Pulse Detail — Threat Intelligence

PULSE NAME

TSEC Honeypot: Exploit Attempt - Week of 2026-04-13

WHITE ladarrellmiller 2026-04-13 Modified: 2026-04-19

2848

IOCs

HIGH VOLUME

Honeypot-observed exploit attempt activity for the week of 2026-04-13. Contains 12 indicators (12 IPv4). Data sourced from TSEC T-Pot honeypot network.

Indicators of Compromise (2848)

All IPv4

TYPE	INDICATOR	DESCRIPTION	CREATED
IPv4	170.64.188.93	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 170.64.188.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-13
IPv4	211.144.146.93	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 211.144.146.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	47.250.94.145	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.94.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	62.54.176.203	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 62.54.176.203 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	71.9.76.101	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 71.9.76.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	117.245.139.121	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 117.245.139.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	110.177.176.56	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 110.177.176.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-13
IPv4	154.125.150.88	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Dakar, Senegal (AS8346, SONATEL SONATEL-AS Autonomous System). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 4 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persi...	2026-04-13
IPv4	18.97.19.172	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 18.97.19.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	143.198.210.126	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 143.198.210.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-13
IPv4	164.92.207.234	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 164.92.207.234 observed using TLS client fingerprint 'Unknown TLS Client (b213b642d5cb)' 21 times when connecting to offbackup1 between 2026-04-12 23:12 and 2026-04-12 23:13 UTC.	2026-04-13
IPv4	46.151.178.10	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Netherlands (AS211443, Sino Worldwide Trading Limited). Observed targeting energy sector honeypot petroleum-hp-01 via adbhoney. Session included execution of 8 post-compromise commands. duration: 1s; 9 events.	2026-04-13
IPv4	142.93.217.38	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 142.93.217.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	42.51.40.145	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 42.51.40.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-13
IPv4	116.178.130.171	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	209.38.88.46	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 209.38.88.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	170.64.229.94	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 170.64.229.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	170.64.220.74	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 170.64.220.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-13
IPv4	154.125.156.195	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 154.125.156.195 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 4 times when connecting to db4lamedtech between 2026-04-13 00:30 and 2026-04-13 00:45 UTC.	2026-04-13
IPv4	164.92.145.220	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 164.92.145.220 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to db1lapetro between 2026-04-13 00:05 and 2026-04-13 00:39 UTC.	2026-04-13
IPv4	220.167.233.205	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. This IP address (220.167.233.205) is likely part of an automated brute-force campaign targeting SSH services in healthcare sector honeypots, specifically medtech-hp-01. The attacker attempted credential access via SSH using common username/password pairs, consistent with commodity attack tooling. While low-sophistication, the focus on me...	2026-04-13
IPv4	34.101.179.251	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 34.101.179.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	65.49.20.98	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 65.49.20.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	125.39.93.232	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 125.39.93.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-13
IPv4	36.106.166.197	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	18.97.26.5	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 18.97.26.5 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-13
IPv4	37.13.24.41	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 37.13.24.41 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-13
IPv4	91.142.73.116	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 91.142.73.116 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 2 times when connecting to mdms1 between 2026-04-13 02:02 and 2026-04-13 02:02 UTC.	2026-04-13
IPv4	36.106.167.97	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.106.167.97 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-13
IPv4	45.15.226.100	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.15.226.100 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	80.87.83.229	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 80.87.83.229 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-13 00:58 and 2026-04-13 01:43 UTC.	2026-04-13
IPv4	144.76.40.50	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 144.76.40.50 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-13 00:54 and 2026-04-13 01:32 UTC.	2026-04-13
IPv4	74.82.47.25	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 74.82.47.25 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-04-13
IPv4	47.109.48.21	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.109.48.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	54.36.60.91	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 54.36.60.91 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 4 times when connecting to db1lapetro between 2026-04-13 03:00 and 2026-04-13 03:01 UTC.	2026-04-13
IPv4	203.57.39.187	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 203.57.39.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	178.16.55.226	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 178.16.55.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	182.37.46.222	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 182.37.46.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	35.184.34.187	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 35.184.34.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	184.105.139.114	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 184.105.139.114 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-13
IPv4	101.249.63.40	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 101.249.63.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, low).	2026-04-13
IPv4	206.189.145.84	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 206.189.145.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-13
IPv4	138.197.184.178	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-04-13
IPv4	185.197.194.42	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.197.194.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	181.188.225.126	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 181.188.225.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	171.36.6.9	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.6.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	47.251.114.178	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.114.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	159.223.40.78	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 159.223.40.78 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to offbackup1 between 2026-04-13 03:28 and 2026-04-13 04:12 UTC.	2026-04-13
IPv4	31.210.53.76	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 31.210.53.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	181.188.176.244	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 181.188.176.244 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 32 times when connecting to db1lapetro between 2026-04-13 02:44 and 2026-04-13 03:31 UTC.	2026-04-13
IPv4	94.243.12.127	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 94.243.12.127 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-13
IPv4	171.8.138.104	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.8.138.104 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-13
IPv4	14.1.106.91	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 14.1.106.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	180.101.230.125	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from China (AS4134, Chinanet). Observed targeting healthcare sector honeypot medtech-hp-01 via adbhoney. Session included execution of 6 post-compromise commands, delivery of 2 malware samples. duration: 5m 40s; 12 events.	2026-04-13
IPv4	159.203.35.6	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 159.203.35.6 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 7 times when connecting to offbackup1 between 2026-04-13 04:56 and 2026-04-13 04:56 UTC.	2026-04-13
IPv4	172.232.209.215	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 172.232.209.215 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);' 2 times when connecting to db1lapetro between 2026-04-13 04:46 and 2026-04-13 04:46 UTC.	2026-04-13
IPv4	87.236.176.244	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 87.236.176.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	115.190.254.197	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 115.190.254.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-13
IPv4	81.211.101.138	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 81.211.101.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	45.55.112.20	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 45.55.112.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	110.177.180.167	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 110.177.180.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-13
IPv4	188.26.213.148	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 188.26.213.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	44.220.185.1	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. IP observed in Suricata network metadata	2026-04-13
IPv4	124.236.100.56	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 124.236.100.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	175.107.3.26	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 175.107.3.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	189.168.70.47	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 189.168.70.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	146.88.241.101	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 146.88.241.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	116.110.15.209	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 116.110.15.209 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 8 times when connecting to mdms1 between 2026-04-13 05:35 and 2026-04-13 06:15 UTC.	2026-04-13
IPv4	45.151.123.10	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 45.151.123.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-13
IPv4	110.177.178.10	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.178.10 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-13
IPv4	116.110.21.114	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 116.110.21.114 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 3 times when connecting to mdms1 between 2026-04-13 05:24 and 2026-04-13 05:27 UTC.	2026-04-13
IPv4	116.110.215.174	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 116.110.215.174 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 15 times when connecting to mdms1 between 2026-04-13 05:20 and 2026-04-13 06:11 UTC.	2026-04-13
IPv4	118.212.122.60	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	150.228.105.165	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 150.228.105.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-13
IPv4	121.29.84.8	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	105.159.248.44	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 105.159.248.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	114.202.53.109	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 114.202.53.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	163.177.76.85	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 163.177.76.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, ftp-brute, moderate).	2026-04-13
IPv4	177.152.99.178	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 177.152.99.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-13
IPv4	47.115.223.248	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.115.223.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	123.189.18.25	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 123.189.18.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	47.254.28.173	Score: 50/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.254.28.173 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, exploited-host, hacking).	2026-04-13
IPv4	103.174.50.62	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 103.174.50.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	112.46.212.170	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.212.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	124.117.193.71	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.193.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-13
IPv4	36.106.166.139	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 36.106.166.139 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-13
IPv4	180.95.238.170	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (180.95.238.170) is likely a commodity attacker targeting energy sector infrastructure via SSH brute-force attempts against honeypots. Observed interacting with petroleum-hp-01 using honeytrap mechanisms, suggesting low-to-moderate sophistication and focus on credential harvesting rather than advanced persistence. Limited impact to date ...	2026-04-13
IPv4	60.188.42.51	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 60.188.42.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).	2026-04-13
IPv4	87.236.176.73	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	172.213.152.246	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 172.213.152.246 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 178 times when connecting to db4lamedtech between 2026-04-13 06:23 and 2026-04-13 06:24 UTC.	2026-04-13
IPv4	152.42.234.64	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 152.42.234.64 observed using HTTP client fingerprint 'HTTP Client: Go-http-client/1.1' 4 times when connecting to db1lapetro between 2026-04-13 06:21 and 2026-04-13 06:38 UTC.	2026-04-13
IPv4	46.29.238.171	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 46.29.238.171 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 17 times when connecting to offbackup1 between 2026-04-13 05:57 and 2026-04-13 06:50 UTC.	2026-04-13
IPv4	104.41.137.249	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 104.41.137.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	192.241.222.196	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.241.222.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	210.57.229.59	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 210.57.229.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	178.62.11.159	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 178.62.11.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	201.220.17.252	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 201.220.17.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-13
IPv4	134.195.46.117	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 134.195.46.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	14.135.74.113	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. This attacker IP (14.135.74.113) is likely a low-sophistication scanner or brute-force actor targeting healthcare sector systems, specifically observed attempting SSH access against a medtech honeypot (medtech-hp-01). The actor used basic credential patterns and lacks advanced tooling, suggesting limited impact to critical infrastructure despite ...	2026-04-13
IPv4	117.68.49.92	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 117.68.49.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-13
IPv4	125.132.34.65	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 125.132.34.65 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	14.1.106.174	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 14.1.106.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	59.173.111.228	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.228 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-13
IPv4	34.124.213.151	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Singapore, Singapore (AS396982, Google LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 6 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery...	2026-04-13
IPv4	193.26.157.58	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP 193.26.157.58 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; Website-info.net-Robot; https://web...' 4 times when connecting to db1lapetro between 2026-04-13 07:44 and 2026-04-13 07:44 UTC.	2026-04-13
IPv4	116.178.130.128	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 116.178.130.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	104.248.158.135	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 104.248.158.135 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-13
IPv4	61.7.64.228	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 61.7.64.228 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-13
IPv4	112.122.237.162	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.122.237.162 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-13
IPv4	77.91.70.249	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 77.91.70.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, port-scan).	2026-04-13
IPv4	112.5.73.216	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 112.5.73.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).	2026-04-13
IPv4	164.92.160.160	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 164.92.160.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	121.29.149.100	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	5.77.17.154	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 5.77.17.154 observed using SSH client fingerprint 'Unknown SSH Client (f45fb203c310)' 5 times when connecting to db1lapetro between 2026-04-13 09:16 and 2026-04-13 09:16 UTC.	2026-04-13
IPv4	42.4.63.120	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 42.4.63.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	103.136.201.12	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 103.136.201.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-13
IPv4	103.136.201.10	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 103.136.201.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-13
IPv4	43.230.210.131	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 43.230.210.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	124.220.11.234	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.220.11.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	146.115.89.141	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported. 146.115.89.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-13
IPv4	182.123.208.67	Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 182.123.208.67 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-13
IPv4	20.215.216.165	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.215.216.165 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 144 times when connecting to mdms1 between 2026-04-13 08:40 and 2026-04-13 08:40 UTC.	2026-04-13
IPv4	195.142.16.30	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 195.142.16.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-13
IPv4	8.219.249.135	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 8.219.249.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	184.189.6.211	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 184.189.6.211 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to db1lapetro between 2026-04-13 07:59 and 2026-04-13 08:36 UTC.	2026-04-13
IPv4	31.173.30.134	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 31.173.30.134 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 23 times when connecting to mdms1 between 2026-04-13 07:47 and 2026-04-13 08:27 UTC.	2026-04-13
IPv4	49.51.52.250	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 49.51.52.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	20.61.127.52	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.61.127.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	79.100.204.121	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 79.100.204.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	136.113.21.126	Score: 85/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 136.113.21.126 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 4 times when connecting to db1lapetro between 2026-04-13 10:04 and 2026-04-13 10:04 UTC.	2026-04-13
IPv4	145.132.103.64	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 145.132.103.64 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 3 times when connecting to db1lapetro between 2026-04-13 10:03 and 2026-04-13 10:03 UTC.	2026-04-13
IPv4	18.208.227.51	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, fatt. Attacker IP 18.208.227.51 observed using TLS client fingerprint 'Unknown TLS Client (0ea83546828c)' 34 times when connecting to db4lamedtech between 2026-04-13 09:53 and 2026-04-13 09:53 UTC.	2026-04-13
IPv4	117.187.210.35	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 117.187.210.35 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 2 times when connecting to mdms1 between 2026-04-13 09:51 and 2026-04-13 09:51 UTC.	2026-04-13
IPv4	194.187.179.183	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.183 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-04-13
IPv4	45.86.202.94	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.86.202.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	154.124.53.64	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 154.124.53.64 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 10 times when connecting to offbackup1 between 2026-04-13 09:39 and 2026-04-13 10:04 UTC.	2026-04-13
IPv4	74.82.47.58	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 74.82.47.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	185.187.78.31	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. Attacker IP 185.187.78.31 observed using TLS client fingerprint 'Unknown TLS Client (082f07b3f5bc)' 2 times when connecting to db4lamedtech between 2026-04-13 09:37 and 2026-04-13 09:37 UTC.	2026-04-13
IPv4	190.124.22.12	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 190.124.22.12 observed using TLS client fingerprint 'Unknown TLS Client (082f07b3f5bc)' 4 times when connecting to mdms1 between 2026-04-13 09:33 and 2026-04-13 09:33 UTC.	2026-04-13
IPv4	112.27.108.50	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 112.27.108.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	47.250.120.139	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 47.250.120.139 observed using HTTP client fingerprint 'HTTP Client: curl/7.64.1' 2 times when connecting to db1lapetro between 2026-04-13 11:20 and 2026-04-13 11:20 UTC.	2026-04-13
IPv4	37.19.210.31	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-04-13
IPv4	44.220.185.101	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 44.220.185.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-04-13
IPv4	60.51.186.148	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 60.51.186.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	202.70.139.64	Score: 50/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 202.70.139.64 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (ddos, exploited-host, hacking).	2026-04-13
IPv4	193.70.44.235	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 193.70.44.235 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 168 times when connecting to db1lapetro between 2026-04-13 10:46 and 2026-04-13 10:48 UTC.	2026-04-13
IPv4	185.185.80.186	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 185.185.80.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-13
IPv4	59.173.111.150	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.111.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	59.173.111.158	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.111.158 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-13
IPv4	61.190.137.130	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 61.190.137.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	44.220.188.253	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 44.220.188.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	170.238.45.43	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 170.238.45.43 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 49 times when connecting to offbackup1 between 2026-04-13 10:34 and 2026-04-13 11:18 UTC.	2026-04-13
IPv4	18.97.5.9	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 18.97.5.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	177.10.136.45	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 177.10.136.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	144.124.192.78	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 144.124.192.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-13
IPv4	120.27.197.142	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 120.27.197.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	20.28.203.126	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 20.28.203.126 observed using TLS client fingerprint 'Unknown TLS Client (922ca5a04ed4)' 2 times when connecting to db4lamedtech between 2026-04-13 10:16 and 2026-04-13 10:16 UTC.	2026-04-13
IPv4	20.163.32.226	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.163.32.226 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 11 times when connecting to db1lapetro between 2026-04-13 10:05 and 2026-04-13 11:29 UTC.	2026-04-13
IPv4	121.29.149.42	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.149.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-13
IPv4	139.212.68.188	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 139.212.68.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-04-13
IPv4	116.178.130.142	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. This IP (116.178.130.142) is likely a commodity attacker node associated with China Unicom's backbone network, targeting healthcare sector SSH honeypots using brute-force credential stuffing attacks. Observed interacting with medtech-hp-01 via Cowrie honeypot, attempting default credentials (e.g., 'admin'/'password') and executing basic shell comman...	2026-04-13
IPv4	144.91.64.234	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 144.91.64.234 observed using TLS client fingerprint 'Unknown TLS Client (922ca5a04ed4)' 2 times when connecting to offbackup1 between 2026-04-13 12:28 and 2026-04-13 12:28 UTC.	2026-04-13
IPv4	51.158.203.232	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 51.158.203.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-13
IPv4	112.122.236.204	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 112.122.236.204 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-13
IPv4	185.244.152.208	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 185.244.152.208 observed using TLS client fingerprint 'Unknown TLS Client (082f07b3f5bc)' 2 times when connecting to db1lapetro between 2026-04-13 11:40 and 2026-04-13 11:40 UTC.	2026-04-13
IPv4	95.154.200.39	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 95.154.200.39 observed using TLS client fingerprint 'Unknown TLS Client (2273c7d6df45)' 2 times when connecting to db1lapetro between 2026-04-13 11:37 and 2026-04-13 11:37 UTC.	2026-04-13
IPv4	213.230.87.15	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 213.230.87.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-04-13
IPv4	175.107.205.3	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 175.107.205.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	2.26.82.41	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 2.26.82.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	60.173.100.181	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 60.173.100.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	221.207.34.68	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. This IP (221.207.34.68) is a low-sophistication actor likely associated with automated brute-force campaigns targeting healthcare and energy sector honeypots. Observed attempting SSH access to medtech-hp-01 using credential patterns consistent with default or commonly leaked credentials, suggesting limited technical capability but focused reconnai...	2026-04-13
IPv4	116.178.131.138	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 116.178.131.138 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-13
IPv4	195.178.110.186	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 195.178.110.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	61.171.119.103	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 61.171.119.103 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 3 times when connecting to offbackup1 between 2026-04-13 12:48 and 2026-04-13 13:18 UTC.	2026-04-13
IPv4	202.184.134.88	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 202.184.134.88 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 44 times when connecting to offbackup1 between 2026-04-13 12:47 and 2026-04-13 13:30 UTC.	2026-04-13
IPv4	223.199.187.161	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 223.199.187.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	159.89.207.113	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 159.89.207.113 observed using TLS client fingerprint 'Unknown TLS Client (b738cc05b73c)' 7 times when connecting to mdms1 between 2026-04-13 12:42 and 2026-04-13 12:42 UTC.	2026-04-13
IPv4	3.18.108.78	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 3.18.108.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	103.13.206.142	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.13.206.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	113.20.30.146	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 113.20.30.146 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (22 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	37.192.22.166	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 37.192.22.166 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (15 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	180.76.225.49	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 180.76.225.49 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	104.28.163.16	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 104.28.163.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 2 command sessions (7 commands). Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	51.195.20.203	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-04-13
IPv4	84.54.73.9	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP 84.54.73.9 observed using TLS client fingerprint 'Unknown TLS Client (082f07b3f5bc)' 4 times when connecting to db1lapetro between 2026-04-13 13:34 and 2026-04-13 13:34 UTC.	2026-04-13
IPv4	193.25.113.17	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 193.25.113.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	123.163.114.74	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.163.114.74 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-13
IPv4	213.230.93.15	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 213.230.93.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-13
IPv4	51.68.233.43	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 51.68.233.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, ddos, hacking).	2026-04-13
IPv4	114.34.213.59	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 114.34.213.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	47.245.138.173	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.138.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	181.119.68.114	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 181.119.68.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-13
IPv4	209.38.83.254	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 209.38.83.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	190.142.102.69	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 190.142.102.69 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-13
IPv4	134.199.157.135	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 134.199.157.135 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-13
IPv4	47.237.202.86	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 47.237.202.86 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-13
IPv4	47.237.208.158	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.237.208.158 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-13
IPv4	47.236.83.133	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.236.83.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	47.237.206.153	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.237.206.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	115.190.16.157	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 115.190.16.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking).	2026-04-13
IPv4	199.45.154.180	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 199.45.154.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	117.36.231.242	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 117.36.231.242 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	87.121.84.66	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 87.121.84.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	72.56.5.167	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 72.56.5.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	68.5.197.242	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 68.5.197.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-13
IPv4	125.138.115.99	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 125.138.115.99 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-13
IPv4	66.187.6.17	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 66.187.6.17 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; servicefilter/1.0; +https://cursor....' 4 times when connecting to db4lamedtech between 2026-04-13 15:27 and 2026-04-13 15:27 UTC.	2026-04-13
IPv4	194.87.216.198	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 194.87.216.198 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to offbackup1 between 2026-04-13 14:42 and 2026-04-13 14:57 UTC.	2026-04-13
IPv4	2.26.98.88	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 2.26.98.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	170.64.177.191	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 170.64.177.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	139.59.13.156	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 139.59.13.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	116.178.131.157	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	45.112.149.170	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 45.112.149.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-13
IPv4	45.138.159.124	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.138.159.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	103.74.20.133	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 103.74.20.133 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-13
IPv4	114.220.176.153	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.220.176.153 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-13
IPv4	47.250.83.221	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.83.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	60.13.7.226	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.226 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-13
IPv4	118.196.34.237	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 118.196.34.237 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 42 times when connecting to mdms1 between 2026-04-13 15:40 and 2026-04-13 16:31 UTC.	2026-04-13
IPv4	37.19.200.160	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 37.19.200.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	153.99.92.213	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 153.99.92.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	47.250.193.75	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.193.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	112.78.135.82	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 112.78.135.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	203.161.30.171	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 203.161.30.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	44.220.188.193	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 44.220.188.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	79.127.222.213	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 79.127.222.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, hacking, low).	2026-04-13
IPv4	47.254.56.125	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.56.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	47.254.196.146	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.196.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	117.187.180.166	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 117.187.180.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	170.64.186.185	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 170.64.186.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	98.80.4.119	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. This attacker IP (98.80.4.119) is likely a commodity botnet node conducting automated SSH/Telnet brute-force attacks against energy sector infrastructure. Observed targeting a petroleum-themed honeypot with 7 rapid connection attempts over 7 seconds, consistent with credential stuffing campaigns. The attack lacks sophistication but aligns with low-...	2026-04-13
