.85.218 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-11 | |
| IPv4 | 13.71.185.179 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 13.71.185.179 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 149 times when connecting to db4lamedtech between 2026-04-11 21:53 and 2026-04-11 21:54 UTC. | 2026-04-11 | |
| IPv4 | 124.71.216.119 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 124.71.216.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 20.204.245.187 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.204.245.187 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (22 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 163.172.181.174 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 163.172.181.174 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 151.115.167.154 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 151.115.167.154 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 194.187.179.192 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 194.187.179.70 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 194.187.179.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 185.247.137.185 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 192.42.116.109 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 192.42.116.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 151.115.167.157 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 151.115.167.157 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-12 | |
| IPv4 | 151.115.85.114 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 151.115.85.114 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-12 | |
| IPv4 | 62.210.236.178 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 62.210.236.178 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 114.97.190.60 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 111.220.121.80 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 111.220.121.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 47.88.6.39 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.88.6.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 185.191.171.18 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.191.171.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 134.199.164.116 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 134.199.164.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 47.251.75.100 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.75.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 58.212.237.155 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 44.220.185.220 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 44.220.185.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 87.121.84.27 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 87.121.84.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 182.122.225.176 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.122.225.176 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-12 | |
| IPv4 | 47.251.170.194 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.170.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 170.64.236.226 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 170.64.236.226 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. | 2026-04-12 | |
| IPv4 | 194.187.179.145 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 194.187.179.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 152.42.219.80 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 152.42.219.80 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 87.106.46.37 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 87.106.46.37 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (22 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, port-scan). | 2026-04-12 | |
| IPv4 | 36.106.166.253 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 47.251.110.209 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.110.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 182.8.179.253 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 182.8.179.253 observed using SSH client fingerprint 'Unknown SSH Client (ec7378c1a92f)' 2 times when connecting to db1lapetro between 2026-04-12 00:41 and 2026-04-12 00:41 UTC. | 2026-04-12 | |
| IPv4 | 194.187.179.157 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 112.94.189.55 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.189.55 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-12 | |
| IPv4 | 44.220.185.118 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 44.220.185.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 194.187.179.52 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 194.187.179.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, low). | 2026-04-12 | |
| IPv4 | 114.111.19.3 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 114.111.19.3 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-04-12 00:01 and 2026-04-12 00:01 UTC. | 2026-04-12 | |
| IPv4 | 77.83.39.9 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. Attacker IP 77.83.39.9 observed using TLS client fingerprint 'Unknown TLS Client (e1db13f18329)' 2 times when connecting to mdms1 between 2026-04-11 23:05 and 2026-04-12 00:12 UTC. | 2026-04-12 | |
| IPv4 | 146.190.160.173 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 146.190.160.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 129.204.44.106 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 129.204.44.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 194.187.179.15 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 194.187.179.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 125.247.224.101 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 125.247.224.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 209.38.252.191 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 209.38.252.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 206.81.8.49 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 206.81.8.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 173.12.128.65 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 173.12.128.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 160.250.28.60 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 160.250.28.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 194.187.179.56 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate). | 2026-04-12 | |
| IPv4 | 1.176.134.230 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 1.176.134.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 47.250.134.160 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.134.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 51.107.69.180 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 51.107.69.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 27.47.24.201 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 62.210.198.225 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 62.210.198.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 77.83.39.84 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 77.83.39.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 119.96.193.72 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 119.96.193.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 103.234.53.69 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 103.234.53.69 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-12 00:36 and 2026-04-12 01:17 UTC. | 2026-04-12 | |
| IPv4 | 172.236.165.193 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 172.236.165.193 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 233 times when connecting to mdms1 between 2026-04-12 00:20 and 2026-04-12 00:57 UTC. | 2026-04-12 | |
| IPv4 | 146.190.160.173 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 146.190.160.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 129.204.44.106 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 129.204.44.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 194.187.179.15 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 194.187.179.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 125.247.224.101 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 125.247.224.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 209.38.252.191 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 209.38.252.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 206.81.8.49 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 206.81.8.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 173.12.128.65 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 173.12.128.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 160.250.28.60 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 160.250.28.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 194.187.179.56 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate). | 2026-04-12 | |
| IPv4 | 1.176.134.230 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 1.176.134.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 47.250.134.160 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.134.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 51.107.69.180 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 51.107.69.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 27.47.24.201 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 62.210.198.225 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 62.210.198.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 77.83.39.84 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 77.83.39.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 119.96.193.72 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 119.96.193.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 103.234.53.69 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 103.234.53.69 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-12 00:36 and 2026-04-12 01:17 UTC. | 2026-04-12 | |
| IPv4 | 172.236.165.193 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 172.236.165.193 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 233 times when connecting to mdms1 between 2026-04-12 00:20 and 2026-04-12 00:57 UTC. | 2026-04-12 | |
| IPv4 | 59.173.110.207 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 59.173.110.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 158.158.50.95 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 158.158.50.95 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 125 times when connecting to db4lamedtech between 2026-04-12 02:50 and 2026-04-12 02:51 UTC. | 2026-04-12 | |
| IPv4 | 129.212.229.210 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 129.212.229.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 112.122.236.27 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 112.122.236.27 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-12 | |
| IPv4 | 45.23.218.218 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 45.23.218.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 150.5.133.80 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 150.5.133.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 43.226.47.158 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 43.226.47.158 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 3 times when connecting to db1lapetro between 2026-04-12 02:25 and 2026-04-12 02:43 UTC. | 2026-04-12 | |
| IPv4 | 129.121.84.193 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 129.121.84.193 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-04-12 02:20 and 2026-04-12 02:20 UTC. | 2026-04-12 | |
| IPv4 | 20.106.207.8 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 20.106.207.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 20.188.56.38 | Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 20.188.56.38 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Geck...' 6 times when connecting to db4lamedtech between 2026-04-12 01:40 and 2026-04-12 02:40 UTC. | 2026-04-12 | |
| IPv4 | 51.103.48.226 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 51.103.48.226 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 10 times when connecting to db1lapetro between 2026-04-12 01:21 and 2026-04-12 02:21 UTC. | 2026-04-12 | |
| IPv4 | 153.0.85.201 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 153.0.85.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 185.70.189.82 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.70.189.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 98.80.4.117 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 98.80.4.117 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-12 | |
| IPv4 | 47.251.85.219 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.85.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 45.156.87.239 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 45.156.87.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 47.89.211.155 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.89.211.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 134.122.10.99 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 134.122.10.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate). | 2026-04-12 | |
| IPv4 | 103.186.136.136 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 103.186.136.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 20.104.18.4 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.104.18.4 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 128 times when connecting to mdms1 between 2026-04-12 03:42 and 2026-04-12 03:42 UTC. | 2026-04-12 | |
| IPv4 | 218.146.163.192 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 218.146.163.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 118.212.121.218 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 118.212.121.218 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-12 | |
| IPv4 | 165.154.255.63 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 165.154.255.63 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 16 times when connecting to mdms1 between 2026-04-12 03:20 and 2026-04-12 03:30 UTC. | 2026-04-12 | |
| IPv4 | 220.250.11.166 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.11.166 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-12 | |
| IPv4 | 101.249.60.51 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.60.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, low). | 2026-04-12 | |
| IPv4 | 20.220.11.224 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.220.11.224 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 127 times when connecting to db4lamedtech between 2026-04-12 03:05 and 2026-04-12 03:06 UTC. | 2026-04-12 | |
| IPv4 | 61.246.117.234 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 61.246.117.234 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 26 times when connecting to mdms1 between 2026-04-12 02:39 and 2026-04-12 03:24 UTC. | 2026-04-12 | |
| IPv4 | 103.162.54.10 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.162.54.10 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to db1lapetro between 2026-04-12 02:29 and 2026-04-12 03:12 UTC. | 2026-04-12 | |
| IPv4 | 59.173.110.84 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.84 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-12 | |
| IPv4 | 171.36.6.179 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.36.6.179 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-12 | |
| IPv4 | 84.54.70.32 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 84.54.70.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 212.8.39.73 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 212.8.39.73 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 45.156.87.57 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 45.156.87.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 47.251.92.96 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.92.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 161.35.183.194 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 161.35.183.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 193.32.162.35 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 193.32.162.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 43.157.163.155 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from São Paulo, Brazil (AS132203, Tencent Building, Kejizhongyi Avenue). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 3 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron... | 2026-04-12 | |