IPv4	193.163.187.232	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP 193.163.187.232 observed using TLS client fingerprint 'Unknown TLS Client (082f07b3f5bc)' 3 times when connecting to db4lamedtech between 2026-04-13 16:53 and 2026-04-13 16:53 UTC.	2026-04-13
IPv4	64.227.151.233	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 64.227.151.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	23.234.82.156	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 23.234.82.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-13
IPv4	209.38.91.194	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 209.38.91.194 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-13
IPv4	185.225.42.36	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 185.225.42.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, low).	2026-04-13
IPv4	38.242.238.115	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 38.242.238.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-13
IPv4	95.214.2.62	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 95.214.2.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	45.130.166.61	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP from Tokyo, Japan (AS36007, Kamatera, Inc.). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 7 unique usernames, execution of 28 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killi...	2026-04-13
IPv4	72.146.2.255	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 72.146.2.255 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 125 times when connecting to db4lamedtech between 2026-04-13 18:31 and 2026-04-13 18:31 UTC.	2026-04-13
IPv4	64.227.145.175	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 64.227.145.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-13
IPv4	38.43.93.49	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. Attacker IP 38.43.93.49 observed using TLS client fingerprint 'Unknown TLS Client (5af2ac29e141)' 7 times when connecting to db4lamedtech between 2026-04-13 18:26 and 2026-04-13 18:27 UTC.	2026-04-13
IPv4	45.66.131.134	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Tokyo, Japan (AS3258, xTom Japan Corporation). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames, execution of 2 commands (system reconnaissance), delivery of 3 malware samples. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: ...	2026-04-13
IPv4	157.230.96.19	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 157.230.96.19 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, l...' 5 times when connecting to db4lamedtech between 2026-04-13 17:30 and 2026-04-13 17:30 UTC.	2026-04-13
IPv4	80.94.92.67	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 80.94.92.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	18.234.190.223	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 18.234.190.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-13
IPv4	162.19.222.42	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 162.19.222.42 observed using TLS client fingerprint 'Unknown TLS Client (f705a791346f)' 2 times when connecting to db4lamedtech between 2026-04-13 19:26 and 2026-04-13 19:26 UTC.	2026-04-13
IPv4	216.73.216.62	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP 216.73.216.62 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl...' 2 times when connecting to db1lapetro between 2026-04-13 19:12 and 2026-04-13 19:12 UTC.	2026-04-13
IPv4	20.63.103.29	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.63.103.29 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 12 times when connecting to db1lapetro between 2026-04-13 18:56 and 2026-04-13 18:56 UTC.	2026-04-13
IPv4	45.179.246.17	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. Attacker IP 45.179.246.17 observed using TLS client fingerprint 'Unknown TLS Client (082f07b3f5bc)' 3 times when connecting to db4lamedtech between 2026-04-13 18:48 and 2026-04-13 18:48 UTC.	2026-04-13
IPv4	35.203.139.108	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported. Attacker IP 35.203.139.108 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Linux; Android 11; RMX2195) AppleWebKit/537.36 ...' 14 times when connecting to db4lamedtech between 2026-04-13 18:32 and 2026-04-13 18:32 UTC.	2026-04-13
IPv4	51.77.216.81	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP 51.77.216.81 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 4 times when connecting to db1lapetro between 2026-04-13 20:21 and 2026-04-13 20:21 UTC.	2026-04-13
IPv4	72.56.108.236	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 72.56.108.236 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 12 times when connecting to mdms1 between 2026-04-13 19:10 and 2026-04-13 19:46 UTC.	2026-04-13
IPv4	212.47.78.120	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 212.47.78.120 observed using HTTP client fingerprint 'HTTP Client: Go-http-client/1.1' 3 times when connecting to mdms1 between 2026-04-13 20:02 and 2026-04-13 20:03 UTC.	2026-04-13
IPv4	167.172.167.73	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 167.172.167.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	213.230.87.148	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low. 213.230.87.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-14
IPv4	193.124.20.244	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 193.124.20.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	192.241.134.55	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 192.241.134.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	117.140.51.59	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 117.140.51.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	143.198.180.91	Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export, abuseipdb:web-attack. 143.198.180.91 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, port-scan).	2026-04-14
IPv4	47.84.206.83	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 47.84.206.83 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-14
IPv4	69.55.49.7	Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export, abuseipdb:web-attack. 69.55.49.7 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, port-scan).	2026-04-14
IPv4	47.236.202.5	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 47.236.202.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	194.187.179.63	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 194.187.179.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-14
IPv4	24.107.208.181	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 24.107.208.181 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-14
IPv4	172.110.223.65	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 172.110.223.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-14
IPv4	222.97.3.135	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 222.97.3.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	88.249.51.80	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 88.249.51.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	45.134.142.210	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 45.134.142.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-14
IPv4	164.92.174.149	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 164.92.174.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	104.248.125.96	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 104.248.125.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, moderate).	2026-04-14
IPv4	185.156.46.136	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 185.156.46.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, moderate).	2026-04-14
IPv4	190.148.112.242	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 190.148.112.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	180.255.108.218	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 180.255.108.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	59.127.131.253	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 59.127.131.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	112.91.142.182	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 112.91.142.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	49.116.2.19	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 49.116.2.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	193.104.222.13	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-04-14
IPv4	92.54.121.201	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 92.54.121.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	167.172.163.97	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 167.172.163.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	220.167.179.76	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.179.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-14
IPv4	47.251.57.96	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.57.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	104.248.249.241	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 104.248.249.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	194.187.179.147	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	159.65.127.31	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 159.65.127.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	162.243.166.189	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 162.243.166.189 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-14
IPv4	176.65.139.103	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 176.65.139.103 observed using SSH client fingerprint 'Unknown SSH Client (0a07365cc01f)' 685 times when connecting to db1lapetro between 2026-04-14 02:00 and 2026-04-14 02:58 UTC.	2026-04-14
IPv4	157.255.35.242	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 157.255.35.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	77.54.41.203	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 77.54.41.203 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	190.156.238.162	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 190.156.238.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	165.227.156.190	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 165.227.156.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	66.132.172.228	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.132.172.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	190.109.6.117	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 190.109.6.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-14
IPv4	222.176.200.84	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 222.176.200.84 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-14
IPv4	171.8.138.217	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.8.138.217 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-14
IPv4	46.32.228.172	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 46.32.228.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	112.156.68.145	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.156.68.145 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-04-14
IPv4	207.154.223.29	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 207.154.223.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	172.245.16.13	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 172.245.16.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	209.97.184.189	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 209.97.184.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	123.193.27.0	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 123.193.27.0 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	90.149.76.76	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 90.149.76.76 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-14
IPv4	77.51.43.170	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 77.51.43.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	18.97.26.106	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 18.97.26.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-04-14
IPv4	189.222.208.104	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 189.222.208.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	117.187.210.34	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 117.187.210.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, multi-reported).	2026-04-14
IPv4	47.84.185.146	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.84.185.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	59.173.111.185	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 59.173.111.185 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-14
IPv4	157.230.234.138	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 157.230.234.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	87.236.176.34	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 87.236.176.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	172.238.108.242	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 172.238.108.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	194.187.179.61	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	59.27.249.238	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 59.27.249.238 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	159.223.151.143	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 159.223.151.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, high).	2026-04-14
IPv4	45.15.224.178	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.15.224.178 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	88.151.34.138	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 88.151.34.138 observed using TLS client fingerprint 'Unknown TLS Client (c023668399b5)' 27 times when connecting to db1lapetro between 2026-04-14 05:07 and 2026-04-14 05:08 UTC.	2026-04-14
IPv4	44.220.188.60	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 44.220.188.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-14
IPv4	110.177.177.21	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.177.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	1.193.63.75	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.193.63.75 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-14
IPv4	220.167.232.25	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.25 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies).	2026-04-14
IPv4	181.209.121.210	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 181.209.121.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-14
IPv4	36.39.206.39	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 36.39.206.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	36.228.8.69	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 36.228.8.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	120.133.52.228	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 120.133.52.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-04-14
IPv4	115.68.89.206	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from South Korea (AS38700, SMILESERV). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 5 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, firew...	2026-04-14
IPv4	85.11.183.6	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 85.11.183.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	117.68.49.81	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 117.68.49.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	157.230.239.213	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 157.230.239.213 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-14
IPv4	124.117.193.227	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.193.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-14
IPv4	58.19.105.156	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.19.105.156 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-14
IPv4	193.32.127.178	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. Attacker IP 193.32.127.178 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 69 times when connecting to mdms1 between 2026-04-14 05:52 and 2026-04-14 06:00 UTC.	2026-04-14
IPv4	115.190.25.164	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 115.190.25.164 observed using HTTP client fingerprint 'HTTP Client: Go-http-client/1.1' 2 times when connecting to db1lapetro between 2026-04-14 05:35 and 2026-04-14 05:35 UTC.	2026-04-14
IPv4	43.128.149.159	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 43.128.149.159 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 23 times when connecting to db4lamedtech between 2026-04-14 05:07 and 2026-04-14 05:44 UTC.	2026-04-14
IPv4	150.241.94.93	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 150.241.94.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	184.82.94.166	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 184.82.94.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	165.22.207.218	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 165.22.207.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-14
IPv4	193.163.125.223	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.163.125.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	121.29.84.166	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (121.29.84.166) is likely a commodity attacker targeting healthcare sector infrastructure, observed attempting SSH brute-force attacks against a honeypot (mdms-hp-01) using credential patterns typical of automated tools. The low sophistication and focus on SSH/Telnet suggest limited impact, though the China-based origin align...	2026-04-14
IPv4	66.42.117.122	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 66.42.117.122 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 168 times when connecting to db4lamedtech between 2026-04-14 07:06 and 2026-04-14 07:30 UTC.	2026-04-14
IPv4	202.47.57.203	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 202.47.57.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	103.65.237.194	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.65.237.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	14.29.184.161	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 14.29.184.161 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	150.255.250.108	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 150.255.250.108 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-14
IPv4	45.156.128.103	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 45.156.128.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	45.4.2.50	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 45.4.2.50 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-14
IPv4	34.62.50.83	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 34.62.50.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-04-14
IPv4	116.178.129.197	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.129.197 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-14
IPv4	124.117.192.211	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.192.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-14
IPv4	180.111.30.159	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.111.30.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	36.64.174.210	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.64.174.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	85.155.224.83	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 85.155.224.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	165.22.16.79	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 165.22.16.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	159.89.105.31	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.89.105.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	110.177.176.119	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 110.177.176.119 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-14
IPv4	222.176.201.201	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	51.15.19.10	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 51.15.19.10 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 5 times when connecting to mdms1 between 2026-04-14 08:21 and 2026-04-14 08:21 UTC.	2026-04-14
IPv4	107.174.62.22	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 107.174.62.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	164.90.164.114	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 164.90.164.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-14
IPv4	68.183.77.93	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 68.183.77.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	23.95.189.210	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 23.95.189.210 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	180.68.161.143	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.68.161.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	179.124.16.90	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 179.124.16.90 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-14
IPv4	47.236.48.30	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.236.48.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	123.163.114.95	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. This IP address, associated with Chinanet (AS4134), is likely a commodity attacker targeting healthcare sector systems. It probed the medtech-hp-01 honeypot using SSH brute-force techniques, attempting to exploit weak credentials. The low sophistication suggests automated tooling rather than advanced persistent threat activity, with limited sector i...	2026-04-14
IPv4	34.124.148.87	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 34.124.148.87 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to mdms1 between 2026-04-14 08:19 and 2026-04-14 09:09 UTC.	2026-04-14
IPv4	187.62.198.143	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 187.62.198.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	47.251.37.0	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.37.0 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	84.54.73.30	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 84.54.73.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-14
IPv4	44.220.188.165	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 44.220.188.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-14
IPv4	18.97.5.108	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 18.97.5.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	14.103.112.109	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 14.103.112.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	18.97.19.207	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 18.97.19.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-14
IPv4	75.71.42.229	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 75.71.42.229 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-04-14
IPv4	223.6.249.90	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 223.6.249.90 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean).	2026-04-14
IPv4	45.153.34.158	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.153.34.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	183.246.92.86	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 183.246.92.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	45.163.106.230	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.163.106.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	109.49.23.192	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 109.49.23.192 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-14 11:00 and 2026-04-14 11:38 UTC.	2026-04-14
IPv4	78.89.154.59	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 78.89.154.59 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 10 times when connecting to db4lamedtech between 2026-04-14 10:42 and 2026-04-14 11:06 UTC.	2026-04-14
IPv4	80.94.95.34	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 80.94.95.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	185.247.137.139	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	119.17.222.94	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 119.17.222.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	198.44.137.54	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 198.44.137.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-14
IPv4	66.132.224.20	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.224.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	120.48.145.32	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 120.48.145.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	103.10.85.58	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.10.85.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	47.236.75.61	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.236.75.61 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-14
IPv4	45.156.129.175	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.156.129.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	192.42.116.19	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.42.116.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	84.54.70.71	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 84.54.70.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-14
IPv4	45.156.22.81	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 45.156.22.81 observed using SSH client fingerprint 'Unknown SSH Client (63ae64767f33)' 5 times when connecting to db4lamedtech between 2026-04-14 13:44 and 2026-04-14 13:45 UTC.	2026-04-14
IPv4	147.135.214.166	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 147.135.214.166 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to mdms1 between 2026-04-14 12:51 and 2026-04-14 12:53 UTC.	2026-04-14
IPv4	43.154.202.17	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 43.154.202.17 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-14 12:39 and 2026-04-14 13:22 UTC.	2026-04-14
IPv4	164.68.99.21	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack, abuseipdb:well-known. Attacker IP 164.68.99.21 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 25 times when connecting to mdms1 between 2026-04-14 12:29 and 2026-04-14 13:12 UTC.	2026-04-14
IPv4	213.176.16.100	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 213.176.16.100 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to db4lamedtech between 2026-04-14 12:08 and 2026-04-14 12:43 UTC.	2026-04-14
IPv4	103.10.85.58	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.10.85.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	47.236.75.61	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.236.75.61 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-14
IPv4	45.156.129.175	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.156.129.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	192.42.116.19	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.42.116.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	84.54.70.71	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 84.54.70.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-14
IPv4	45.156.22.81	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 45.156.22.81 observed using SSH client fingerprint 'Unknown SSH Client (63ae64767f33)' 5 times when connecting to db4lamedtech between 2026-04-14 13:44 and 2026-04-14 13:45 UTC.	2026-04-14
IPv4	147.135.214.166	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 147.135.214.166 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to mdms1 between 2026-04-14 12:51 and 2026-04-14 12:53 UTC.	2026-04-14
IPv4	43.154.202.17	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 43.154.202.17 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-14 12:39 and 2026-04-14 13:22 UTC.	2026-04-14
IPv4	164.68.99.21	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack, abuseipdb:well-known. Attacker IP 164.68.99.21 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 25 times when connecting to mdms1 between 2026-04-14 12:29 and 2026-04-14 13:12 UTC.	2026-04-14
IPv4	213.176.16.100	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 213.176.16.100 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to db4lamedtech between 2026-04-14 12:08 and 2026-04-14 12:43 UTC.	2026-04-14
IPv4	182.242.168.108	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	138.197.203.215	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 138.197.203.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	164.92.86.84	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 164.92.86.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	216.218.206.126	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 216.218.206.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	47.251.249.156	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.249.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	186.180.175.236	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 186.180.175.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	170.130.204.82	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 170.130.204.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	44.220.185.12	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 44.220.185.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-14
IPv4	46.121.102.119	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 46.121.102.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	52.185.212.58	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 52.185.212.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	36.133.110.233	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-04-14
IPv4	103.194.239.180	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 103.194.239.180 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to db4lamedtech between 2026-04-14 13:34 and 2026-04-14 14:18 UTC.	2026-04-14
IPv4	176.65.150.57	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 176.65.150.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	45.86.200.123	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:web-attack, cowrie. 45.86.200.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, multi-reported).	2026-04-14
IPv4	45.86.200.139	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:web-attack. 45.86.200.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-14
IPv4	45.86.200.142	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported. 45.86.200.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-14
IPv4	65.49.20.74	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 65.49.20.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	65.49.20.106	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 65.49.20.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	84.54.71.55	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 84.54.71.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-14
IPv4	139.135.45.193	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 139.135.45.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	116.178.131.72	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	175.107.3.98	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 175.107.3.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	47.84.181.76	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.84.181.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	45.86.200.152	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:unlisted. IP observed in Suricata network metadata	2026-04-14
IPv4	20.43.19.237	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.43.19.237 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 146 times when connecting to db4lamedtech between 2026-04-14 15:31 and 2026-04-14 15:31 UTC.	2026-04-14
IPv4	171.231.181.177	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 171.231.181.177 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 9 times when connecting to db1lapetro between 2026-04-14 15:03 and 2026-04-14 15:30 UTC.	2026-04-14
IPv4	171.231.196.77	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 171.231.196.77 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 8 times when connecting to db1lapetro between 2026-04-14 14:58 and 2026-04-14 15:27 UTC.	2026-04-14
IPv4	187.212.38.18	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Puebla City, Mexico (AS8151, UNINET). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 5 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of 19 malware samples...	2026-04-14
IPv4	43.226.44.17	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 43.226.44.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-14
IPv4	61.58.173.247	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 61.58.173.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	153.99.92.148	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 153.99.92.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-14
IPv4	223.109.200.241	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 223.109.200.241 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 2 times when connecting to mdms1 between 2026-04-14 16:18 and 2026-04-14 16:27 UTC.	2026-04-14
IPv4	171.231.193.254	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 171.231.193.254 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 6 times when connecting to db1lapetro between 2026-04-14 15:33 and 2026-04-14 15:53 UTC.	2026-04-14
IPv4	116.99.174.160	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 116.99.174.160 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 4 times when connecting to db1lapetro between 2026-04-14 15:36 and 2026-04-14 15:50 UTC.	2026-04-14
IPv4	124.71.66.48	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 124.71.66.48 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to db4lamedtech between 2026-04-14 15:17 and 2026-04-14 16:08 UTC.	2026-04-14
IPv4	66.167.169.150	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.167.169.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	47.84.142.16	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.142.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	20.81.50.12	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 20.81.50.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	52.87.177.107	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-04-14
IPv4	180.184.249.162	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 180.184.249.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	82.207.50.182	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 82.207.50.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-14
IPv4	119.235.251.247	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 119.235.251.247 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	188.130.206.131	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 188.130.206.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	192.42.116.107	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 192.42.116.107 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Linux; Android 9; HRY-LX1 Build/HONORHRY-L21) A...' 4 times when connecting to db1lapetro between 2026-04-14 18:50 and 2026-04-14 18:50 UTC.	2026-04-14
IPv4	98.80.4.76	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. This attacker IP (98.80.4.76) is likely a commodity botnet node conducting SSH brute-force attacks against healthcare sector targets. Observed attempting credential stuffing via Cowrie honeypot with 5 rapid connection attempts over 5 seconds, suggesting automated tooling rather than manual operation. No malware or data exfiltration detected, indic...	2026-04-14
IPv4	34.216.223.202	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 34.216.223.202 observed using SSH client fingerprint 'Unknown SSH Client (87e3d9ffee05)' 8 times when connecting to offbackup1 between 2026-04-14 18:33 and 2026-04-14 18:33 UTC.	2026-04-14
IPv4	20.48.184.58	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.48.184.58 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 146 times when connecting to mdms1 between 2026-04-14 17:51 and 2026-04-14 17:51 UTC.	2026-04-14
IPv4	165.154.6.56	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 165.154.6.56 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to mdms1 between 2026-04-14 17:22 and 2026-04-14 18:02 UTC.	2026-04-14
IPv4	107.189.13.180	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 107.189.13.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	175.107.0.164	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 175.107.0.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	216.218.206.104	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 216.218.206.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	3.138.190.72	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 3.138.190.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	192.42.116.42	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.42.116.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	106.13.122.214	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 106.13.122.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	58.243.46.30	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 58.243.46.30 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-14
IPv4	68.183.32.125	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 68.183.32.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	51.91.254.43	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 51.91.254.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-14
IPv4	8.210.28.151	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.210.28.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	112.93.118.184	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 112.93.118.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	123.191.144.73	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.191.144.73 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-14
IPv4	45.156.87.99	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Eygelshoven, Netherlands (AS51396, Pfcloud UG (haftungsbeschrankt)) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 108 failed login attempts, 108 credential pairs tried across 75 unique usernames, execution of 1 commands (system reconnaissance), delivery of 1 malware...	2026-04-14
IPv4	93.93.205.119	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 93.93.205.119 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-14 19:09 and 2026-04-14 19:45 UTC.	2026-04-14