| IPv4 | 114.97.190.129 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 58.58.34.138 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 58.58.34.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 213.230.86.52 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 213.230.86.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 47.254.254.177 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.254.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 101.132.145.132 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 101.132.145.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 162.243.4.24 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.243.4.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 193.163.125.43 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.163.125.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 180.218.17.160 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 180.218.17.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 123.163.114.194 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (123.163.114.194) is likely a commodity attacker node originating from China, targeting healthcare sector SSH services via brute-force attacks against honeypots like medtech-hp-01. The actor used basic credential-guessing techniques (likely default or common credentials) and was detected interacting with Cowrie SSH honeypot infrastr... | 2026-04-12 | |
| IPv4 | 116.178.129.23 | Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 106.13.48.156 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.13.48.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 74.82.47.36 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 74.82.47.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 168.144.22.140 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 168.144.22.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking). | 2026-04-12 | |
| IPv4 | 200.32.52.150 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 200.32.52.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 204.76.203.26 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 204.76.203.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 162.241.149.132 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 162.241.149.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 47.251.168.140 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.251.168.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 182.119.230.93 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 182.119.230.93 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-12 | |
| IPv4 | 13.70.185.98 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 13.70.185.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-12 | |
| IPv4 | 167.71.239.213 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 167.71.239.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-12 | |
| IPv4 | 222.239.251.12 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 222.239.251.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 38.250.161.100 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 38.250.161.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 103.151.140.79 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 103.151.140.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 134.209.149.241 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 134.209.149.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 103.124.227.91 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:unlisted. 103.124.227.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, reported). | 2026-04-12 | |
| IPv4 | 155.248.226.63 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 155.248.226.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 196.189.51.210 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Addis Ababa, Ethiopia (AS24757, Ethiopian Telecommunication Corporation). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 6 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, ... | 2026-04-12 | |
| IPv4 | 158.220.120.76 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 5 unique usernames, execution of 3 commands (SSH key persistence), delivery of 3 malware samples. SSH client: SSH-2.0-libssh_0.11.1 (HAS... | 2026-04-12 | |
| IPv4 | 51.68.107.154 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 51.68.107.154 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v2.0.5; http://mj12bot.com/...' 2 times when connecting to db4lamedtech between 2026-04-12 06:22 and 2026-04-12 06:22 UTC. | 2026-04-12 | |
| IPv4 | 103.190.92.210 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 103.190.92.210 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 30 times when connecting to db1lapetro between 2026-04-12 05:56 and 2026-04-12 06:49 UTC. | 2026-04-12 | |
| IPv4 | 190.19.15.203 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 190.19.15.203 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to db4lamedtech between 2026-04-12 05:32 and 2026-04-12 06:21 UTC. | 2026-04-12 | |
| IPv4 | 109.199.112.65 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. 109.199.112.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, moderate). | 2026-04-12 | |
| IPv4 | 47.77.237.102 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.77.237.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 94.23.145.5 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 94.23.145.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 103.18.6.159 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 103.18.6.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, multi-reported). | 2026-04-12 | |
| IPv4 | 130.12.180.103 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 130.12.180.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level1); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 118.33.70.70 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.33.70.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-12 | |
| IPv4 | 1.34.10.66 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 1.34.10.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 212.237.123.47 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 212.237.123.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 103.25.128.128 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 103.25.128.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 47.77.228.132 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.77.228.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 161.132.47.188 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 161.132.47.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 210.222.46.15 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. 210.222.46.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-12 | |
| IPv4 | 5.253.86.209 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 5.253.86.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 109.199.117.201 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 109.199.117.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-12 | |
| IPv4 | 201.219.220.130 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 201.219.220.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 1.214.42.172 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 1.214.42.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 134.122.91.88 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Frankfurt am Main, Germany (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 6 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron per... | 2026-04-12 | |
| IPv4 | 47.251.140.192 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.140.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 115.31.161.150 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 115.31.161.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 82.59.149.159 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 82.59.149.159 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute). | 2026-04-12 | |
| IPv4 | 118.212.123.30 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.123.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 121.29.85.150 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 121.29.85.150 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-12 | |
| IPv4 | 34.173.5.154 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 34.173.5.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high). | 2026-04-12 | |
| IPv4 | 72.10.32.138 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 72.10.32.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 51.68.111.242 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 51.68.111.242 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v2.0.5; http://mj12bot.com/...' 2 times when connecting to mdms1 between 2026-04-12 07:14 and 2026-04-12 07:14 UTC. | 2026-04-12 | |