IPv4	93.197.162.85	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 93.197.162.85 observed using TLS client fingerprint 'Unknown TLS Client (bb3aa6d8cd4d)' 3 times when connecting to db4lamedtech between 2026-04-14 19:07 and 2026-04-14 19:07 UTC.	2026-04-14
IPv4	111.52.249.29	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 111.52.249.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	181.115.171.99	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 181.115.171.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-14
IPv4	212.237.119.217	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 212.237.119.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-14
IPv4	185.247.137.195	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	101.42.32.145	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 101.42.32.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	112.25.69.4	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 112.25.69.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	85.208.96.206	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 85.208.96.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	83.227.124.114	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 83.227.124.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	167.71.120.153	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 167.71.120.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	192.42.116.100	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 192.42.116.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	14.103.115.3	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 14.103.115.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	84.247.175.124	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 84.247.175.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	185.247.137.219	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	139.135.41.152	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 139.135.41.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-14
IPv4	47.251.26.30	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.26.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	46.224.36.231	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 46.224.36.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-14
IPv4	47.250.89.197	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.89.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	13.52.240.248	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 13.52.240.248 observed using SSH client fingerprint 'Unknown SSH Client (87e3d9ffee05)' 8 times when connecting to db4lamedtech between 2026-04-14 21:08 and 2026-04-14 21:08 UTC.	2026-04-14
IPv4	223.210.27.21	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 223.210.27.21 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 Gecko/20100101' 3 times when connecting to mdms1 between 2026-04-14 21:04 and 2026-04-14 21:04 UTC.	2026-04-14
IPv4	45.156.131.5	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 45.156.131.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	45.156.131.3	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 45.156.131.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	45.156.131.4	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 45.156.131.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	45.156.131.2	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.156.131.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	185.93.89.64	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.93.89.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	47.251.105.187	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 47.251.105.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	41.214.19.101	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Dakar, Senegal (AS8346, SONATEL SONATEL-AS Autonomous System). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persi...	2026-04-14
IPv4	186.97.136.28	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported. 186.97.136.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-14
IPv4	36.64.174.50	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 36.64.174.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	118.212.123.182	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 118.212.123.182 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-14
IPv4	165.22.153.168	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 165.22.153.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-14
IPv4	111.47.65.219	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 111.47.65.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	129.121.55.30	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 129.121.55.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-14
IPv4	138.197.214.190	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 138.197.214.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-14
IPv4	172.236.16.29	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP 172.236.16.29 observed using TLS client fingerprint 'Unknown TLS Client (2e5dde6b743c)' 2 times when connecting to db4lamedtech between 2026-04-14 22:30 and 2026-04-14 22:30 UTC.	2026-04-14
IPv4	34.182.176.211	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 34.182.176.211 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) Apple...' 7 times when connecting to db4lamedtech between 2026-04-14 21:48 and 2026-04-14 21:48 UTC.	2026-04-14
IPv4	129.146.128.34	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 129.146.128.34 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	4.233.190.23	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 4.233.190.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	37.19.210.13	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 37.19.210.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	178.128.95.222	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 178.128.95.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	143.198.163.193	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 143.198.163.193 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, multi-reported).	2026-04-15
IPv4	151.115.126.205	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 151.115.126.205 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-15
IPv4	110.39.227.81	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 110.39.227.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	45.11.229.248	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.11.229.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	110.41.1.133	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 110.41.1.133 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db4lamedtech between 2026-04-14 23:08 and 2026-04-14 23:08 UTC.	2026-04-15
IPv4	45.22.211.68	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 45.22.211.68 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 6 times when connecting to db1lapetro between 2026-04-14 23:07 and 2026-04-14 23:42 UTC.	2026-04-15
IPv4	104.223.57.51	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 104.223.57.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-15
IPv4	117.50.175.95	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 117.50.175.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	45.171.180.186	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 45.171.180.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	23.94.175.158	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-04-15
IPv4	112.170.207.251	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 112.170.207.251 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-15
IPv4	69.112.25.182	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 69.112.25.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	221.207.10.168	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 221.207.10.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	175.107.201.149	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 175.107.201.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	43.228.157.67	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 43.228.157.67 observed using TLS client fingerprint 'Unknown TLS Client (c023668399b5)' 16 times when connecting to db1lapetro between 2026-04-15 00:47 and 2026-04-15 00:48 UTC.	2026-04-15
IPv4	189.219.66.122	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 189.219.66.122 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-15
IPv4	143.110.134.222	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 143.110.134.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	47.84.186.82	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.186.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-15
IPv4	152.52.229.94	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 152.52.229.94 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	51.159.188.152	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 51.159.188.152 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 29 times when connecting to mdms1 between 2026-04-15 00:19 and 2026-04-15 00:20 UTC.	2026-04-15
IPv4	45.79.152.14	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 45.79.152.14 observed using TLS client fingerprint 'Unknown TLS Client (bd5aa1685e2f)' 42 times when connecting to offbackup1 between 2026-04-15 00:22 and 2026-04-15 00:24 UTC.	2026-04-15
IPv4	152.32.191.226	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 152.32.191.226 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to offbackup1 between 2026-04-14 23:52 and 2026-04-15 00:34 UTC.	2026-04-15
IPv4	165.154.202.4	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 165.154.202.4 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to offbackup1 between 2026-04-14 23:51 and 2026-04-15 00:32 UTC.	2026-04-15
IPv4	107.189.27.179	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 107.189.27.179 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (20 commands). Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	66.116.205.1	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Mumbai, India (AS31898, Oracle Corporation). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included delivery of 1 malware sample. 2 events.	2026-04-15
IPv4	125.213.202.27	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 125.213.202.27 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to db1lapetro between 2026-04-15 01:11 and 2026-04-15 01:19 UTC.	2026-04-15
IPv4	45.55.185.228	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 45.55.185.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	172.190.13.234	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 172.190.13.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	106.13.38.13	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 106.13.38.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	163.172.140.17	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 163.172.140.17 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-04-15
IPv4	194.84.110.133	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 194.84.110.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-15
IPv4	220.167.233.34	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.34 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-15
IPv4	103.195.239.8	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Vietnam (AS151858, INTERDIGI JOINT STOCK COMPANY). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 7 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of 1...	2026-04-15
IPv4	66.132.186.221	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.186.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	18.97.5.27	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 18.97.5.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-15
IPv4	8.211.27.88	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.211.27.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	98.103.184.222	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-04-15
IPv4	54.37.86.223	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 54.37.86.223 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 33 times when connecting to mdms1 between 2026-04-15 02:00 and 2026-04-15 02:01 UTC.	2026-04-15
IPv4	193.104.222.16	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 193.104.222.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	210.16.103.246	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 210.16.103.246 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	103.213.112.3	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 103.213.112.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	174.138.83.242	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 174.138.83.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, low).	2026-04-15
IPv4	59.44.12.156	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.44.12.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	182.242.169.55	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 182.242.169.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	47.84.189.3	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.189.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	213.230.92.41	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 213.230.92.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-15
IPv4	178.128.214.94	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 178.128.214.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	37.187.27.125	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 37.187.27.125 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 4 times when connecting to mdms1 between 2026-04-15 03:19 and 2026-04-15 03:20 UTC.	2026-04-15
IPv4	85.234.100.88	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 85.234.100.88 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to offbackup1 between 2026-04-15 03:20 and 2026-04-15 03:55 UTC.	2026-04-15
IPv4	120.48.77.176	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 120.48.77.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	142.248.80.31	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 142.248.80.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands). Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	59.173.111.188	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.111.188 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-15
IPv4	181.205.14.114	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-04-15
IPv4	121.29.84.7	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.84.7 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-04-15
IPv4	213.230.92.227	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported. 213.230.92.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-15
IPv4	95.249.180.85	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 95.249.180.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	1.1.155.69	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 1.1.155.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	94.243.14.30	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 94.243.14.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	117.20.223.26	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 117.20.223.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	138.197.15.3	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 138.197.15.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	45.87.235.59	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 45.87.235.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	62.210.189.225	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 62.210.189.225 observed using SSH client fingerprint 'Unknown SSH Client (3ccd1778a760)' 5 times when connecting to db1lapetro between 2026-04-15 04:17 and 2026-04-15 04:17 UTC.	2026-04-15
IPv4	81.193.159.166	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 81.193.159.166 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to offbackup1 between 2026-04-15 03:37 and 2026-04-15 04:23 UTC.	2026-04-15
IPv4	24.163.114.60	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 24.163.114.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	84.54.72.44	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 84.54.72.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-15
IPv4	157.245.186.210	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 157.245.186.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	150.107.106.232	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported. 150.107.106.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-15
IPv4	87.106.29.151	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:iot-targeted, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from France (AS8560, IONOS SE). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 15 failed login attempts, 15 credential pairs tried across 9 unique usernames, execution of 32 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of 21 malware samples. SS...	2026-04-15
IPv4	106.52.223.49	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 106.52.223.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-15
IPv4	137.59.230.222	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 137.59.230.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	71.68.224.87	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 71.68.224.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	47.251.88.213	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.88.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	184.105.139.71	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 184.105.139.71 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-15
IPv4	2.58.56.197	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:reported. Attacker IP 2.58.56.197 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 9 times when connecting to db4lamedtech between 2026-04-15 05:31 and 2026-04-15 05:31 UTC.	2026-04-15
IPv4	216.81.248.165	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 216.81.248.165 observed using HTTP client fingerprint 'HTTP Client: Go-http-client/1.1' 201 times when connecting to mdms1 between 2026-04-15 05:27 and 2026-04-15 05:27 UTC.	2026-04-15
IPv4	210.128.206.29	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 210.128.206.29 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to db4lamedtech between 2026-04-15 05:03 and 2026-04-15 05:49 UTC.	2026-04-15
IPv4	163.7.11.126	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 163.7.11.126 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to db4lamedtech between 2026-04-15 04:17 and 2026-04-15 05:04 UTC.	2026-04-15
IPv4	1.24.16.4	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 1.24.16.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-15
IPv4	5.165.101.226	Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 5.165.101.226 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-04-15
IPv4	122.160.9.40	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 122.160.9.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	163.7.5.231	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 163.7.5.231 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 33 times when connecting to db4lamedtech between 2026-04-15 05:32 and 2026-04-15 06:20 UTC.	2026-04-15
IPv4	103.172.204.83	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Indonesia (AS136052, PT Cloud Hosting Indonesia) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 9 failed login attempts, 9 credential pairs tried across 7 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron p...	2026-04-15
IPv4	45.144.212.96	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.144.212.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	47.237.195.150	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.195.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	39.82.0.242	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 39.82.0.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	46.105.40.140	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 46.105.40.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	103.146.52.37	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 103.146.52.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	111.20.145.238	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 111.20.145.238 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 2 times when connecting to mdms1 between 2026-04-15 07:49 and 2026-04-15 07:49 UTC.	2026-04-15
IPv4	106.75.175.213	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 106.75.175.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-15
IPv4	185.101.236.170	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 185.101.236.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-15
IPv4	45.61.157.167	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 45.61.157.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	51.83.238.207	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 51.83.238.207 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 8 times when connecting to db1lapetro between 2026-04-15 07:37 and 2026-04-15 07:38 UTC.	2026-04-15
IPv4	160.119.76.53	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 160.119.76.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	23.234.80.92	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 23.234.80.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	165.227.31.208	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 165.227.31.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	47.85.179.89	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.85.179.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	47.85.14.79	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.85.14.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	180.76.108.172	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 180.76.108.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-15
IPv4	178.171.42.184	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:reported-export, abuseipdb:web-attack, cowrie. Attacker IP 178.171.42.184 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 2 times when connecting to db1lapetro between 2026-04-15 08:56 and 2026-04-15 08:56 UTC.	2026-04-15
IPv4	84.54.72.64	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 84.54.72.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-15
IPv4	47.251.99.89	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.251.99.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	45.43.57.159	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 45.43.57.159 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, li...' 2 times when connecting to db4lamedtech between 2026-04-15 08:42 and 2026-04-15 08:43 UTC.	2026-04-15
IPv4	44.220.185.126	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 44.220.185.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-15
IPv4	116.99.174.17	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 116.99.174.17 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 3 times when connecting to db4lamedtech between 2026-04-15 08:33 and 2026-04-15 08:38 UTC.	2026-04-15
IPv4	171.231.199.138	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 171.231.199.138 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 4 times when connecting to db1lapetro between 2026-04-15 08:35 and 2026-04-15 08:43 UTC.	2026-04-15
IPv4	27.79.4.61	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 27.79.4.61 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 12 times when connecting to db4lamedtech between 2026-04-15 07:51 and 2026-04-15 08:31 UTC.	2026-04-15
IPv4	27.79.5.25	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 27.79.5.25 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 14 times when connecting to db1lapetro between 2026-04-15 07:51 and 2026-04-15 08:31 UTC.	2026-04-15
IPv4	38.124.152.45	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 38.124.152.45 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 20 times when connecting to offbackup1 between 2026-04-15 07:20 and 2026-04-15 08:10 UTC.	2026-04-15
IPv4	165.154.36.251	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 165.154.36.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	107.172.193.48	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 107.172.193.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-15
IPv4	37.103.236.99	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 37.103.236.99 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (20 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	144.48.132.1	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 144.48.132.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	190.115.5.17	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 190.115.5.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	203.161.30.175	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 203.161.30.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	41.214.17.133	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 41.214.17.133 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 9 times when connecting to db1lapetro between 2026-04-15 09:28 and 2026-04-15 09:48 UTC.	2026-04-15
IPv4	193.163.125.195	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.163.125.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	171.37.190.31	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.37.190.31 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-15
IPv4	106.75.33.247	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 106.75.33.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	102.210.247.38	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 102.210.247.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-15
IPv4	45.225.135.32	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.225.135.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	115.190.238.255	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 115.190.238.255 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	112.46.212.160	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 112.46.212.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	60.13.7.57	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.57 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-15
IPv4	4.205.60.171	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 4.205.60.171 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 122 times when connecting to db4lamedtech between 2026-04-15 10:57 and 2026-04-15 10:57 UTC.	2026-04-15
IPv4	80.44.22.30	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 80.44.22.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	20.220.161.65	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.220.161.65 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 105 times when connecting to db4lamedtech between 2026-04-15 10:16 and 2026-04-15 10:16 UTC.	2026-04-15
IPv4	125.22.105.67	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 125.22.105.67 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 14 times when connecting to db1lapetro between 2026-04-15 09:22 and 2026-04-15 10:09 UTC.	2026-04-15
IPv4	156.227.232.96	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 156.227.232.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	121.139.245.144	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 121.139.245.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	172.213.0.216	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 172.213.0.216 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 115 times when connecting to db4lamedtech between 2026-04-15 11:45 and 2026-04-15 11:46 UTC.	2026-04-15
IPv4	91.137.182.39	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 91.137.182.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	206.189.43.227	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 206.189.43.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-15
IPv4	192.140.175.43	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 192.140.175.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-15
IPv4	222.187.100.82	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-04-15
IPv4	46.101.1.225	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 46.101.1.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	216.74.240.254	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 216.74.240.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (reported).	2026-04-15
IPv4	206.189.225.181	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 206.189.225.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	47.237.195.121	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.237.195.121 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, high).	2026-04-15
IPv4	20.91.252.112	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.91.252.112 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 139 times when connecting to mdms1 between 2026-04-15 12:47 and 2026-04-15 12:48 UTC.	2026-04-15
IPv4	165.22.199.230	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 165.22.199.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, high).	2026-04-15
IPv4	98.80.4.69	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 98.80.4.69 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-15
IPv4	79.127.217.38	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. IP observed in Suricata network metadata	2026-04-15
IPv4	221.6.122.67	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 221.6.122.67 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 2 times when connecting to mdms1 between 2026-04-15 12:28 and 2026-04-15 12:28 UTC.	2026-04-15
IPv4	167.172.158.128	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 167.172.158.128 observed using TLS client fingerprint 'Unknown TLS Client (922ca5a04ed4)' 2 times when connecting to mdms1 between 2026-04-15 12:08 and 2026-04-15 12:08 UTC.	2026-04-15
IPv4	210.92.144.218	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 210.92.144.218 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 28 times when connecting to db1lapetro between 2026-04-15 11:24 and 2026-04-15 12:09 UTC.	2026-04-15
IPv4	14.1.104.251	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 14.1.104.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-15
IPv4	43.110.34.139	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 43.110.34.139 observed using TLS client fingerprint 'Unknown TLS Client (a1ddd179f982)' 2 times when connecting to offbackup1 between 2026-04-15 13:56 and 2026-04-15 13:56 UTC.	2026-04-15
IPv4	18.97.26.107	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. IP observed in Suricata network metadata	2026-04-15
IPv4	47.77.195.187	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.77.195.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	101.126.135.154	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 101.126.135.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	182.116.114.239	Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 182.116.114.239 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-15
IPv4	85.105.136.134	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 85.105.136.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	18.97.26.28	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 18.97.26.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-04-15
IPv4	157.245.173.19	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 157.245.173.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-15
IPv4	59.103.32.55	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 59.103.32.55 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-15
IPv4	43.99.2.194	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.99.2.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	77.22.112.180	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 77.22.112.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	213.230.93.90	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 213.230.93.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-15
IPv4	8.163.15.89	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 8.163.15.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-15
IPv4	172.161.53.105	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 172.161.53.105 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 124 times when connecting to db4lamedtech between 2026-04-15 14:40 and 2026-04-15 14:40 UTC.	2026-04-15
IPv4	88.147.174.117	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 88.147.174.117 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 2 times when connecting to mdms1 between 2026-04-15 14:14 and 2026-04-15 14:14 UTC.	2026-04-15
IPv4	82.123.91.20	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 82.123.91.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	160.22.7.162	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 160.22.7.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	47.253.116.19	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.253.116.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	104.168.101.23	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 104.168.101.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-15
IPv4	114.35.247.74	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 114.35.247.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	118.139.167.102	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 118.139.167.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	187.63.239.195	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 187.63.239.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	171.242.235.30	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 171.242.235.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	185.247.137.247	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	213.91.178.109	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 213.91.178.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	94.26.106.201	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 94.26.106.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	27.47.24.25	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 27.47.24.25 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-15
IPv4	102.214.131.55	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 102.214.131.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	187.33.153.204	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 187.33.153.204 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-15 16:14 and 2026-04-15 16:52 UTC.	2026-04-15
IPv4	185.247.137.247	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	213.91.178.109	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 213.91.178.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	94.26.106.201	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 94.26.106.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	27.47.24.25	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 27.47.24.25 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-15
IPv4	102.214.131.55	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 102.214.131.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	187.33.153.204	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 187.33.153.204 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-15 16:14 and 2026-04-15 16:52 UTC.	2026-04-15
IPv4	115.211.143.111	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 115.211.143.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	84.54.71.130	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 84.54.71.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, low).	2026-04-15
IPv4	47.250.116.24	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.116.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	89.117.41.164	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 89.117.41.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, hacking, moderate).	2026-04-15
IPv4	20.175.198.186	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 20.175.198.186 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean).	2026-04-15
IPv4	118.213.136.182	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 118.213.136.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	146.190.119.189	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 146.190.119.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	216.218.206.82	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 216.218.206.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	68.221.132.192	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 68.221.132.192 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 42 times when connecting to db4lamedtech between 2026-04-15 17:45 and 2026-04-15 17:45 UTC.	2026-04-15
IPv4	52.178.176.146	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 52.178.176.146 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 115 times when connecting to db4lamedtech between 2026-04-15 17:28 and 2026-04-15 17:29 UTC.	2026-04-15
IPv4	38.19.159.254	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 38.19.159.254 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-15 17:26 and 2026-04-15 18:08 UTC.	2026-04-15
IPv4	143.198.187.134	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP 143.198.187.134 observed using TLS client fingerprint 'Unknown TLS Client (2a3322ff12fd)' 7 times when connecting to db1lapetro between 2026-04-15 17:13 and 2026-04-15 17:13 UTC.	2026-04-15
IPv4	45.56.70.39	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 45.56.70.39 observed using TLS client fingerprint 'Unknown TLS Client (2a3322ff12fd)' 7 times when connecting to db1lapetro between 2026-04-15 17:13 and 2026-04-15 17:13 UTC.	2026-04-15
IPv4	43.134.187.172	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 43.134.187.172 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-15 16:45 and 2026-04-15 17:27 UTC.	2026-04-15
IPv4	47.237.195.198	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.237.195.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-15
IPv4	185.244.153.106	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 185.244.153.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-15
IPv4	47.237.192.160	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.237.192.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-15
IPv4	103.178.76.202	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 103.178.76.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	105.23.233.74	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 105.23.233.74 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-15
IPv4	47.77.236.210	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.77.236.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	92.118.39.195	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 92.118.39.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	92.118.39.197	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 92.118.39.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	92.118.39.235	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 92.118.39.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	139.226.191.160	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 139.226.191.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-15
IPv4	14.103.127.242	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 14.103.127.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	91.204.234.100	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 91.204.234.100 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (42 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-15
IPv4	59.18.222.111	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 59.18.222.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	222.131.240.199	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 222.131.240.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-15
IPv4	130.12.180.16	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 130.12.180.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	153.99.92.243	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 153.99.92.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-15
IPv4	192.42.116.55	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.42.116.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	36.133.69.74	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 36.133.69.74 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 2 times when connecting to db4lamedtech between 2026-04-15 19:48 and 2026-04-15 19:48 UTC.	2026-04-15
IPv4	141.94.101.142	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 141.94.101.142 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 15 times when connecting to mdms1 between 2026-04-15 19:24 and 2026-04-15 19:25 UTC.	2026-04-15
IPv4	143.110.195.142	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 143.110.195.142 observed using TLS client fingerprint 'Unknown TLS Client (5103125acceb)' 2 times when connecting to mdms1 between 2026-04-15 19:21 and 2026-04-15 19:21 UTC.	2026-04-15
IPv4	45.55.59.56	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 45.55.59.56 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 4 times when connecting to db1lapetro between 2026-04-15 20:34 and 2026-04-15 20:36 UTC.	2026-04-15
IPv4	14.18.88.70	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 14.18.88.70 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 2 times when connecting to db1lapetro between 2026-04-15 19:45 and 2026-04-15 20:32 UTC.	2026-04-15
IPv4	34.182.143.196	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 34.182.143.196 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Linux; Android 14; RMX3842) AppleWebKit/537.36 ...' 7 times when connecting to db1lapetro between 2026-04-15 19:34 and 2026-04-15 19:34 UTC.	2026-04-15
IPv4	110.177.177.65	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.177.65 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-15
IPv4	47.83.248.244	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.83.248.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-15
IPv4	199.244.88.225	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 199.244.88.225 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_abusers_30d).	2026-04-15
IPv4	210.123.169.104	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 210.123.169.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	94.26.106.206	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 94.26.106.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-15
IPv4	18.97.19.199	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 18.97.19.199 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-15
IPv4	46.150.36.187	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, commands:executed. 46.150.36.187 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (20 commands), 4 malware samples. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-15
IPv4	192.241.137.43	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.241.137.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	20.91.140.49	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.91.140.49 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 86 times when connecting to db1lapetro between 2026-04-15 21:39 and 2026-04-15 21:39 UTC.	2026-04-15
IPv4	120.48.111.113	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 120.48.111.113 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 18 times when connecting to db1lapetro between 2026-04-15 21:43 and 2026-04-15 21:53 UTC.	2026-04-15
IPv4	38.210.187.8	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 38.210.187.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	13.206.69.235	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 13.206.69.235 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-15
IPv4	190.239.208.45	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 190.239.208.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	51.68.32.135	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP 51.68.32.135 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 24 times when connecting to mdms1 between 2026-04-15 23:23 and 2026-04-15 23:23 UTC.	2026-04-15
IPv4	45.148.10.238	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 45.148.10.238 observed using TLS client fingerprint 'Unknown TLS Client (74af2e9345af)' 75 times when connecting to db4lamedtech between 2026-04-15 23:17 and 2026-04-15 23:17 UTC.	2026-04-15
IPv4	124.225.206.172	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 124.225.206.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	69.6.227.130	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 69.6.227.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-15
IPv4	160.250.4.181	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP 160.250.4.181 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to db4lamedtech between 2026-04-15 22:17 and 2026-04-15 22:23 UTC.	2026-04-15
IPv4	158.180.79.132	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 158.180.79.132 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 22 times when connecting to db1lapetro between 2026-04-15 21:30 and 2026-04-15 22:27 UTC.	2026-04-15
IPv4	121.29.4.170	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 121.29.4.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	179.124.17.231	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported. 179.124.17.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	47.245.97.88	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.97.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	146.148.101.227	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 146.148.101.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	117.72.160.143	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 117.72.160.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	103.83.148.71	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 103.83.148.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	116.196.123.19	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.196.123.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-16
IPv4	68.235.46.43	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 68.235.46.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	20.111.62.2	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.111.62.2 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 8 times when connecting to db4lamedtech between 2026-04-15 23:29 and 2026-04-15 23:29 UTC.	2026-04-16
IPv4	42.114.92.75	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 42.114.92.75 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to db1lapetro between 2026-04-15 22:54 and 2026-04-15 23:48 UTC.	2026-04-16
IPv4	138.199.43.95	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-04-16
IPv4	123.56.146.124	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 123.56.146.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, high, multi-reported).	2026-04-16
IPv4	177.35.36.245	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 177.35.36.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-16
IPv4	190.120.249.146	Score: 50/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 190.120.249.146 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-04-16
IPv4	87.236.176.29	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	185.243.5.27	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-04-16
IPv4	36.106.166.16	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.166.16 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	216.218.206.114	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 216.218.206.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	89.188.72.73	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 89.188.72.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	145.239.66.9	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 145.239.66.9 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 4 times when connecting to db1lapetro between 2026-04-16 00:49 and 2026-04-16 00:53 UTC.	2026-04-16
IPv4	1.83.125.13	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-16
IPv4	8.209.68.199	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.209.68.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	45.65.233.18	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 45.65.233.18 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to offbackup1 between 2026-04-15 23:48 and 2026-04-16 00:30 UTC.	2026-04-16
IPv4	182.43.22.64	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 182.43.22.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-16
IPv4	1.193.63.41	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.193.63.41 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	192.3.96.60	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 192.3.96.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	162.243.40.46	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 162.243.40.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	176.65.132.5	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 176.65.132.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	116.178.129.48	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (116.178.129.48) is likely a commodity attacker targeting energy sector SSH services, observed attempting brute-force access to honeypot petroleum-hp-01 using common credentials like 'admin' and 'root'. The actor employed basic scanning techniques with limited sophistication, aligning with automated tools rather than advanced per...	2026-04-16
IPv4	60.13.6.67	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.67 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	109.70.100.13	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 109.70.100.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	221.207.35.244	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.244 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	58.243.46.154	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.46.154 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	106.117.108.232	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.108.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	185.28.85.30	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 185.28.85.30 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to offbackup1 between 2026-04-16 01:57 and 2026-04-16 02:02 UTC.	2026-04-16
IPv4	211.199.216.143	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 211.199.216.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	104.28.230.245	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 104.28.230.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	120.138.10.220	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 120.138.10.220 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-04-16
IPv4	85.8.183.115	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 85.8.183.115 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 33 times when connecting to db1lapetro between 2026-04-16 01:31 and 2026-04-16 02:12 UTC.	2026-04-16
IPv4	144.123.77.4	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 144.123.77.4 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	14.29.195.221	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 14.29.195.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	210.217.42.139	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 210.217.42.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	202.58.242.242	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 202.58.242.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	116.178.130.192	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.130.192 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported).	2026-04-16
IPv4	123.145.9.189	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.145.9.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	150.255.26.55	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 150.255.26.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	220.167.233.207	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.207 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	113.206.178.224	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 113.206.178.224 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-16
IPv4	84.54.72.80	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 84.54.72.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	220.167.232.217	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.217 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	121.29.84.200	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.200 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	59.173.111.18	Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 59.173.111.18 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	162.243.4.235	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 162.243.4.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	172.94.9.55	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 172.94.9.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	167.172.120.202	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP 167.172.120.202 observed using TLS client fingerprint 'Unknown TLS Client (2a3322ff12fd)' 7 times when connecting to db4lamedtech between 2026-04-16 02:35 and 2026-04-16 02:35 UTC.	2026-04-16
IPv4	50.116.46.6	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 50.116.46.6 observed using TLS client fingerprint 'Unknown TLS Client (2a3322ff12fd)' 7 times when connecting to db4lamedtech between 2026-04-16 02:35 and 2026-04-16 02:35 UTC.	2026-04-16
IPv4	36.255.33.112	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 36.255.33.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	112.46.213.96	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 112.46.213.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	194.187.179.3	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	47.91.16.59	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 47.91.16.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	68.235.46.89	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-04-16
IPv4	58.212.237.106	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.106 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	58.226.230.112	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 58.226.230.112 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	47.236.192.100	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.236.192.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	47.84.190.20	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.84.190.20 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-16
IPv4	114.97.190.232	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	59.173.108.248	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	143.110.253.138	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 143.110.253.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	27.47.27.172	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.27.172 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	222.176.201.86	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 222.176.201.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	72.80.203.117	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 72.80.203.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	3.141.153.201	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 3.141.153.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	14.135.75.69	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 14.135.75.69 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	60.13.7.21	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	59.173.110.58	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 59.173.110.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	220.167.232.158	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.158 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	180.95.231.128	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.95.231.128 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	106.15.198.146	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 106.15.198.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	144.123.76.188	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.76.188 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	209.99.191.9	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 209.99.191.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	1.83.125.244	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	124.90.49.120	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 124.90.49.120 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	178.128.235.23	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 178.128.235.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-16
IPv4	124.109.46.194	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 124.109.46.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	216.218.206.86	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 216.218.206.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	144.123.76.152	Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 144.123.76.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-04-16
IPv4	216.218.206.122	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 216.218.206.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	216.218.206.74	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 216.218.206.74 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	101.249.60.60	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.249.60.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	216.218.206.123	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 216.218.206.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	213.230.93.52	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 213.230.93.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	59.173.108.25	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	18.97.19.187	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 18.97.19.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	185.205.194.107	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 185.205.194.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	116.172.248.253	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.172.248.253 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-16
IPv4	60.13.6.79	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 60.13.6.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	222.118.170.176	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 222.118.170.176 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	88.88.156.124	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. Attacker IP 88.88.156.124 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 3 times when connecting to db1lapetro between 2026-04-16 05:12 and 2026-04-16 05:13 UTC.	2026-04-16
IPv4	59.103.104.254	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 59.103.104.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	144.31.220.38	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 144.31.220.38 observed using SSH client fingerprint 'Unknown SSH Client (92674389fa1e)' 38 times when connecting to db1lapetro between 2026-04-16 04:55 and 2026-04-16 05:13 UTC.	2026-04-16
IPv4	59.173.111.169	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.111.169 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	60.13.6.8	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 60.13.6.8 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	171.120.159.143	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.120.159.143 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	121.129.112.124	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 121.129.112.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	74.7.242.24	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 74.7.242.24 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl...' 75 times when connecting to db1lapetro between 2026-04-16 04:27 and 2026-04-16 04:28 UTC.	2026-04-16
IPv4	210.149.87.82	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 210.149.87.82 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 34 times when connecting to db4lamedtech between 2026-04-16 04:11 and 2026-04-16 04:55 UTC.	2026-04-16
IPv4	118.26.111.107	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 118.26.111.107 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 14 times when connecting to db4lamedtech between 2026-04-16 04:07 and 2026-04-16 05:13 UTC.	2026-04-16
IPv4	171.37.190.148	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.37.190.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	116.178.129.21	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	61.183.86.2	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 61.183.86.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	59.173.111.103	Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.103 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	87.236.176.110	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	124.117.193.140	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.193.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	59.52.100.50	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.52.100.50 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	42.228.3.78	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 42.228.3.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	112.122.237.251	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.122.237.251 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	222.176.200.147	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-16
IPv4	59.173.110.199	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.199 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	123.160.234.53	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.160.234.53 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	117.50.213.159	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 117.50.213.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-04-16
IPv4	144.123.76.132	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.76.132 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-16
IPv4	112.46.212.211	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.212.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	175.19.75.223	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 175.19.75.223 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-16
IPv4	180.111.30.165	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.111.30.165 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	180.95.231.41	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 180.95.231.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	47.236.198.103	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.236.198.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	118.212.122.123	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	92.118.39.46	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 92.118.39.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, ddos, hacking).	2026-04-16
IPv4	223.123.73.247	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 223.123.73.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	165.227.55.4	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 165.227.55.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	222.95.168.4	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 222.95.168.4 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-16
IPv4	36.106.167.86	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 36.106.167.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	94.132.24.206	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 94.132.24.206 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	20.168.0.47	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 20.168.0.47 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-04-16
IPv4	115.190.11.114	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 115.190.11.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	46.191.157.159	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 46.191.157.159 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 4 times when connecting to mdms1 between 2026-04-16 05:31 and 2026-04-16 05:31 UTC.	2026-04-16
IPv4	111.40.55.169	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 111.40.55.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	107.175.49.221	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 107.175.49.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	60.13.6.98	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.98 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	58.212.237.109	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	124.117.193.141	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.193.141 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	177.185.159.14	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 177.185.159.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	58.212.237.97	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	60.13.7.63	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 60.13.7.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	220.250.10.183	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.10.183 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	60.13.7.73	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.73 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	106.117.107.185	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.107.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	172.213.241.216	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 172.213.241.216 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 178 times when connecting to mdms1 between 2026-04-16 07:19 and 2026-04-16 07:19 UTC.	2026-04-16
IPv4	58.243.46.25	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.243.46.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	116.178.129.120	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.129.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	192.140.173.157	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 192.140.173.157 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 2 times when connecting to mdms1 between 2026-04-16 07:16 and 2026-04-16 07:16 UTC.	2026-04-16
IPv4	144.123.77.74	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 144.123.77.74 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	124.227.31.21	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.227.31.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).	2026-04-16
IPv4	98.80.4.89	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 98.80.4.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-04-16
IPv4	123.245.84.84	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.84.84 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	101.46.2.214	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-04-16
IPv4	121.29.149.121	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 121.29.149.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-16
IPv4	77.42.68.4	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 77.42.68.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	122.96.28.141	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 122.96.28.141 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-04-16
IPv4	171.8.138.128	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.8.138.128 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	121.29.149.205	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 121.29.149.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-04-16
IPv4	27.47.24.67	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.24.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	36.106.166.165	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 36.106.166.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	222.95.168.105	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 222.95.168.105 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	171.37.92.245	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.37.92.245 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	185.220.114.132	Score: 55/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 185.220.114.132 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-04-16
IPv4	220.167.232.106	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	123.145.29.162	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.145.29.162 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	14.1.106.35	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 14.1.106.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	223.123.41.70	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 223.123.41.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	47.84.203.187	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.203.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	88.225.217.27	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 88.225.217.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	123.163.114.158	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.163.114.158 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	123.245.85.221	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.85.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	47.237.195.171	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.237.195.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-16
IPv4	182.119.230.209	Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.230.209 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	123.245.84.108	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.84.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-16
IPv4	118.212.123.25	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.25 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	112.162.208.207	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 112.162.208.207 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 3 times when connecting to db4lamedtech between 2026-04-16 08:01 and 2026-04-16 08:01 UTC.	2026-04-16
IPv4	36.106.167.193	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	58.243.46.51	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.243.46.51 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	124.117.192.209	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	118.212.122.244	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 118.212.122.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	59.173.110.111	Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 59.173.110.111 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	67.187.208.66	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 67.187.208.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	192.42.116.44	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.42.116.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	220.250.10.103	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 220.250.10.103 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	87.236.176.118	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	47.89.255.48	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.89.255.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	116.178.129.64	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.64 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	221.207.35.247	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.35.247 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	45.195.250.117	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.195.250.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	220.167.232.75	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.232.75 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	59.173.110.175	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	36.106.167.74	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.74 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	121.29.84.48	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.84.48 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	146.120.89.126	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP 146.120.89.126 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to offbackup1 between 2026-04-16 08:45 and 2026-04-16 09:20 UTC.	2026-04-16
IPv4	116.178.129.46	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 116.178.129.46 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	171.120.30.57	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.120.30.57 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	59.52.100.11	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.52.100.11 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	39.126.124.155	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 39.126.124.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	44.220.185.185	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-04-16
IPv4	117.40.114.45	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.40.114.45 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	124.117.192.243	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.243 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	220.250.10.79	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 220.250.10.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	92.118.39.236	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 92.118.39.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	98.80.4.88	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 98.80.4.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	47.84.200.4	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.200.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	110.177.180.230	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.180.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	223.199.172.14	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 223.199.172.14 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	171.120.159.131	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.120.159.131 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	47.250.95.159	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.95.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	58.19.104.244	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.19.104.244 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	36.106.167.87	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	59.173.108.90	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.90 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	136.0.251.127	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. Attacker IP 136.0.251.127 observed using TLS client fingerprint 'Unknown TLS Client (3b5052d0aa46)' 2 times when connecting to db1lapetro between 2026-04-16 09:48 and 2026-04-16 09:48 UTC.	2026-04-16
IPv4	34.64.203.22	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 34.64.203.22 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to db4lamedtech between 2026-04-16 08:59 and 2026-04-16 09:45 UTC.	2026-04-16
IPv4	60.16.198.123	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 60.16.198.123 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	118.212.123.106	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.106 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-04-16
IPv4	122.96.28.103	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 122.96.28.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	101.249.62.182	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 101.249.62.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	152.32.171.251	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Hong Kong, Hong Kong (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 8 unique usernames, execution of 22 commands (SSH key persistence, password changes, syst...	2026-04-16
IPv4	59.173.110.62	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.110.62 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	27.47.24.143	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	59.173.110.182	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 59.173.110.182 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	85.113.129.96	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 85.113.129.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	116.178.130.250	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 116.178.130.250 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	117.40.113.141	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 117.40.113.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	36.106.167.90	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.106.167.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	58.19.105.72	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 58.19.105.72 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	112.46.212.71	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.212.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	27.47.24.220	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.24.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	118.212.122.81	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	74.7.243.205	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 74.7.243.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	221.207.34.151	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.34.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	2.26.86.54	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 2.26.86.54 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 4 times when connecting to offbackup1 between 2026-04-16 10:54 and 2026-04-16 11:07 UTC.	2026-04-16