| IPv4 | 206.189.138.110 | Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 206.189.138.110 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-12 | |
| IPv4 | 183.91.220.148 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 183.91.220.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 204.152.195.212 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 204.152.195.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 121.174.109.57 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.174.109.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-12 | |
| IPv4 | 14.1.106.60 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 14.1.106.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 103.74.21.58 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 103.74.21.58 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-12 | |
| IPv4 | 47.254.169.202 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.169.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 47.251.113.251 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.113.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 87.236.176.117 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 87.236.176.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 139.59.24.177 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 139.59.24.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 37.19.198.236 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 37.19.198.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 167.99.238.53 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 167.99.238.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-12 | |
| IPv4 | 82.223.83.53 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 82.223.83.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 203.137.116.112 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 203.137.116.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 102.216.134.50 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 102.216.134.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 220.167.232.244 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.244 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-12 | |
| IPv4 | 210.209.70.188 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 210.209.70.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 103.48.183.137 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 103.48.183.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 121.167.209.164 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.167.209.164 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 213.230.86.97 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 213.230.86.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 195.250.20.75 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 195.250.20.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 192.36.109.214 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. Attacker IP 192.36.109.214 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 2 times when connecting to mdms1 between 2026-04-12 08:21 and 2026-04-12 08:21 UTC. | 2026-04-12 | |
| IPv4 | 138.68.246.29 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 138.68.246.29 observed using TLS client fingerprint 'Unknown TLS Client (5103125acceb)' 2 times when connecting to db1lapetro between 2026-04-12 08:07 and 2026-04-12 08:07 UTC. | 2026-04-12 | |
| IPv4 | 178.160.229.255 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 178.160.229.255 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-12 07:43 and 2026-04-12 08:36 UTC. | 2026-04-12 | |
| IPv4 | 45.56.100.245 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 45.56.100.245 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 248 times when connecting to db4lamedtech between 2026-04-12 07:45 and 2026-04-12 08:25 UTC. | 2026-04-12 | |
| IPv4 | 182.119.228.150 | Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.228.150 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-12 | |
| IPv4 | 47.251.125.100 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.125.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 116.178.128.246 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.246 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-12 | |
| IPv4 | 84.54.70.40 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 84.54.70.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 43.156.245.55 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 43.156.245.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 98.80.4.71 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 98.80.4.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 45.148.10.118 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.148.10.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level1); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 44.220.188.171 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 44.220.188.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 66.167.169.23 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 66.167.169.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 51.79.244.188 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 51.79.244.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 100.29.192.33 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 100.29.192.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 77.79.133.28 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 77.79.133.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 168.144.66.16 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 168.144.66.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 216.218.206.92 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 216.218.206.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 112.93.118.55 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 112.93.118.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 184.105.139.113 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 184.105.139.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 109.123.240.147 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 109.123.240.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 45.148.10.82 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.148.10.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 36.106.166.105 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.105 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (reported). | 2026-04-12 | |
| IPv4 | 64.227.134.80 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 64.227.134.80 observed using SSH client fingerprint 'Unknown SSH Client (b21d7cdcc813)' 2 times when connecting to offbackup1 between 2026-04-12 09:28 and 2026-04-12 09:28 UTC. | 2026-04-12 | |
| IPv4 | 185.242.226.93 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.242.226.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 64.227.132.71 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 64.227.132.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 45.148.10.98 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 45.148.10.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 184.105.139.99 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 184.105.139.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 103.121.172.18 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported. 103.121.172.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 14.103.123.67 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 14.103.123.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 62.84.180.250 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, fire... | 2026-04-12 | |
| IPv4 | 43.228.104.39 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 43.228.104.39 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to mdms1 between 2026-04-12 09:09 and 2026-04-12 09:13 UTC. | 2026-04-12 | |
| IPv4 | 103.215.74.213 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.215.74.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 213.209.159.225 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 213.209.159.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 125.39.148.106 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 125.39.148.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-12 | |
| IPv4 | 1.222.50.93 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 1.222.50.93 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-12 | |
| IPv4 | 213.230.87.1 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 213.230.87.1 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-12 | |
| IPv4 | 186.4.136.216 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 186.4.136.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 186.121.249.157 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 186.121.249.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 80.96.109.132 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 80.96.109.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 47.250.120.163 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.120.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 186.96.208.111 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 186.96.208.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 209.38.96.68 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 209.38.96.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 195.178.110.133 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 195.178.110.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level1); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 216.9.224.75 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 216.9.224.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 116.172.201.135 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. This IP (116.172.201.135) is likely a commodity attacker node targeting healthcare sector systems via SSH brute-force attacks against honeypots. Observed using Cowrie honeypot interactions with basic credential patterns, indicating low sophistication. Limited impact confined to honeypot engagement, though poses potential risk to healthcare infrastructure i... | 2026-04-12 | |
| IPv4 | 59.173.108.68 | Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.68 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-12 | |
| IPv4 | 194.187.176.153 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 194.187.176.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 159.65.237.21 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 159.65.237.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 220.250.11.122 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.11.122 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-12 | |
| IPv4 | 185.247.137.7 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 67.102.7.130 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 67.102.7.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 194.187.176.171 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 194.187.176.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 154.68.43.62 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 154.68.43.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 73.155.61.239 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 73.155.61.239 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-12 | |
| IPv4 | 164.92.219.185 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 164.92.219.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 47.121.27.80 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.121.27.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 170.64.130.197 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 170.64.130.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 194.187.176.239 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 194.187.176.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 124.225.66.97 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 124.225.66.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 68.235.46.11 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 68.235.46.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, low). | 2026-04-12 | |
| IPv4 | 159.65.3.47 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 159.65.3.47 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 130 times when connecting to db1lapetro between 2026-04-12 11:39 and 2026-04-12 11:39 UTC. | 2026-04-12 | |
| IPv4 | 194.187.176.67 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 194.187.176.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 121.101.132.206 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 121.101.132.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 1.24.16.104 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 1.24.16.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 194.187.176.8 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 194.187.176.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 212.237.120.146 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 212.237.120.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-12 | |
| IPv4 | 106.75.67.28 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 106.75.67.28 observed using HTTP client fingerprint 'HTTP Client: Go-http-client/1.1' 4 times when connecting to db1lapetro between 2026-04-12 11:21 and 2026-04-12 11:21 UTC. | 2026-04-12 | |
| IPv4 | 45.148.10.166 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 45.148.10.166 observed using TLS client fingerprint 'Unknown TLS Client (7cd520ec1448)' 2 times when connecting to db1lapetro between 2026-04-12 11:19 and 2026-04-12 11:29 UTC. | 2026-04-12 | |
| IPv4 | 123.58.215.82 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 123.58.215.82 observed using TLS client fingerprint 'Unknown TLS Client (60877a328763)' 2 times when connecting to db1lapetro between 2026-04-12 11:20 and 2026-04-12 11:20 UTC. | 2026-04-12 | |
| IPv4 | 34.19.127.197 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP 34.19.127.197 observed using TLS client fingerprint 'Unknown TLS Client (a78d297f5ace)' 2 times when connecting to offbackup1 between 2026-04-12 11:25 and 2026-04-12 11:25 UTC. | 2026-04-12 | |
| IPv4 | 172.104.13.106 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 172.104.13.106 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 247 times when connecting to db1lapetro between 2026-04-12 11:13 and 2026-04-12 11:50 UTC. | 2026-04-12 | |
| IPv4 | 185.227.153.14 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.227.153.14 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 33 times when connecting to offbackup1 between 2026-04-12 10:46 and 2026-04-12 11:29 UTC. | 2026-04-12 | |
| IPv4 | 45.148.10.246 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 45.148.10.246 observed using TLS client fingerprint 'Unknown TLS Client (7cd520ec1448)' 2 times when connecting to db4lamedtech between 2026-04-12 10:53 and 2026-04-12 11:18 UTC. | 2026-04-12 | |
| IPv4 | 106.54.44.144 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 106.54.44.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 27.47.26.219 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.26.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 103.168.66.237 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.168.66.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 58.212.237.48 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 47.245.136.27 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.136.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 194.187.176.55 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 194.187.176.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 47.251.242.251 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.242.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 47.251.99.107 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.251.99.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 45.148.10.50 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.148.10.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 14.63.165.16 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 14.63.165.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-12 | |
| IPv4 | 194.26.192.49 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 194.26.192.49 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 3 times when connecting to db4lamedtech between 2026-04-12 12:22 and 2026-04-12 12:22 UTC. | 2026-04-12 | |
| IPv4 | 47.251.125.118 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.125.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 34.19.127.212 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. IP observed in Suricata network metadata | 2026-04-12 | |