IPv4	144.123.76.166	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.76.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	1.83.125.25	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 1.83.125.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	118.212.122.88	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export, abuseipdb:web-attack. 118.212.122.88 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	91.196.152.134	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 91.196.152.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).	2026-04-16
IPv4	14.1.105.60	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 14.1.105.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	59.173.108.172	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.172 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	222.95.168.102	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.95.168.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	36.106.166.209	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	221.207.34.43	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.34.43 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	144.123.76.178	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.76.178 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-04-16
IPv4	144.123.77.70	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.77.70 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, multi-reported, reported).	2026-04-16
IPv4	27.47.25.96	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.25.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	220.250.11.143	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.11.143 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	98.83.226.125	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 98.83.226.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	54.210.155.69	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 54.210.155.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	222.215.159.14	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 222.215.159.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	110.177.179.220	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.179.220 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	180.95.238.173	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.173 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	221.167.202.166	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 221.167.202.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	172.213.0.122	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 172.213.0.122 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 124 times when connecting to mdms1 between 2026-04-16 11:42 and 2026-04-16 11:42 UTC.	2026-04-16
IPv4	60.13.6.215	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	157.245.220.50	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 157.245.220.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	58.243.46.143	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 58.243.46.143 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-16
IPv4	59.173.111.187	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.187 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	106.117.110.130	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.110.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	60.13.7.244	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.244 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	59.52.100.191	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.52.100.191 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-16
IPv4	14.103.31.163	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 14.103.31.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	27.47.25.214	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.25.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	106.117.116.95	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.116.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	1.85.219.220	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 1.85.219.220 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	175.32.84.103	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 175.32.84.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	112.94.190.209	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.94.190.209 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	110.177.183.214	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.183.214 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	192.42.116.60	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.42.116.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	123.14.127.162	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.14.127.162 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	20.203.186.201	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.203.186.201 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 142 times when connecting to db4lamedtech between 2026-04-16 13:00 and 2026-04-16 13:00 UTC.	2026-04-16
IPv4	175.19.75.170	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 175.19.75.170 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	14.135.74.49	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 14.135.74.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	222.176.201.39	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-16
IPv4	121.29.84.75	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	59.52.101.121	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.52.101.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-16
IPv4	139.212.69.154	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 139.212.69.154 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	182.138.158.42	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 182.138.158.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	60.13.6.215	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	157.245.220.50	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 157.245.220.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	58.243.46.143	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 58.243.46.143 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-16
IPv4	59.173.111.187	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.187 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	106.117.110.130	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.110.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	60.13.7.244	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.244 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	59.52.100.191	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.52.100.191 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-16
IPv4	14.103.31.163	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 14.103.31.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	27.47.25.214	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.25.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	106.117.116.95	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.116.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	1.85.219.220	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 1.85.219.220 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	175.32.84.103	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 175.32.84.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	112.94.190.209	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.94.190.209 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	110.177.183.214	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.183.214 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	192.42.116.60	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.42.116.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	123.14.127.162	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.14.127.162 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	20.203.186.201	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.203.186.201 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 142 times when connecting to db4lamedtech between 2026-04-16 13:00 and 2026-04-16 13:00 UTC.	2026-04-16
IPv4	175.19.75.170	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 175.19.75.170 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	14.135.74.49	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 14.135.74.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	222.176.201.39	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-16
IPv4	121.29.84.75	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	59.52.101.121	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.52.101.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-16
IPv4	139.212.69.154	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 139.212.69.154 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	182.138.158.42	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 182.138.158.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	123.178.210.123	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 123.178.210.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	78.187.202.158	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 78.187.202.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	110.177.177.129	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 110.177.177.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	143.92.53.33	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 143.92.53.33 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 2 times when connecting to offbackup1 between 2026-04-16 14:24 and 2026-04-16 14:28 UTC.	2026-04-16
IPv4	76.183.37.218	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 76.183.37.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	171.8.138.23	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.8.138.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	180.95.238.220	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 180.95.238.220 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	110.177.181.61	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 110.177.181.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	222.95.168.156	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 222.95.168.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	223.166.22.145	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 223.166.22.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-16
IPv4	47.237.195.115	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 47.237.195.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	47.237.196.160	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.196.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	101.249.62.9	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 101.249.62.9 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (hacking, low, port-scan).	2026-04-16
IPv4	14.135.74.42	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 14.135.74.42 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	180.111.30.15	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.111.30.15 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	182.119.230.91	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 182.119.230.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	118.212.122.94	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	139.212.68.136	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 139.212.68.136 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	88.198.178.2	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 88.198.178.2 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 15 times when connecting to mdms1 between 2026-04-16 13:33 and 2026-04-16 13:33 UTC.	2026-04-16
IPv4	59.52.102.20	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.52.102.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	182.119.226.14	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.226.14 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	110.177.181.217	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.181.217 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	171.8.138.63	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 171.8.138.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	124.227.31.85	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.227.31.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	87.236.176.172	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.172 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	220.167.232.165	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.165 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	64.227.33.251	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 64.227.33.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	185.242.226.70	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.242.226.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	120.48.50.133	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 120.48.50.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).	2026-04-16
IPv4	211.184.55.136	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 211.184.55.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	14.1.105.45	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 14.1.105.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	218.42.61.150	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 218.42.61.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	123.144.28.225	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 123.144.28.225 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	47.84.207.40	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.207.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	101.67.139.49	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 101.67.139.49 classified as attacker with unclear intent (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (minimal, reported).	2026-04-16
IPv4	47.84.195.124	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.195.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-16
IPv4	182.119.228.75	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 182.119.228.75 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	171.36.6.55	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.36.6.55 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	118.212.123.79	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.79 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	220.250.11.247	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.11.247 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	36.106.166.244	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.166.244 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	119.48.135.56	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 119.48.135.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	121.29.85.188	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 121.29.85.188 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	176.65.139.43	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Luxembourg (AS214472, Offshore LC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.	2026-04-16
IPv4	59.52.102.20	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.52.102.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	182.119.226.14	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.226.14 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	110.177.181.217	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.181.217 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	171.8.138.63	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 171.8.138.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	124.227.31.85	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.227.31.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	87.236.176.172	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.172 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	220.167.232.165	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.165 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	64.227.33.251	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 64.227.33.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	185.242.226.70	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.242.226.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	120.48.50.133	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 120.48.50.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).	2026-04-16
IPv4	211.184.55.136	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 211.184.55.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	14.1.105.45	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 14.1.105.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	218.42.61.150	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 218.42.61.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	123.144.28.225	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 123.144.28.225 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	47.84.207.40	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.207.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	101.67.139.49	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 101.67.139.49 classified as attacker with unclear intent (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (minimal, reported).	2026-04-16
IPv4	47.84.195.124	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.84.195.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-16
IPv4	182.119.228.75	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 182.119.228.75 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	171.36.6.55	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.36.6.55 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	118.212.123.79	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.79 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	220.250.11.247	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.11.247 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	36.106.166.244	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.166.244 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	119.48.135.56	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 119.48.135.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	121.29.85.188	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 121.29.85.188 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	176.65.139.43	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Luxembourg (AS214472, Offshore LC). Observed targeting healthcare sector honeypot medtech-hp-01 via honeytrap. 1 events.	2026-04-16
IPv4	103.183.13.42	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 103.183.13.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	119.48.134.154	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 119.48.134.154 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-16
IPv4	118.212.123.11	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	150.138.143.79	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 150.138.143.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ftp-brute).	2026-04-16
IPv4	104.28.160.166	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 104.28.160.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands). Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	27.193.230.64	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 27.193.230.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	59.173.110.55	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.55 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-04-16
IPv4	35.215.120.42	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, fatt. Attacker IP 35.215.120.42 observed using TLS client fingerprint 'Unknown TLS Client (9769e58a62d6)' 2 times when connecting to db4lamedtech between 2026-04-16 16:34 and 2026-04-16 16:34 UTC.	2026-04-16
IPv4	175.19.75.175	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 175.19.75.175 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	185.247.137.13	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.247.137.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	195.138.73.243	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 195.138.73.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	60.13.7.194	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	110.177.181.252	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.181.252 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	94.156.58.167	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 94.156.58.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	60.13.6.205	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.205 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	1.85.217.160	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 1.85.217.160 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	14.18.114.170	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 14.18.114.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-16
IPv4	116.176.61.136	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.176.61.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-04-16
IPv4	121.146.70.26	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 121.146.70.26 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	194.187.179.196	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.196 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-04-16
IPv4	222.94.32.217	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 222.94.32.217 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	118.212.121.238	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.238 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	59.173.108.106	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.108.106 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	61.171.95.18	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 61.171.95.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	221.207.35.163	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	60.13.6.163	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (60.13.6.163) is likely a commodity attacker node associated with automated SSH brute-force campaigns targeting energy sector assets. Observed attempting access to honeypot petroleum-hp-01 via honeytrap, suggesting exploitation of default credentials or weak SSH configurations. Limited sophistication indicated by low threat score and ...	2026-04-16
IPv4	123.245.84.220	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.220 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	20.194.110.188	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.194.110.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	138.2.102.66	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 138.2.102.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	123.245.84.102	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	44.209.43.227	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 44.209.43.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	59.173.110.179	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.110.179 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	59.173.108.93	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.93 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	27.47.26.208	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.26.208 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	60.13.6.224	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.224 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	1.85.217.228	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 1.85.217.228 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	27.47.26.112	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 27.47.26.112 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	182.119.225.93	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.225.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	58.243.46.149	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export, abuseipdb:ssh. 58.243.46.149 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-16
IPv4	220.167.233.254	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	60.13.7.112	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, cowrie. 60.13.7.112 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-16
IPv4	123.14.120.116	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.14.120.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	122.96.28.49	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 122.96.28.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	194.187.179.134	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	220.250.10.21	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.10.21 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	1.83.125.106	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	2.27.4.114	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 2.27.4.114 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-04-16 16:53 and 2026-04-16 16:54 UTC.	2026-04-16
IPv4	172.213.155.173	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 172.213.155.173 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 115 times when connecting to mdms1 between 2026-04-16 16:41 and 2026-04-16 16:42 UTC.	2026-04-16
IPv4	210.79.191.44	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 210.79.191.44 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-16 16:41 and 2026-04-16 17:25 UTC.	2026-04-16
IPv4	14.225.205.58	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 14.225.205.58 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to mdms1 between 2026-04-16 16:29 and 2026-04-16 17:13 UTC.	2026-04-16
IPv4	123.178.210.78	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.178.210.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-16
IPv4	123.160.172.33	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, cowrie. 123.160.172.33 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-16
IPv4	197.231.133.214	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 197.231.133.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	106.117.104.151	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 106.117.104.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	93.115.14.121	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 93.115.14.121 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (20 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	58.19.80.214	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.19.80.214 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	220.167.233.196	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.233.196 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	220.167.232.80	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 220.167.232.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	27.47.25.126	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 27.47.25.126 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-16
IPv4	182.119.225.185	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.225.185 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	171.12.10.25	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 171.12.10.25 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-16
IPv4	198.199.104.186	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 198.199.104.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	59.50.24.47	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4134, Chinanet). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 4 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of 19 malware samples. SSH ...	2026-04-16
IPv4	209.38.102.26	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 209.38.102.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	102.22.242.20	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 102.22.242.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	152.136.189.143	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 152.136.189.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	124.89.90.50	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 124.89.90.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	120.48.4.73	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 120.48.4.73 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 2 times when connecting to offbackup1 between 2026-04-16 18:13 and 2026-04-16 18:26 UTC.	2026-04-16
IPv4	152.42.240.74	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Singapore, Singapore (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 7 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cro...	2026-04-16
IPv4	198.46.182.163	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP from Los Angeles, United States (AS36352, HostPapa). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, ...	2026-04-16
IPv4	27.47.27.65	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.27.65 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	118.212.121.248	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	59.173.109.19	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	47.251.34.170	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.34.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	1.83.125.119	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.83.125.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	114.97.190.141	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	171.36.6.223	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.36.6.223 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	106.63.26.140	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 106.63.26.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	106.63.26.131	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.63.26.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	47.237.207.10	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.207.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	182.119.226.217	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 182.119.226.217 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	98.94.39.8	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 98.94.39.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	54.92.204.5	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 54.92.204.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	27.47.24.179	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.24.179 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	117.40.114.118	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 117.40.114.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	185.242.3.195	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.242.3.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	189.232.40.237	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 189.232.40.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	59.173.110.76	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.76 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	123.144.28.220	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.144.28.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	144.123.77.43	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.77.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	182.119.226.154	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 182.119.226.154 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	36.106.166.6	Score: 55/100. Labels: abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.166.6 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, hacking, low).	2026-04-16
IPv4	81.101.124.166	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 81.101.124.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	118.212.123.31	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-16
IPv4	114.97.191.205	Score: 75/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 114.97.191.205 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported).	2026-04-16
IPv4	137.184.37.158	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 137.184.37.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	123.245.84.77	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	114.97.190.172	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.172 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	153.99.92.91	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 153.99.92.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-16
IPv4	27.47.26.158	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.26.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-16
IPv4	185.213.174.123	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.213.174.123 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:138.0) Geck...' 22 times when connecting to mdms1 between 2026-04-16 18:43 and 2026-04-16 18:43 UTC.	2026-04-16
IPv4	82.67.201.1	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 82.67.201.1 observed using TLS client fingerprint 'Unknown TLS Client (e9ea2da29b91)' 2 times when connecting to db1lapetro between 2026-04-16 18:36 and 2026-04-16 18:38 UTC.	2026-04-16
IPv4	106.75.127.184	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP 106.75.127.184 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 15 times when connecting to offbackup1 between 2026-04-16 18:05 and 2026-04-16 18:32 UTC.	2026-04-16
IPv4	27.47.26.24	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.26.24 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	98.198.177.183	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 98.198.177.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	40.77.167.51	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 40.77.167.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	171.36.6.213	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Low-sophistication attacker from Nanning, China (AS4837) targeting energy sector honeypots via SSH brute force attacks. Observed interacting with petroleum-hp-01 honeypot using credential-guessing techniques, indicative of commodity attack tooling. Limited impact but suggests potential scanning for vulnerable infrastructure.	2026-04-16
IPv4	176.65.139.254	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 176.65.139.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	183.250.248.29	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 183.250.248.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-16
IPv4	68.183.7.247	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 68.183.7.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	123.245.84.255	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. This IP (123.245.84.255) is likely a botnet node or automated scanner targeting healthcare sector SSH services, observed attempting brute-force attacks against honeypot mdms-hp-01 using common credentials like 'admin'/'password'. The attacker exhibits low sophistication, leveraging basic SSH enumeration techniques (T1110.001) and command-line ...	2026-04-16
IPv4	112.94.189.16	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.189.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	171.8.138.228	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.8.138.228 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	101.249.62.199	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 101.249.62.199 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	183.185.110.211	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 183.185.110.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	194.31.223.191	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 194.31.223.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	41.94.105.10	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 41.94.105.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	121.29.84.27	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	112.94.190.196	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.94.190.196 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	14.135.75.3	Score: 95/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 14.135.75.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	39.185.74.171	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 39.185.74.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	171.36.6.205	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.6.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	221.13.86.10	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 221.13.86.10 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	58.243.47.87	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.47.87 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	43.155.40.238	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 43.155.40.238 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 4 times when connecting to offbackup1 between 2026-04-16 19:50 and 2026-04-16 19:53 UTC.	2026-04-16
IPv4	182.119.226.206	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 182.119.226.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	220.167.232.16	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.232.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	47.251.186.126	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.251.186.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	222.176.200.70	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	111.7.96.162	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 111.7.96.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	142.93.61.60	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 142.93.61.60 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 2 times when connecting to db1lapetro between 2026-04-16 19:48 and 2026-04-16 19:48 UTC.	2026-04-16
IPv4	121.29.85.52	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 121.29.85.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	59.173.110.158	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.110.158 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	116.172.201.172	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.172.201.172 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-16