| IPv4 | 123.58.219.3 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 123.58.219.3 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to mdms1 between 2026-04-12 11:58 and 2026-04-12 12:37 UTC. | 2026-04-12 | |
| IPv4 | 41.71.37.96 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 41.71.37.96 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-12 11:53 and 2026-04-12 12:40 UTC. | 2026-04-12 | |
| IPv4 | 213.225.13.156 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 213.225.13.156 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-12 11:50 and 2026-04-12 12:36 UTC. | 2026-04-12 | |
| IPv4 | 171.231.192.123 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 171.231.192.123 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 15 times when connecting to db4lamedtech between 2026-04-12 11:49 and 2026-04-12 12:44 UTC. | 2026-04-12 | |
| IPv4 | 27.79.5.188 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 27.79.5.188 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 20 times when connecting to offbackup1 between 2026-04-12 11:48 and 2026-04-12 12:43 UTC. | 2026-04-12 | |
| IPv4 | 27.151.4.72 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 27.151.4.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 47.89.247.91 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.89.247.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 49.143.16.204 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 49.143.16.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 122.96.28.164 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. This attacker IP from Nanjing, China, is likely a low-sophistication commodity actor targeting energy sector infrastructure via SSH/Telnet brute-force attacks. Observed attempting access to the petroleum-hp-01 honeypot using credential stuffing techniques, with no confirmed malware or persistent access achieved. Limited impact due to lack of advanced ... | 2026-04-12 | |
| IPv4 | 150.5.169.138 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 150.5.169.138 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 62.3.56.187 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 62.3.56.187 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 45.56.100.151 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Cedar Knolls, United States (AS63949, Akamai Connected Cloud) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 122 failed login attempts, 122 credential pairs tried across 84 unique usernames, execution of 1 commands (system reconnaissance), delivery of 1 malware ... | 2026-04-12 | |
| IPv4 | 194.187.176.71 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 194.187.176.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 134.209.202.247 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP 134.209.202.247 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to db1lapetro between 2026-04-12 13:47 and 2026-04-12 13:47 UTC. | 2026-04-12 | |
| IPv4 | 117.251.207.153 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 117.251.207.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 20.223.165.215 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.223.165.215 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 51 times when connecting to db4lamedtech between 2026-04-12 13:07 and 2026-04-12 13:07 UTC. | 2026-04-12 | |
| IPv4 | 150.5.133.61 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 150.5.133.61 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 2 times when connecting to db4lamedtech between 2026-04-12 12:51 and 2026-04-12 13:03 UTC. | 2026-04-12 | |
| IPv4 | 110.177.180.99 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.180.99 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported). | 2026-04-12 | |
| IPv4 | 177.124.87.41 | Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 177.124.87.41 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-12 | |
| IPv4 | 175.107.1.121 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 175.107.1.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 44.220.185.108 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 44.220.185.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-12 | |
| IPv4 | 194.187.176.110 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 194.187.176.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 68.221.68.131 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 68.221.68.131 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 24 times when connecting to db4lamedtech between 2026-04-12 14:49 and 2026-04-12 14:49 UTC. | 2026-04-12 | |
| IPv4 | 88.151.34.241 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:reported. Attacker IP 88.151.34.241 observed using TLS client fingerprint 'Unknown TLS Client (c023668399b5)' 27 times when connecting to mdms1 between 2026-04-12 14:50 and 2026-04-12 14:50 UTC. | 2026-04-12 | |
| IPv4 | 47.250.184.9 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.184.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 110.159.167.23 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 110.159.167.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 37.187.226.31 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 37.187.226.31 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 3 times when connecting to db1lapetro between 2026-04-12 14:30 and 2026-04-12 14:33 UTC. | 2026-04-12 | |
| IPv4 | 213.230.93.122 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 213.230.93.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 1.83.125.213 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 161.142.117.212 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:reported, abuseipdb:web-attack, abuseipdb:well-known. 161.142.117.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking). | 2026-04-12 | |
| IPv4 | 4.204.218.1 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 4.204.218.1 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 60 times when connecting to db4lamedtech between 2026-04-12 15:57 and 2026-04-12 15:57 UTC. | 2026-04-12 | |
| IPv4 | 194.187.179.178 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 101.126.143.152 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 101.126.143.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 194.187.176.47 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 194.187.176.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 139.59.59.23 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 139.59.59.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 45.226.233.70 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 45.226.233.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 45.135.194.4 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.135.194.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 106.12.28.251 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 106.12.28.251 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, hacking, port-scan). | 2026-04-12 | |
| IPv4 | 64.227.142.225 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 64.227.142.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 58.212.237.161 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 115.190.138.108 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 115.190.138.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 194.187.176.106 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 194.187.176.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 183.178.138.26 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 183.178.138.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 142.182.171.150 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 142.182.171.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 196.189.237.184 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export, abuseipdb:ssh. Attacker IP 196.189.237.184 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 28 times when connecting to mdms1 between 2026-04-12 15:17 and 2026-04-12 16:00 UTC. | 2026-04-12 | |
| IPv4 | 43.163.107.154 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 43.163.107.154 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to offbackup1 between 2026-04-12 15:08 and 2026-04-12 15:49 UTC. | 2026-04-12 | |
| IPv4 | 203.194.113.123 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 203.194.113.123 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 30 times when connecting to db4lamedtech between 2026-04-12 14:22 and 2026-04-12 15:07 UTC. | 2026-04-12 | |
| IPv4 | 179.51.143.110 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 179.51.143.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, low). | 2026-04-12 | |
| IPv4 | 194.187.176.21 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 194.187.176.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 60.178.15.57 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 60.178.15.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute). | 2026-04-12 | |
| IPv4 | 222.176.200.158 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-12 | |
| IPv4 | 36.106.167.16 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 47.254.255.62 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.255.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 172.213.234.16 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 172.213.234.16 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 143 times when connecting to db4lamedtech between 2026-04-12 16:46 and 2026-04-12 16:47 UTC. | 2026-04-12 | |
| IPv4 | 222.176.201.113 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-12 | |
| IPv4 | 139.135.42.5 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 139.135.42.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 117.174.97.117 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 117.174.97.117 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 3 times when connecting to mdms1 between 2026-04-12 16:32 and 2026-04-12 16:32 UTC. | 2026-04-12 | |
| IPv4 | 45.130.83.226 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 45.130.83.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, low). | 2026-04-12 | |
| IPv4 | 45.130.83.231 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 45.130.83.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, low). | 2026-04-12 | |
| IPv4 | 45.130.83.218 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 45.130.83.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low). | 2026-04-12 | |
| IPv4 | 45.130.83.225 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 45.130.83.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, hacking, low). | 2026-04-12 | |
| IPv4 | 45.130.83.228 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:firehol_abusers_30d. 45.130.83.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, low, reported). | 2026-04-12 | |
| IPv4 | 222.176.200.61 | Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.61 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate). | 2026-04-12 | |
| IPv4 | 45.130.83.234 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:firehol_abusers_30d. 45.130.83.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, low, reported). | 2026-04-12 | |
| IPv4 | 18.191.173.38 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 18.191.173.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 101.96.202.144 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 101.96.202.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute). | 2026-04-12 | |
| IPv4 | 51.83.40.140 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 51.83.40.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 31.54.193.52 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 31.54.193.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 87.236.176.144 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 194.187.176.193 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 194.187.176.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 194.187.179.125 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 175.107.212.45 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 175.107.212.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 177.193.215.120 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 177.193.215.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 47.250.175.231 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.175.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 88.225.210.207 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 88.225.210.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 51.68.236.95 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 51.68.236.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 87.106.173.222 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:reported. 87.106.173.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 143.110.242.98 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 143.110.242.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 111.230.113.242 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 111.230.113.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 45.142.193.104 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 45.142.193.104 observed triggering 2 Suricata alerts (medium severity, Attempted Information Leak) targeting offbackup1. Signatures detected: ET SCAN MS Terminal Server Traffic on Non-standard Port. This IP exhibited malicious behavior consistent with Attempted Information Leak patterns. | 2026-04-12 | |
| IPv4 | 180.244.187.138 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 180.244.187.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 139.59.141.234 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 139.59.141.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-12 | |
| IPv4 | 192.42.116.98 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 192.42.116.98 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous). | 2026-04-12 | |
| IPv4 | 170.64.227.192 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 170.64.227.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 47.89.242.216 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.89.242.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking). | 2026-04-12 | |
| IPv4 | 47.254.250.59 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.250.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 64.227.175.169 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 64.227.175.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 206.189.139.91 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 206.189.139.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 45.130.83.223 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 45.130.83.223 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64)' 2 times when connecting to mdms1 between 2026-04-12 18:10 and 2026-04-12 18:10 UTC. | 2026-04-12 | |
| IPv4 | 45.130.83.212 | Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, fatt. Attacker IP 45.130.83.212 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64)' 6 times when connecting to db1lapetro between 2026-04-12 18:10 and 2026-04-12 18:10 UTC. | 2026-04-12 | |
| IPv4 | 173.239.211.26 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 173.239.211.26 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64)' 2 times when connecting to db1lapetro between 2026-04-12 18:10 and 2026-04-12 18:10 UTC. | 2026-04-12 | |
| IPv4 | 45.130.83.210 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 45.130.83.210 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64)' 2 times when connecting to mdms1 between 2026-04-12 18:10 and 2026-04-12 18:10 UTC. | 2026-04-12 | |
| IPv4 | 45.130.83.235 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, fatt. Attacker IP 45.130.83.235 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64)' 2 times when connecting to db4lamedtech between 2026-04-12 18:10 and 2026-04-12 18:10 UTC. | 2026-04-12 | |
| IPv4 | 44.220.185.73 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 44.220.185.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 223.166.22.97 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 223.166.22.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 110.177.179.234 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 110.177.179.234 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-12 | |
| IPv4 | 121.29.149.170 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.170 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-12 | |
| IPv4 | 165.232.94.204 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 165.232.94.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate). | 2026-04-12 | |