IPv4	118.212.120.167	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.167 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	58.243.46.248	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 58.243.46.248 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	106.63.26.139	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 106.63.26.139 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/5...' 2 times when connecting to mdms1 between 2026-04-16 19:31 and 2026-04-16 19:32 UTC.	2026-04-16
IPv4	37.143.61.130	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 37.143.61.130 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 33 times when connecting to offbackup1 between 2026-04-16 19:18 and 2026-04-16 20:14 UTC.	2026-04-16
IPv4	112.46.214.78	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.214.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	59.173.108.44	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.44 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-16
IPv4	87.236.176.114	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	103.63.231.168	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 103.63.231.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	223.199.170.129	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 223.199.170.129 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	144.123.78.16	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 144.123.78.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-04-16
IPv4	58.19.143.19	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.19.143.19 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	171.8.138.3	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.8.138.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	14.135.74.233	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	144.123.76.127	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 144.123.76.127 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	182.242.168.151	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.242.168.151 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	58.19.83.239	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.19.83.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	116.172.248.170	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.172.248.170 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	171.36.6.163	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.6.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	171.36.7.224	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 171.36.7.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-16
IPv4	123.234.3.106	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 123.234.3.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	27.43.207.236	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 27.43.207.236 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	43.163.110.140	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.163.110.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	194.140.198.34	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 194.140.198.34 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	121.29.149.33	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	59.173.110.162	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.162 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	220.154.130.30	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 220.154.130.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	114.97.191.79	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	193.163.125.134	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.163.125.134 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2).	2026-04-16
IPv4	192.36.109.96	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 192.36.109.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	45.94.217.53	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.94.217.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	123.191.129.74	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 123.191.129.74 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	118.212.123.0	Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export, cowrie. This IP (118.212.123.0) is likely a commodity attacker associated with China Unicom's backbone network, targeting healthcare sector systems via SSH brute-force attacks against honeypots like mdms-hp-01. The actor used basic credential-guessing techniques and was detected by honeypot sensors but not by most commercial threat intelligence engines, indicating low-t...	2026-04-16
IPv4	60.13.7.156	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.156 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	8.209.221.195	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 8.209.221.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-04-16
IPv4	171.8.138.203	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 171.8.138.203 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	221.199.73.212	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 221.199.73.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	106.117.116.229	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.116.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	118.212.121.144	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.144 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	198.98.56.205	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 198.98.56.205 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-16 20:57 and 2026-04-16 21:35 UTC.	2026-04-16
IPv4	59.173.111.174	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	182.242.168.217	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.217 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-16
IPv4	61.98.8.154	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 61.98.8.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	114.97.190.13	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 114.97.190.13 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported).	2026-04-16
IPv4	47.84.203.90	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.203.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-16
IPv4	27.47.25.81	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.25.81 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	123.144.26.216	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.144.26.216 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	160.16.124.107	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 160.16.124.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	58.243.47.7	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.47.7 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-16
IPv4	112.94.191.102	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.94.191.102 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	44.220.188.162	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 44.220.188.162 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (moderate, reported, well-known).	2026-04-16
IPv4	221.207.35.148	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 221.207.35.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	116.178.128.254	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	221.208.113.209	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 221.208.113.209 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	117.62.205.231	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 117.62.205.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	36.106.166.86	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 36.106.166.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-16
IPv4	121.29.85.173	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.85.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	46.151.182.158	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Netherlands (AS205759, Ghosty Networks LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via dionaea. 1 events.	2026-04-16
IPv4	180.95.238.8	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. This IP (180.95.238.8) is likely a commodity attacker targeting healthcare sector IT infrastructure via SSH brute-force attacks against honeypots. Observed using automated tools to probe medtech-hp-01, with limited sophistication evident in basic command execution attempts (e.g., 'uname -a', 'id') and credential spraying. While GTI classifies...	2026-04-16
IPv4	153.0.41.41	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 153.0.41.41 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-16
IPv4	60.13.6.7	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-16
IPv4	176.65.139.67	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 176.65.139.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-16
IPv4	59.173.109.104	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	182.242.168.47	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-16
IPv4	195.161.114.163	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP 195.161.114.163 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to db1lapetro between 2026-04-16 21:33 and 2026-04-16 22:01 UTC.	2026-04-16
IPv4	112.94.188.19	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.188.19 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	220.250.10.88	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.10.88 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	118.212.123.152	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.123.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	23.17.35.68	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 23.17.35.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	123.160.172.94	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.160.172.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	222.176.200.203	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.203 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	59.52.100.241	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.52.100.241 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	14.1.104.239	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 14.1.104.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	176.65.148.173	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 176.65.148.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	116.178.130.71	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	112.94.191.156	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.191.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	59.173.109.23	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.23 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-17
IPv4	182.242.169.110	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 182.242.169.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	217.182.195.179	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 217.182.195.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	101.68.46.239	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 101.68.46.239 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	112.122.237.18	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.122.237.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	44.220.188.79	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 44.220.188.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	171.37.190.0	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 171.37.190.0 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	59.173.110.185	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.185 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	45.93.28.216	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Seoul, South Korea (AS138195, MOACK.Co.LTD). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 5 unique usernames, execution of 42 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing,...	2026-04-17
IPv4	222.94.32.88	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.94.32.88 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	222.176.200.240	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.240 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	182.119.224.65	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export, cowrie. 182.119.224.65 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-17
IPv4	118.212.123.230	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	23.94.237.212	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 23.94.237.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	116.178.131.5	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-17
IPv4	110.177.182.68	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 110.177.182.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	144.123.76.212	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.76.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	123.178.210.22	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.178.210.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	60.13.6.72	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	218.59.12.92	Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 218.59.12.92 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-04-17
IPv4	121.29.149.124	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.124 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	116.178.131.222	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-17
IPv4	71.192.86.51	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 71.192.86.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	123.245.85.164	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	59.173.109.130	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	177.136.246.131	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 177.136.246.131 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 2 times when connecting to mdms1 between 2026-04-16 22:47 and 2026-04-16 22:47 UTC.	2026-04-17
IPv4	20.220.15.7	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.220.15.7 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 142 times when connecting to db4lamedtech between 2026-04-16 22:37 and 2026-04-16 22:38 UTC.	2026-04-17
IPv4	41.82.60.83	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 41.82.60.83 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 26 times when connecting to db1lapetro between 2026-04-16 22:06 and 2026-04-16 22:43 UTC.	2026-04-17
IPv4	189.243.47.150	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 189.243.47.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	220.250.10.188	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 220.250.10.188 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	59.173.111.125	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.111.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	44.220.185.82	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 44.220.185.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-17
IPv4	115.248.8.65	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 115.248.8.65 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-04-17 00:33 and 2026-04-17 00:35 UTC.	2026-04-17
IPv4	112.94.189.3	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.189.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	171.37.190.35	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.37.190.35 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	78.68.39.38	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 78.68.39.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	14.135.74.138	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 14.135.74.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	171.37.190.198	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.37.190.198 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	120.48.14.39	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 120.48.14.39 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-17
IPv4	110.177.181.22	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.181.22 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	51.68.107.144	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 51.68.107.144 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v2.0.5; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-04-17 00:08 and 2026-04-17 00:08 UTC.	2026-04-17
IPv4	85.11.167.114	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 85.11.167.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	171.36.6.254	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.36.6.254 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	180.111.30.215	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 180.111.30.215 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	81.70.166.181	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 81.70.166.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	93.123.109.166	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 93.123.109.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, hacking, low).	2026-04-17
IPv4	18.97.5.8	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 18.97.5.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	144.48.130.233	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 144.48.130.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	118.212.121.106	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	222.176.200.91	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-17
IPv4	116.178.129.105	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.129.105 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported).	2026-04-17
IPv4	223.130.11.143	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 223.130.11.143 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	158.94.210.203	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 158.94.210.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	14.135.74.212	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 14.135.74.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	60.213.29.242	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.213.29.242 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	182.119.225.149	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.225.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	125.59.29.46	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 125.59.29.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	91.79.195.143	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 91.79.195.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	72.167.39.245	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 72.167.39.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	118.212.121.18	Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.18 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	123.245.85.120	Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.85.120 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	143.110.182.205	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 143.110.182.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	59.173.110.149	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.149 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	119.152.228.211	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 119.152.228.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	47.84.176.59	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.84.176.59 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	101.249.62.222	Score: 60/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 101.249.62.222 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	58.243.46.8	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.243.46.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	58.212.237.212	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (58.212.237.212) is likely a low-sophistication automated scanner or brute-force actor targeting healthcare sector systems, observed attempting SSH/Telnet access against honeypot mdms-hp-01. Limited impact indicated by low threat scores and minimal detection across engines, suggesting rudimentary tooling with no confirmed malware deliver...	2026-04-17
IPv4	220.167.233.116	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.116 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	58.212.237.136	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	112.94.188.168	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 112.94.188.168 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	193.123.105.43	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 193.123.105.43 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	123.245.84.135	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 123.245.84.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	110.177.181.173	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.181.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	110.177.182.169	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.182.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	143.137.81.92	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 143.137.81.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	182.119.230.0	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 182.119.230.0 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	119.48.134.250	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 119.48.134.250 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	152.32.214.55	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 152.32.214.55 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to db4lamedtech between 2026-04-17 00:26 and 2026-04-17 01:05 UTC.	2026-04-17
IPv4	160.30.158.167	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from Vietnam (AS152978, PHB Digital Technology Solutions Company Limited). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username, delivery of 1 malware sample. duration: 3m 5s; 5 events.	2026-04-17
IPv4	185.203.216.248	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.203.216.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	27.47.24.36	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.24.36 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	114.97.191.234	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (114.97.191.234) is likely an automated brute-force actor targeting energy sector SSH services, observed attempting access to honeypot petroleum-hp-01 using common credentials like 'admin'/'password'. The low sophistication suggests commodity tooling rather than advanced persistent threat capabilities, with limited impac...	2026-04-17
IPv4	171.25.158.24	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Vaxjo, Sweden (AS35100, Patrik Lagerman). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 14 failed login attempts, 14 credential pairs tried across 6 unique usernames, execution of 40 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, ...	2026-04-17
IPv4	59.173.110.144	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	118.212.121.212	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.212 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	175.19.75.249	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 175.19.75.249 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	221.199.73.77	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.199.73.77 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	89.125.16.91	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 89.125.16.91 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 5 times when connecting to offbackup1 between 2026-04-17 02:26 and 2026-04-17 02:28 UTC.	2026-04-17
IPv4	98.80.4.108	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 98.80.4.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, ftp-brute).	2026-04-17
IPv4	68.183.120.230	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 68.183.120.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-17
IPv4	64.227.7.255	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 64.227.7.255 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	78.153.155.196	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 78.153.155.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	93.123.109.163	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 93.123.109.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	110.177.179.24	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.179.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	222.94.32.10	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.94.32.10 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	111.125.143.77	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 111.125.143.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, port-scan).	2026-04-17
IPv4	184.105.139.93	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 184.105.139.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	74.82.47.35	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 74.82.47.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	27.47.27.225	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 27.47.27.225 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-17
IPv4	180.95.231.86	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.86 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	194.58.114.52	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 194.58.114.52 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to offbackup1 between 2026-04-17 01:52 and 2026-04-17 02:28 UTC.	2026-04-17
IPv4	95.217.176.128	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 95.217.176.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	103.215.74.60	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 103.215.74.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	1.83.125.218	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP from Xi'an, China (AS4134/Chinanet) is likely a commodity attacker using automated tools to probe energy sector systems via SSH/Telnet. Observed targeting honeypot petroleum-hp-01 with low-sophistication brute-force attempts against SSH services, consistent with generic credential spraying campaigns. Limited impact detected, ...	2026-04-17
IPv4	221.13.86.0	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 221.13.86.0 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	88.151.32.108	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 88.151.32.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	18.97.26.55	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 18.97.26.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	144.123.76.110	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 144.123.76.110 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	42.239.232.60	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 42.239.232.60 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	171.120.24.115	Score: 70/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.120.24.115 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-04-17
IPv4	116.178.128.228	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 116.178.128.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	117.40.114.98	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 117.40.114.98 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-17
IPv4	79.19.168.101	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 79.19.168.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	222.134.163.89	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 222.134.163.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	123.245.85.231	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.245.85.231 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	221.199.73.90	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.199.73.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-17
IPv4	87.236.176.180	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	139.59.68.173	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 139.59.68.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	104.46.233.222	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 104.46.233.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	114.97.191.5	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.191.5 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	27.47.27.152	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 27.47.27.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	106.117.104.34	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 106.117.104.34 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-17
IPv4	184.105.139.96	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 184.105.139.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	100.29.192.64	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 100.29.192.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	184.105.139.124	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 184.105.139.124 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	182.242.168.208	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.242.168.208 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	59.173.111.229	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, cowrie. 59.173.111.229 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	116.178.129.9	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	165.227.188.179	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 165.227.188.179 observed using TLS client fingerprint 'Unknown TLS Client (d2da84ce0e75)' 2 times when connecting to offbackup1 between 2026-04-17 03:35 and 2026-04-17 03:35 UTC.	2026-04-17
IPv4	171.37.191.22	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.37.191.22 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-17
IPv4	114.97.191.162	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.162 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	121.36.23.190	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 121.36.23.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	123.160.235.119	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.160.235.119 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	129.121.87.230	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 129.121.87.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	59.173.109.43	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	60.13.6.116	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 60.13.6.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	139.135.41.1	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 139.135.41.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	101.249.60.89	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 101.249.60.89 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level4).	2026-04-17
IPv4	195.184.76.47	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 195.184.76.47 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2).	2026-04-17
IPv4	27.47.24.47	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.24.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-17
IPv4	144.123.76.221	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 144.123.76.221 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	221.207.35.236	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.35.236 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	118.212.121.63	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 118.212.121.63 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-17
IPv4	171.36.7.213	Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 171.36.7.213 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-17
IPv4	112.122.237.1	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.122.237.1 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-17
IPv4	103.72.98.66	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 103.72.98.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	121.29.85.179	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.85.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	78.187.30.37	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 78.187.30.37 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, high).	2026-04-17
IPv4	92.118.39.196	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 92.118.39.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	181.188.176.246	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 181.188.176.246 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 28 times when connecting to offbackup1 between 2026-04-17 03:29 and 2026-04-17 04:19 UTC.	2026-04-17
IPv4	118.212.121.118	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	119.48.135.157	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 119.48.135.157 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	124.117.193.198	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 124.117.193.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	101.68.4.10	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 101.68.4.10 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	58.243.47.148	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.243.47.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	111.40.55.168	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 111.40.55.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	85.159.209.136	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 85.159.209.136 observed using TLS client fingerprint 'Unknown TLS Client (2a3322ff12fd)' 7 times when connecting to mdms1 between 2026-04-17 05:34 and 2026-04-17 05:34 UTC.	2026-04-17
IPv4	194.187.179.122	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	180.95.238.225	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.225 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	139.135.41.79	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 139.135.41.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	116.172.200.253	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.172.200.253 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	37.19.216.146	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 37.19.216.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	47.254.76.66	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.254.76.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	58.243.47.198	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.243.47.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	116.178.129.128	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-17
IPv4	110.37.91.29	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 110.37.91.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	175.205.37.98	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 175.205.37.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	172.105.157.220	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 172.105.157.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	114.97.191.186	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (114.97.191.186) is likely a commodity attacker targeting healthcare sector systems via SSH brute-force attacks against honeypots. Observed interacting with mdms-hp-01 honeytrap using common credentials and basic command-line tools, indicating low sophistication. The attack pattern aligns with automated scanning infrastructure rather than a...	2026-04-17
IPv4	51.222.105.197	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 51.222.105.197 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 14 times when connecting to mdms1 between 2026-04-17 05:06 and 2026-04-17 05:28 UTC.	2026-04-17
IPv4	221.226.31.137	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 221.226.31.137 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 3 times when connecting to offbackup1 between 2026-04-17 05:05 and 2026-04-17 05:05 UTC.	2026-04-17
IPv4	114.129.234.8	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 114.129.234.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	60.13.6.81	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (60.13.6.81) is likely a commodity attacker node targeting healthcare sector assets via SSH brute-force attacks against honeypots. Observed attempting access to medtech-hp-01 using common credentials, indicative of low-to-moderate sophistication. No malware or persistent access confirmed, but aligns with automated scanning infrastruct...	2026-04-17
IPv4	118.212.123.221	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-17
IPv4	116.178.129.96	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.96 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	121.29.149.41	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	45.230.66.111	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 45.230.66.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level1); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	175.19.74.100	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 175.19.74.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	121.29.85.66	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 121.29.85.66 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	114.97.190.134	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-17
IPv4	43.228.157.6	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 43.228.157.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	139.212.71.4	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 139.212.71.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	116.178.130.19	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.19 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	203.195.83.2	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 203.195.83.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-17
IPv4	135.235.236.63	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 135.235.236.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	144.123.76.154	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.76.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	59.173.110.13	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	150.116.89.83	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 150.116.89.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	183.108.0.232	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 183.108.0.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	14.139.158.118	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 14.139.158.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	222.176.200.169	Score: 85/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 222.176.200.169 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	124.117.193.31	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.193.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	50.116.46.217	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 50.116.46.217 observed using TLS client fingerprint 'Unknown TLS Client (2a3322ff12fd)' 7 times when connecting to offbackup1 between 2026-04-17 06:02 and 2026-04-17 06:02 UTC.	2026-04-17