| IPv4 | 170.64.131.20 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 170.64.131.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 164.92.218.198 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 164.92.218.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 47.250.122.163 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.122.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 182.119.230.11 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.230.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 27.47.27.248 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.27.248 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-12 | |
| IPv4 | 54.208.51.118 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 54.208.51.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 54.234.66.106 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 54.234.66.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 54.226.154.2 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 54.226.154.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 47.251.118.137 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.118.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 221.207.34.202 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 221.207.34.202 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-12 | |
| IPv4 | 64.227.166.62 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 64.227.166.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 115.190.127.190 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 115.190.127.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 116.178.130.57 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.57 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-12 | |
| IPv4 | 171.12.10.117 | Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.12.10.117 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low). | 2026-04-12 | |
| IPv4 | 159.65.119.126 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 159.65.119.126 observed using TLS client fingerprint 'Unknown TLS Client (b213b642d5cb)' 21 times when connecting to db1lapetro between 2026-04-12 20:53 and 2026-04-12 20:54 UTC. | 2026-04-12 | |
| IPv4 | 103.215.83.136 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 103.215.83.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 114.97.190.221 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This attacker IP (114.97.190.221) is likely a commodity botnet node targeting healthcare sector assets via SSH brute-force attacks. Observed attempting access to honeypot medtech-hp-01 using common credentials, indicating low sophistication and reliance on automated tooling rather than custom malware. Limited impact detected, but aligns with broade... | 2026-04-12 | |
| IPv4 | 36.139.173.163 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 36.139.173.163 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 2 times when connecting to offbackup1 between 2026-04-12 22:02 and 2026-04-12 22:02 UTC. | 2026-04-12 | |
| IPv4 | 20.223.244.88 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.223.244.88 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 143 times when connecting to mdms1 between 2026-04-12 21:33 and 2026-04-12 21:33 UTC. | 2026-04-12 | |
| IPv4 | 153.99.94.98 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 153.99.94.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high). | 2026-04-12 | |
| IPv4 | 51.222.115.80 | Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 51.222.115.80 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 2 times when connecting to db1lapetro between 2026-04-12 21:23 and 2026-04-12 21:23 UTC. | 2026-04-12 | |
| IPv4 | 181.49.8.57 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 181.49.8.57 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 11 times when connecting to offbackup1 between 2026-04-12 21:11 and 2026-04-12 21:47 UTC. | 2026-04-12 | |
| IPv4 | 36.106.167.76 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 66.132.224.18 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.224.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 185.247.137.111 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.247.137.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 181.224.223.119 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 181.224.223.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-12 | |
| IPv4 | 82.65.142.32 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 82.65.142.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 46.105.48.30 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 46.105.48.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 51.159.108.219 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 51.159.108.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 46.236.65.65 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 46.236.65.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 197.248.126.217 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 197.248.126.217 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-12 | |
| IPv4 | 174.138.19.251 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 174.138.19.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 51.68.107.156 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 51.68.107.156 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v2.0.5; http://mj12bot.com/...' 2 times when connecting to db4lamedtech between 2026-04-12 22:41 and 2026-04-12 22:41 UTC. | 2026-04-12 | |
| IPv4 | 47.251.174.237 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.174.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 112.94.189.10 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 112.94.189.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 150.230.108.3 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 150.230.108.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 45.224.131.176 | Score: 95/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, fatt. Attacker IP 45.224.131.176 observed using HTTP client fingerprint 'HTTP Client: libwww-perl/6.05' 10 times when connecting to db1lapetro between 2026-04-12 21:40 and 2026-04-12 21:40 UTC. | 2026-04-12 | |
| IPv4 | 36.106.167.76 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 66.132.224.18 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.224.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 185.247.137.111 | Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.247.137.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 181.224.223.119 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 181.224.223.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking). | 2026-04-12 | |
| IPv4 | 82.65.142.32 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 82.65.142.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 46.105.48.30 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 46.105.48.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos). | 2026-04-12 | |
| IPv4 | 51.159.108.219 | Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 51.159.108.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 46.236.65.65 | Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 46.236.65.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 197.248.126.217 | Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 197.248.126.217 classified as attacker with unclear intent (low confidence). Origin: enriched. | 2026-04-12 | |
| IPv4 | 174.138.19.251 | Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 174.138.19.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking). | 2026-04-12 | |
| IPv4 | 51.68.107.156 | Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 51.68.107.156 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v2.0.5; http://mj12bot.com/...' 2 times when connecting to db4lamedtech between 2026-04-12 22:41 and 2026-04-12 22:41 UTC. | 2026-04-12 | |
| IPv4 | 47.251.174.237 | Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.174.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 112.94.189.10 | Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 112.94.189.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host). | 2026-04-12 | |
| IPv4 | 150.230.108.3 | Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 150.230.108.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host). | 2026-04-12 | |
| IPv4 | 45.224.131.176 | Score: 95/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, fatt. Attacker IP 45.224.131.176 observed using HTTP client fingerprint 'HTTP Client: libwww-perl/6.05' 10 times when connecting to db1lapetro between 2026-04-12 21:40 and 2026-04-12 21:40 UTC. | 2026-04-12 |