IPv4	172.105.178.217	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 172.105.178.217 observed using TLS client fingerprint 'Unknown TLS Client (2a3322ff12fd)' 7 times when connecting to offbackup1 between 2026-04-17 06:01 and 2026-04-17 06:02 UTC.	2026-04-17
IPv4	54.38.60.112	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. This IP (54.38.60.112) is likely a commodity botnet node or automated scanner targeting technology sector assets via SSH brute-force attacks against honeypots like sentrypeer. The attacker attempted to establish command sessions using common credential patterns, consistent with low-sophistication threat actors leveraging default or weak credentia...	2026-04-17
IPv4	47.250.43.66	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.43.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	58.212.237.218	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.218 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	1.24.16.137	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 1.24.16.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	101.249.61.167	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.61.167 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level4).	2026-04-17
IPv4	178.141.244.98	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 178.141.244.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-17
IPv4	66.167.166.174	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 66.167.166.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	47.245.103.29	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.245.103.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	103.153.183.126	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 103.153.183.126 observed using TLS client fingerprint 'Unknown TLS Client (698d5e48d643)' 19 times when connecting to db4lamedtech between 2026-04-17 07:37 and 2026-04-17 07:37 UTC.	2026-04-17
IPv4	5.172.10.217	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 5.172.10.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	3.134.93.22	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 3.134.93.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	221.208.113.81	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.208.113.81 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	44.220.185.196	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. IP observed in Suricata network metadata	2026-04-17
IPv4	123.245.85.89	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 123.245.85.89 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	59.173.109.145	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	144.123.77.1	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 144.123.77.1 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	172.86.67.130	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-04-17
IPv4	1.95.13.173	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 1.95.13.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	116.178.129.193	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.193 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	20.244.43.255	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 20.244.43.255 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	118.212.122.101	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 118.212.122.101 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	139.177.194.152	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 139.177.194.152 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);' 2 times when connecting to db1lapetro between 2026-04-17 06:55 and 2026-04-17 06:55 UTC.	2026-04-17
IPv4	185.227.152.219	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.227.152.219 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to offbackup1 between 2026-04-17 06:41 and 2026-04-17 07:19 UTC.	2026-04-17
IPv4	171.25.158.80	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 171.25.158.80 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 26 times when connecting to mdms1 between 2026-04-17 06:31 and 2026-04-17 07:10 UTC.	2026-04-17
IPv4	47.251.28.157	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.28.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	114.97.190.37	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.190.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	124.117.193.65	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.193.65 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	165.154.227.8	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 165.154.227.8 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 8 times when connecting to offbackup1 between 2026-04-17 08:32 and 2026-04-17 08:59 UTC.	2026-04-17
IPv4	182.119.227.251	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 182.119.227.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	82.97.252.151	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:iot-targeted, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 82.97.252.151 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 24 times when connecting to db1lapetro between 2026-04-17 08:28 and 2026-04-17 09:00 UTC.	2026-04-17
IPv4	180.111.30.123	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 180.111.30.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	118.212.121.159	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.159 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	115.190.242.30	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 115.190.242.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	39.171.252.186	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 39.171.252.186 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 2 times when connecting to db1lapetro between 2026-04-17 08:01 and 2026-04-17 08:01 UTC.	2026-04-17
IPv4	118.212.121.157	Score: 55/100. Labels: abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 118.212.121.157 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, multi-reported, port-scan).	2026-04-17
IPv4	165.154.205.91	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 165.154.205.91 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 30 times when connecting to db4lamedtech between 2026-04-17 07:58 and 2026-04-17 08:41 UTC.	2026-04-17
IPv4	47.251.28.25	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.28.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	124.117.193.58	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.193.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-17
IPv4	118.70.80.186	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 118.70.80.186 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 3 times when connecting to offbackup1 between 2026-04-17 07:28 and 2026-04-17 08:35 UTC.	2026-04-17
IPv4	112.94.188.56	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.94.188.56 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	171.36.7.236	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.36.7.236 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	110.177.180.150	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.180.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	121.36.46.107	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 121.36.46.107 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db4lamedtech between 2026-04-17 09:39 and 2026-04-17 09:39 UTC.	2026-04-17
IPv4	110.177.181.84	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.181.84 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	171.37.93.128	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 171.37.93.128 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	121.36.58.228	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 121.36.58.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-17
IPv4	181.115.178.226	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 181.115.178.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	5.133.192.166	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 5.133.192.166 observed using TLS client fingerprint 'Unknown TLS Client (cd5ba0bbcab7)' 2 times when connecting to mdms1 between 2026-04-17 09:23 and 2026-04-17 09:23 UTC.	2026-04-17
IPv4	103.251.49.230	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 103.251.49.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	1.83.125.226	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	60.13.7.94	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	216.218.206.118	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 216.218.206.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	59.173.108.51	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.108.51 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	151.69.244.7	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. This IP (151.69.244.7) is likely a commodity attacker associated with automated SSH brute-force campaigns targeting healthcare sector assets. Observed exploiting honeypot mdms-hp-01 via Dionaea, using common credential patterns and command-line interface interactions. The actor demonstrates low-to-moderate sophistication, leveraging standa...	2026-04-17
IPv4	59.173.110.141	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.141 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	222.176.201.156	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.156 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	221.207.34.94	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.207.34.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	77.7.14.150	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 77.7.14.150 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	116.178.131.75	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	58.243.47.3	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.47.3 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	138.124.181.144	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 138.124.181.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	176.65.134.30	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 176.65.134.30 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (exploited-host, hacking, high).	2026-04-17
IPv4	36.106.166.69	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.166.69 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-04-17
IPv4	1.193.63.196	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 1.193.63.196 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	77.235.20.52	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 77.235.20.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	27.47.26.196	Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 27.47.26.196 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	66.56.80.177	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 66.56.80.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	198.11.179.136	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 198.11.179.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	47.254.64.75	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.64.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	221.207.35.154	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.35.154 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	58.19.104.26	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.19.104.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	123.160.172.76	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.160.172.76 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	60.13.7.227	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.227 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-17
IPv4	152.32.236.125	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 152.32.236.125 observed using TLS client fingerprint 'Unknown TLS Client (9de7749151c7)' 3 times when connecting to db1lapetro between 2026-04-17 10:20 and 2026-04-17 10:20 UTC.	2026-04-17
IPv4	36.106.167.52	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 36.106.167.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-17
IPv4	83.219.249.173	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 83.219.249.173 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 12 times when connecting to db1lapetro between 2026-04-17 10:17 and 2026-04-17 10:56 UTC.	2026-04-17
IPv4	135.222.174.121	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 135.222.174.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	171.37.191.235	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.37.191.235 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	58.212.237.44	Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (58.212.237.44) is likely a commodity attacker originating from Nanjing, China, targeting energy sector assets via SSH brute-force attempts against honeypot petroleum-hp-01. The actor used basic credential patterns and executed common shell commands (e.g., 'uname -a', 'ifconfig') during interactive sessions, indicating low-to-moderate so...	2026-04-17
IPv4	117.40.113.7	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.40.113.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-04-17
IPv4	59.53.133.127	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.53.133.127 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	58.19.104.126	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.19.104.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	27.79.41.18	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 27.79.41.18 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 12 times when connecting to offbackup1 between 2026-04-17 10:03 and 2026-04-17 10:54 UTC.	2026-04-17
IPv4	27.79.41.136	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 27.79.41.136 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 15 times when connecting to offbackup1 between 2026-04-17 10:02 and 2026-04-17 10:54 UTC.	2026-04-17
IPv4	43.153.150.130	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 43.153.150.130 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 11 times when connecting to mdms1 between 2026-04-17 10:02 and 2026-04-17 10:16 UTC.	2026-04-17
IPv4	175.178.220.98	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 175.178.220.98 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 8 times when connecting to mdms1 between 2026-04-17 10:00 and 2026-04-17 10:31 UTC.	2026-04-17
IPv4	112.94.188.127	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 112.94.188.127 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	220.250.11.138	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 220.250.11.138 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	58.212.237.158	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.212.237.158 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-17
IPv4	103.25.208.43	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.25.208.43 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to db4lamedtech between 2026-04-17 09:50 and 2026-04-17 10:32 UTC.	2026-04-17
IPv4	223.233.87.154	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 223.233.87.154 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 28 times when connecting to mdms1 between 2026-04-17 09:20 and 2026-04-17 10:05 UTC.	2026-04-17
IPv4	172.245.43.228	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 172.245.43.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	1.83.125.179	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	118.212.121.92	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	112.94.191.122	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.94.191.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	110.177.177.93	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 110.177.177.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	116.178.128.9	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	36.106.167.213	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	112.94.190.159	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.94.190.159 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-17
IPv4	178.18.241.121	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 178.18.241.121 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	144.123.76.34	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (144.123.76.34) is likely a commodity attacker targeting healthcare sector systems, observed attempting SSH brute-force attacks against a medtech honeypot (medtech-hp-01) using common credentials. The actor exhibits low-to-moderate sophistication, leveraging automated tools to probe vulnerable SSH services, with limited impac...	2026-04-17
IPv4	59.173.109.230	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	1.85.216.250	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.85.216.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	116.178.130.133	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.133 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	222.176.200.103	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.103 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	176.65.148.141	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 176.65.148.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	185.247.137.88	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.88 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	27.47.27.40	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.27.40 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	118.212.123.166	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.123.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	180.95.238.239	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.239 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	221.13.93.234	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 221.13.93.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	116.178.128.235	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.128.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	171.8.138.216	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.8.138.216 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	1.83.125.142	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.142 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	58.212.237.38	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.212.237.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	185.242.3.60	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.242.3.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	220.250.11.64	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.11.64 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	103.168.67.107	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.168.67.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	222.176.200.171	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	206.135.174.62	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 206.135.174.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	47.77.213.24	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.77.213.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	106.4.161.92	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.4.161.92 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	59.173.109.144	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. This IP (59.173.109.144) is likely a commodity attacker node originating from Wuhan, China, targeting energy sector honeypots via SSH brute-force attacks. Observed interacting with the petroleum-hp-01 honeypot using honeytrap mechanisms, suggesting attempts to exploit default credentials or weak SSH configurations. The low sophistication and limite...	2026-04-17
IPv4	114.104.188.248	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 114.104.188.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	159.89.173.219	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 159.89.173.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	144.123.77.69	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.77.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	8.216.9.35	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 8.216.9.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	58.19.78.167	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.19.78.167 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	119.96.82.192	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 119.96.82.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	8.219.121.222	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 8.219.121.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	64.227.153.165	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 64.227.153.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	142.93.210.233	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 142.93.210.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	101.249.60.9	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 101.249.60.9 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	116.178.131.0	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.0 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	47.251.109.140	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.109.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	112.122.236.175	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. This IP (112.122.236.175) is likely a commodity attacker node originating from China's Anhui province, targeting healthcare sector systems via SSH brute-force attacks against honeypots like mdms-hp-01. The actor used basic credential patterns and command-line interfaces to probe for vulnerabilities, indicating low-to-moderate sophistication with potential sector-...	2026-04-17
IPv4	58.19.104.149	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.19.104.149 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	116.178.129.88	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.88 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	59.173.110.194	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.194 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	27.47.26.232	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. This attacker IP (27.47.26.232) is likely a commodity attacker targeting energy sector infrastructure, observed attempting SSH brute-force attacks against honeypot petroleum-hp-01 in Guangzhou, China. The actor used automated tools to probe the honeypot, suggesting limited sophistication but potential alignment with broader scanning campaigns. No di...	2026-04-17
IPv4	47.245.143.5	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.143.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	144.123.76.116	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 144.123.76.116 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-17
IPv4	220.167.233.131	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	118.212.121.3	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 118.212.121.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	110.177.180.208	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.180.208 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	171.12.10.83	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.12.10.83 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	182.119.229.189	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 182.119.229.189 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).	2026-04-17
IPv4	74.7.243.217	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 74.7.243.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-17
IPv4	45.156.87.194	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.156.87.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	114.97.191.59	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 114.97.191.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-17
IPv4	36.106.166.240	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.106.166.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	104.244.73.118	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 104.244.73.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	172.233.24.189	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 172.233.24.189 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);' 2 times when connecting to db4lamedtech between 2026-04-17 12:20 and 2026-04-17 12:20 UTC.	2026-04-17
IPv4	49.173.65.19	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 49.173.65.19 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 3 times when connecting to mdms1 between 2026-04-17 12:16 and 2026-04-17 12:17 UTC.	2026-04-17
IPv4	47.85.53.115	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. Attacker IP 47.85.53.115 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 3 times when connecting to db1lapetro between 2026-04-17 12:13 and 2026-04-17 12:13 UTC.	2026-04-17
IPv4	51.83.100.230	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. Attacker IP 51.83.100.230 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-04-17 12:08 and 2026-04-17 12:08 UTC.	2026-04-17
IPv4	178.128.32.36	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 178.128.32.36 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to db4lamedtech between 2026-04-17 11:49 and 2026-04-17 11:49 UTC.	2026-04-17
IPv4	211.195.0.110	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 211.195.0.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	118.212.122.145	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.122.145 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	18.97.26.45	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 18.97.26.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-17
IPv4	116.178.129.203	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (116.178.129.203) is likely a commodity attacker targeting healthcare sector SSH services, observed attempting brute-force access to a medtech honeypot (medtech-hp-01) using common credentials. The attack leveraged SSH/Telnet protocols with minimal sophistication, consistent with automated scanning tools rather than advanced persistent t...	2026-04-17
IPv4	58.212.237.120	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.120 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	110.177.183.220	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.183.220 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	221.207.35.5	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (221.207.35.5) is likely a low-sophistication automated actor targeting healthcare sector devices via SSH brute-force attacks against honeypots. Observed using default credentials (e.g., 'admin'/'password') and basic command-line tools, suggesting limited technical capability but focused on exploiting weakly secured medical techn...	2026-04-17
IPv4	222.176.200.71	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.71 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	36.255.33.174	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 36.255.33.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	60.13.6.29	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.29 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	60.13.7.50	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.50 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	176.65.148.203	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 176.65.148.203 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: FireHOL (firehol_anonymous, firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	123.178.210.224	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 123.178.210.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	185.191.171.3	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.191.171.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	206.135.161.167	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 206.135.161.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	47.237.195.35	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.195.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	222.176.201.252	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	1.83.125.20	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.20 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	47.237.194.240	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.194.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	142.93.115.120	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 142.93.115.120 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 2 times when connecting to mdms1 between 2026-04-17 13:00 and 2026-04-17 13:03 UTC.	2026-04-17
IPv4	43.227.185.238	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 43.227.185.238 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to offbackup1 between 2026-04-17 12:50 and 2026-04-17 13:33 UTC.	2026-04-17
IPv4	51.68.107.142	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 51.68.107.142 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v2.0.5; http://mj12bot.com/...' 2 times when connecting to db4lamedtech between 2026-04-17 12:50 and 2026-04-17 12:50 UTC.	2026-04-17
IPv4	182.79.216.98	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 182.79.216.98 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to offbackup1 between 2026-04-17 12:24 and 2026-04-17 13:10 UTC.	2026-04-17
IPv4	202.88.222.110	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 202.88.222.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	47.251.79.53	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 47.251.79.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	223.197.136.173	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 223.197.136.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	220.250.11.212	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 220.250.11.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	222.95.168.251	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 222.95.168.251 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	47.251.107.146	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.107.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	60.13.7.185	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.7.185 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	132.255.212.20	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 132.255.212.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	1.193.63.14	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 1.193.63.14 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	217.154.217.5	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 217.154.217.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	120.48.36.229	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 120.48.36.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-17
IPv4	85.155.186.169	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 85.155.186.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-17
IPv4	112.94.191.252	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 112.94.191.252 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	27.47.25.46	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.25.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	182.119.226.129	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.226.129 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	117.172.55.121	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 117.172.55.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 2 malware samples. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-17
IPv4	220.79.81.163	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 220.79.81.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	93.123.109.165	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 93.123.109.165 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, l...' 2 times when connecting to mdms1 between 2026-04-17 13:45 and 2026-04-17 13:45 UTC.	2026-04-17
IPv4	221.207.35.145	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.35.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-17
IPv4	116.178.131.254	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.254 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	124.29.194.117	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 124.29.194.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	59.173.111.105	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 59.173.111.105 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	114.35.184.213	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 114.35.184.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	116.178.130.131	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (116.178.130.131) is a low-sophistication commodity attacker likely associated with automated SSH brute-force campaigns targeting healthcare sector infrastructure. Observed attempting access to honeypot mdms-hp-01 using common credentials, indicative of mass scanning operations rather than targeted attacks. Limited impact confined to ...	2026-04-17
IPv4	112.248.104.145	Score: 85/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.248.104.145 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	59.173.109.91	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	123.160.173.9	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.160.173.9 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	77.83.39.75	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 77.83.39.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	124.117.192.91	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.192.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	207.248.111.130	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 207.248.111.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	116.172.201.1	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 116.172.201.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	116.178.128.65	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	89.249.55.106	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 89.249.55.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	112.94.191.0	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 112.94.191.0 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	59.173.111.25	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-17
IPv4	103.81.3.218	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 103.81.3.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	116.178.128.136	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.136 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	118.212.120.104	Score: 50/100. Labels: abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:unlisted. 118.212.120.104 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, port-scan, reported).	2026-04-17
IPv4	20.91.246.169	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.91.246.169 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 334 times when connecting to db4lamedtech between 2026-04-17 15:21 and 2026-04-17 15:22 UTC.	2026-04-17
IPv4	110.38.234.220	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 110.38.234.220 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-17 14:09 and 2026-04-17 14:59 UTC.	2026-04-17
IPv4	185.170.154.235	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 185.170.154.235 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to offbackup1 between 2026-04-17 14:06 and 2026-04-17 14:42 UTC.	2026-04-17
IPv4	154.124.183.151	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 154.124.183.151 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 18 times when connecting to mdms1 between 2026-04-17 13:57 and 2026-04-17 14:57 UTC.	2026-04-17
IPv4	118.212.122.112	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	180.95.238.238	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.238.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	59.55.114.208	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.55.114.208 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	1.193.63.36	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 1.193.63.36 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	220.167.232.74	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (220.167.232.74) is likely a commodity attacker associated with automated SSH brute-force campaigns targeting healthcare sector assets. Observed attempting access to honeypot medtech-hp-01 using SSH password authentication, indicative of low-sophistication credential stuffing attacks. Limited impact noted, but poses risk to medic...	2026-04-17
IPv4	58.19.107.101	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.19.107.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	116.178.131.2	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-17
IPv4	118.212.121.190	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	59.173.111.52	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 59.173.111.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	171.36.6.166	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.36.6.166 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-17
IPv4	18.97.5.52	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 18.97.5.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-04-17
IPv4	123.163.114.106	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.163.114.106 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	120.48.15.138	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 120.48.15.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	170.64.191.31	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 170.64.191.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	156.236.64.76	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Seychelles (AS136970, YISU CLOUD LTD) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 12 failed login attempts, 12 credential pairs tried across 8 unique usernames, execution of 42 commands (SSH key persistence, password changes, system reconnaissance, cron persisten...	2026-04-17
IPv4	172.110.223.139	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 172.110.223.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	64.89.160.94	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 64.89.160.94 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, l...' 2 times when connecting to db1lapetro between 2026-04-17 16:04 and 2026-04-17 16:28 UTC.	2026-04-17
IPv4	45.67.217.184	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 45.67.217.184 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-04-17 16:01 and 2026-04-17 16:01 UTC.	2026-04-17
IPv4	118.212.121.242	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.242 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	77.232.154.184	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 77.232.154.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	87.236.176.232	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	182.119.227.114	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.227.114 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	116.178.130.39	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	159.89.120.210	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.89.120.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	91.92.21.134	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 91.92.21.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	212.83.186.8	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 212.83.186.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-17
IPv4	118.212.122.84	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.84 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	223.93.70.207	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 223.93.70.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	103.62.236.93	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 103.62.236.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	47.84.186.66	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.186.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	116.178.131.198	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	59.173.110.200	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (59.173.110.200) is likely a commodity attacker targeting healthcare sector systems via SSH brute-force attempts against honeypots. Observed interacting with mdms-hp-01 using basic credential patterns, indicative of automated tooling rather than advanced persistent threats. Limited impact confined to reconnaissance phases, though its ass...	2026-04-17
IPv4	185.191.171.6	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.191.171.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	36.95.239.142	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 36.95.239.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	64.89.160.44	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 64.89.160.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	185.87.199.106	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 185.87.199.106 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-17 16:56 and 2026-04-17 17:27 UTC.	2026-04-17
IPv4	51.68.107.149	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 51.68.107.149 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v2.0.5; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-04-17 16:54 and 2026-04-17 16:54 UTC.	2026-04-17
IPv4	118.99.80.13	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 118.99.80.13 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to db1lapetro between 2026-04-17 16:14 and 2026-04-17 17:04 UTC.	2026-04-17
IPv4	115.190.2.101	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 115.190.2.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-17
IPv4	43.155.209.61	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 43.155.209.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	54.226.114.84	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 54.226.114.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	54.86.179.2	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 54.86.179.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	110.177.176.174	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 110.177.176.174 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	123.245.84.224	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.245.84.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	47.250.160.243	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 47.250.160.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	4.230.8.104	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 4.230.8.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	116.178.129.132	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.132 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	221.207.34.45	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.34.45 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	43.130.150.80	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.130.150.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	134.209.21.16	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 134.209.21.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	209.141.40.68	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 209.141.40.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, ddos, hacking).	2026-04-17
IPv4	64.227.106.112	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 64.227.106.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	45.94.31.16	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:web-attack. 45.94.31.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, hacking, high).	2026-04-17
IPv4	106.63.26.15	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.63.26.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	110.177.179.151	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.179.151 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	59.173.109.120	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.120 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	106.63.26.27	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.63.26.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	176.65.132.254	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 176.65.132.254 observed using SSH client fingerprint 'Unknown SSH Client (0a07365cc01f)' 685 times when connecting to db1lapetro between 2026-04-17 17:13 and 2026-04-17 17:58 UTC.	2026-04-17
IPv4	95.154.200.51	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 95.154.200.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-17
IPv4	159.223.203.97	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 159.223.203.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	199.244.88.223	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 199.244.88.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	74.249.158.70	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 74.249.158.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	152.53.150.12	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 152.53.150.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	185.132.53.158	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.132.53.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	58.243.47.41	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.243.47.41 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	116.178.130.249	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. This attacker IP (116.178.130.249) is likely a commodity threat actor targeting healthcare sector infrastructure via SSH brute-force attacks against honeypots. Observed using basic credential patterns and automated scanning tools, indicating low sophistication. The attack was detected through interaction with the mdms-hp-01 honeytrap, suggest...	2026-04-17
IPv4	167.99.119.168	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 167.99.119.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	67.207.95.230	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 67.207.95.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	45.148.10.67	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.148.10.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	185.220.101.106	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.220.101.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	47.84.112.180	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.112.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	182.119.231.128	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.231.128 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	110.177.177.100	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.177.100 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	192.121.134.92	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 192.121.134.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-17
IPv4	151.248.1.103	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 151.248.1.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	122.96.28.26	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 122.96.28.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	112.94.190.45	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 112.94.190.45 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-17
IPv4	51.91.254.244	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 51.91.254.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	163.53.75.106	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 163.53.75.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-17
IPv4	171.8.138.204	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 171.8.138.204 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	123.163.114.99	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.163.114.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	175.10.72.116	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 175.10.72.116 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-17
IPv4	45.157.215.130	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 45.157.215.130 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-04-17 19:06 and 2026-04-17 19:08 UTC.	2026-04-17
IPv4	91.208.73.57	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 91.208.73.57 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 30 times when connecting to db4lamedtech between 2026-04-17 18:41 and 2026-04-17 19:47 UTC.	2026-04-17
IPv4	31.56.209.39	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, auth:failed. Attacker IP 31.56.209.39 observed using SSH client fingerprint 'Unknown SSH Client (c118de82e19e)' 4 times when connecting to db1lapetro between 2026-04-17 17:59 and 2026-04-17 18:56 UTC.	2026-04-17
IPv4	175.165.81.53	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 175.165.81.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	103.18.133.253	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 103.18.133.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	171.120.31.154	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.120.31.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	220.167.233.76	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.76 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	112.248.114.218	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 112.248.114.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	164.92.190.95	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 164.92.190.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-17
IPv4	165.22.5.208	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 165.22.5.208 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 6 times when connecting to db4lamedtech between 2026-04-17 20:02 and 2026-04-17 20:19 UTC.	2026-04-17
IPv4	134.209.47.182	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 134.209.47.182 observed using TLS client fingerprint 'Unknown TLS Client (5103125acceb)' 2 times when connecting to db1lapetro between 2026-04-17 19:55 and 2026-04-17 19:55 UTC.	2026-04-17
IPv4	103.78.1.33	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.78.1.33 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-17 19:17 and 2026-04-17 19:57 UTC.	2026-04-17
IPv4	193.123.90.235	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 193.123.90.235 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 17 times when connecting to db4lamedtech between 2026-04-17 18:59 and 2026-04-17 20:02 UTC.	2026-04-17
IPv4	112.122.236.69	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.122.236.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	222.176.200.108	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.108 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	58.216.212.238	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 58.216.212.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	116.178.131.188	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.188 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-17
IPv4	95.111.224.224	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 95.111.224.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, ftp-brute).	2026-04-17
IPv4	58.243.47.31	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.243.47.31 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	42.200.78.166	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Hong Kong (AS4760, HKT Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 5 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of 19 malware samp...	2026-04-17
IPv4	38.76.161.183	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 38.76.161.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	58.58.5.174	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 58.58.5.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	110.39.229.188	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 110.39.229.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	59.173.109.76	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.76 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	199.45.154.186	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 199.45.154.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	36.106.166.76	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.166.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	20.215.248.211	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.215.248.211 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 87 times when connecting to db1lapetro between 2026-04-17 21:29 and 2026-04-17 21:30 UTC.	2026-04-17
IPv4	43.160.212.102	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP from Singapore, Singapore (AS132203, Tencent Building, Kejizhongyi Avenue). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 4 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron ...	2026-04-17
IPv4	47.251.107.39	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.107.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	14.135.74.192	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	118.212.122.48	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-17
IPv4	8.211.8.52	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.211.8.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	87.236.176.248	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-17
IPv4	198.44.133.150	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 198.44.133.150 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-17
IPv4	192.197.201.114	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 192.197.201.114 classified as scanning infrastructure conducting network reconnaissance (low confidence). Origin: enriched.	2026-04-17
IPv4	111.7.106.104	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 111.7.106.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-17
IPv4	110.177.179.143	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.179.143 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-17
IPv4	47.251.86.217	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.86.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	109.205.178.197	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 109.205.178.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-17
IPv4	217.88.124.48	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 217.88.124.48 observed using SSH client fingerprint 'Unknown SSH Client (ec7378c1a92f)' 2 times when connecting to db1lapetro between 2026-04-17 22:39 and 2026-04-17 22:39 UTC.	2026-04-17
IPv4	168.144.79.27	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, fatt. Attacker IP 168.144.79.27 observed using TLS client fingerprint 'Unknown TLS Client (60dd031b3d46)' 2 times when connecting to mdms1 between 2026-04-17 22:05 and 2026-04-17 22:08 UTC.	2026-04-17
IPv4	154.221.23.230	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 154.221.23.230 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to db1lapetro between 2026-04-17 22:02 and 2026-04-17 22:42 UTC.	2026-04-17
IPv4	124.117.192.197	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.192.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-18
IPv4	118.212.122.68	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.68 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	1.85.217.21	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 1.85.217.21 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	27.47.25.63	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.25.63 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	91.232.29.206	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 91.232.29.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	192.109.138.213	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:firehol_level1. 192.109.138.213 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (hacking, low, port-scan).	2026-04-18
IPv4	59.173.110.236	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.236 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	121.142.87.218	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Gimpo-si, South Korea (AS4766, Korea Telecom). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 7 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery o...	2026-04-18
IPv4	185.247.137.17	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	119.48.134.134	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 119.48.134.134 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	220.250.11.85	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 220.250.11.85 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	116.172.201.108	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.172.201.108 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	66.132.224.25	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.224.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	171.37.46.69	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.37.46.69 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	1.83.125.186	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 1.83.125.186 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	221.207.35.185	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.35.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-18
IPv4	176.65.148.132	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 176.65.148.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, hacking).	2026-04-18
IPv4	116.178.129.130	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.130 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	153.162.198.8	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 153.162.198.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	74.234.79.117	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 74.234.79.117 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 115 times when connecting to db1lapetro between 2026-04-17 23:30 and 2026-04-17 23:30 UTC.	2026-04-18
IPv4	128.14.236.150	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 128.14.236.150 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 3 times when connecting to mdms1 between 2026-04-17 22:15 and 2026-04-17 23:07 UTC.	2026-04-18
IPv4	184.105.247.228	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 184.105.247.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	5.78.42.147	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 5.78.42.147 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (20 commands), 4 malware samples. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-18
IPv4	141.95.242.9	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 141.95.242.9 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (20 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	20.255.56.84	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Hong Kong, Hong Kong (AS8075, Microsoft Corporation). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 6 unique usernames, execution of 42 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, proc...	2026-04-18
IPv4	194.187.179.158	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	118.212.121.123	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.123 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	217.60.237.170	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 217.60.237.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-18
IPv4	194.187.179.165	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-18
IPv4	180.95.231.82	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.95.231.82 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	221.153.192.22	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 221.153.192.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	110.177.176.235	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.176.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-18
IPv4	191.96.150.49	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 191.96.150.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	112.16.199.105	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 112.16.199.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	117.50.130.163	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 117.50.130.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-18
IPv4	123.191.157.191	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.191.157.191 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	112.46.212.75	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.212.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	45.45.237.21	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 45.45.237.21 observed using TLS client fingerprint 'Unknown TLS Client (44944ceb6923)' 3 times when connecting to mdms1 between 2026-04-18 00:31 and 2026-04-18 00:31 UTC.	2026-04-18
IPv4	14.135.74.244	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	65.49.20.112	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 65.49.20.112 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-04-18
IPv4	122.167.184.201	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 122.167.184.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	66.167.166.131	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 66.167.166.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	124.117.193.144	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.193.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	1.85.219.249	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (1.85.219.249) is likely a commodity attacker targeting healthcare sector systems via SSH brute-force attacks against honeypots. Observed activity includes attempts to exploit default credentials on SSH services, suggesting low-to-moderate sophistication. The attack vector aligns with automated scanning tools, with limited evidence of ma...	2026-04-18
IPv4	185.114.206.48	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 185.114.206.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	36.133.184.250	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 36.133.184.250 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 2 times when connecting to mdms1 between 2026-04-18 01:19 and 2026-04-18 01:19 UTC.	2026-04-18
IPv4	35.199.149.155	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 35.199.149.155 observed using TLS client fingerprint 'Unknown TLS Client (7465186b1421)' 2 times when connecting to offbackup1 between 2026-04-18 01:06 and 2026-04-18 01:06 UTC.	2026-04-18
IPv4	118.196.87.226	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported, abuseipdb:port-scan. 118.196.87.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-18
IPv4	116.178.128.26	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.26 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	218.255.103.194	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 218.255.103.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	112.122.237.160	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.122.237.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	195.96.138.139	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 195.96.138.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	176.96.239.117	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 176.96.239.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-18
IPv4	106.117.110.128	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 106.117.110.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	59.173.111.191	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.191 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	124.227.31.16	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 124.227.31.16 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	106.63.26.28	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.63.26.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	106.63.26.157	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.63.26.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	97.78.17.186	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 97.78.17.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	98.195.56.68	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 98.195.56.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	47.84.205.65	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 47.84.205.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	47.237.195.208	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.195.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	144.31.203.153	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 144.31.203.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	180.166.235.226	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 180.166.235.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	93.158.90.73	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 93.158.90.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	91.196.152.128	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 91.196.152.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-18
IPv4	182.119.224.41	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.224.41 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	101.249.63.254	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 101.249.63.254 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	173.249.9.194	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 173.249.9.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	193.104.222.131	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-04-18
IPv4	118.212.120.22	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 118.212.120.22 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	58.19.140.222	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.19.140.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	58.243.46.55	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.46.55 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	206.168.201.213	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 206.168.201.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	44.220.185.69	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 44.220.185.69 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	59.173.108.11	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	106.117.111.164	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 106.117.111.164 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	175.107.1.158	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 175.107.1.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	58.243.47.248	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.243.47.248 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	118.212.121.229	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-18
IPv4	116.110.157.92	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 116.110.157.92 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 2 times when connecting to mdms1 between 2026-04-18 04:30 and 2026-04-18 04:30 UTC.	2026-04-18
IPv4	43.128.87.59	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 43.128.87.59 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 2 times when connecting to mdms1 between 2026-04-18 04:14 and 2026-04-18 04:14 UTC.	2026-04-18
IPv4	51.255.196.18	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 51.255.196.18 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 15 times when connecting to db1lapetro between 2026-04-18 03:17 and 2026-04-18 03:54 UTC.	2026-04-18
IPv4	70.120.3.36	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 70.120.3.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	20.197.40.44	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 20.197.40.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	118.212.121.40	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. This IP (118.212.121.40) is a low-sophistication commodity attacker likely associated with automated scanning infrastructure targeting energy sector assets. Observed interacting with honeypot petroleum-hp-01 via SSH brute-force attempts using common credentials, indicative of mass-scanning campaigns rather than targeted exploitation. Limited impact...	2026-04-18
IPv4	116.178.128.127	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	112.122.237.123	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.122.237.123 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	59.173.111.36	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP address from Wuhan, China, is likely a commodity attacker node targeting energy sector infrastructure via SSH brute-force attacks against honeypots. It was observed interacting with the petroleum-hp-01 honeypot using honeytrap mechanisms, suggesting low-to-moderate sophistication focused on credential guessing rather than advanced persisten...	2026-04-18
IPv4	47.250.160.119	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.160.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	171.120.158.169	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.120.158.169 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	2.193.149.98	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 2.193.149.98 observed using SSH client fingerprint 'Unknown SSH Client (ec7378c1a92f)' 2 times when connecting to db1lapetro between 2026-04-18 05:23 and 2026-04-18 05:23 UTC.	2026-04-18
IPv4	103.85.180.229	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.85.180.229 observed using SSH client fingerprint 'Unknown SSH Client (c118de82e19e)' 4 times when connecting to offbackup1 between 2026-04-18 05:13 and 2026-04-18 05:13 UTC.	2026-04-18
IPv4	186.80.18.158	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 186.80.18.158 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 33 times when connecting to db4lamedtech between 2026-04-18 05:06 and 2026-04-18 05:45 UTC.	2026-04-18
IPv4	41.86.34.139	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 41.86.34.139 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 32 times when connecting to db4lamedtech between 2026-04-18 05:08 and 2026-04-18 05:52 UTC.	2026-04-18
IPv4	132.196.3.209	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 132.196.3.209 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 105 times when connecting to db4lamedtech between 2026-04-18 05:02 and 2026-04-18 05:02 UTC.	2026-04-18
IPv4	27.79.45.122	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 27.79.45.122 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 9 times when connecting to offbackup1 between 2026-04-18 04:33 and 2026-04-18 05:24 UTC.	2026-04-18
IPv4	27.79.47.188	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 27.79.47.188 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 14 times when connecting to mdms1 between 2026-04-18 04:33 and 2026-04-18 05:26 UTC.	2026-04-18
IPv4	189.113.47.155	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP 189.113.47.155 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 28 times when connecting to mdms1 between 2026-04-18 04:26 and 2026-04-18 05:12 UTC.	2026-04-18
IPv4	103.77.175.13	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 103.77.175.13 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 16 times when connecting to offbackup1 between 2026-04-18 04:07 and 2026-04-18 04:32 UTC.	2026-04-18
IPv4	47.83.114.189	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.83.114.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	110.177.179.186	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 110.177.179.186 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-18
IPv4	159.65.54.130	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 159.65.54.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	106.75.71.120	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 106.75.71.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	199.45.154.181	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 199.45.154.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	220.167.232.195	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This attacker IP (220.167.232.195) is likely a commodity attacker targeting energy sector infrastructure, observed attempting SSH brute-force attacks against honeypot petroleum-hp-01 using common credentials. The low sophistication suggests automated tooling rather than advanced persistent threat activity, with limited impact confined to reconna...	2026-04-18
IPv4	112.51.27.82	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 112.51.27.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	14.135.74.17	Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 14.135.74.17 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-18
IPv4	27.47.25.201	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.25.201 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	118.212.120.149	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	146.88.241.163	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 146.88.241.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	180.111.30.56	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.111.30.56 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	144.123.76.103	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 144.123.76.103 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	59.173.111.26	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.111.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	193.104.222.8	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-04-18
IPv4	41.63.63.134	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 41.63.63.134 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to offbackup1 between 2026-04-18 06:04 and 2026-04-18 06:06 UTC.	2026-04-18
IPv4	20.215.185.132	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.215.185.132 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 30 times when connecting to db4lamedtech between 2026-04-18 06:01 and 2026-04-18 06:01 UTC.	2026-04-18
IPv4	115.93.19.12	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 115.93.19.12 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-18 05:45 and 2026-04-18 06:30 UTC.	2026-04-18
IPv4	118.212.123.45	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.123.45 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	222.176.201.72	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	1.83.125.167	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. This attacker IP from Xi'an, China, is likely a commodity botnet node or automated scanner targeting energy sector assets via SSH/Telnet brute-force attacks. Observed attempting to exploit honeypot petroleum-hp-01 using credential stuffing techniques, with no evidence of advanced persistence or malware deployment. Low sophistication, limited ...	2026-04-18
IPv4	1.83.125.248	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 1.83.125.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-18
IPv4	203.161.30.161	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 203.161.30.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	1.83.125.21	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.21 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	60.13.7.43	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 60.13.7.43 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	217.160.202.182	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 217.160.202.182 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	101.249.62.205	Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.62.205 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	117.50.75.90	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 117.50.75.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	18.97.19.151	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 18.97.19.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, moderate).	2026-04-18
IPv4	1.83.125.129	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 1.83.125.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-18
IPv4	66.167.166.136	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 66.167.166.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	47.84.190.235	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.190.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	120.157.138.111	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 120.157.138.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	121.29.84.227	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.227 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	36.106.166.136	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.166.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	85.190.240.128	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 85.190.240.128 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 5 times when connecting to db4lamedtech between 2026-04-18 06:59 and 2026-04-18 07:47 UTC.	2026-04-18
IPv4	195.170.172.225	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 195.170.172.225 observed using TLS client fingerprint 'Unknown TLS Client (ef609b272b50)' 16 times when connecting to db4lamedtech between 2026-04-18 06:53 and 2026-04-18 06:54 UTC.	2026-04-18
IPv4	59.173.111.73	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.111.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	46.101.166.128	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 46.101.166.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	138.201.136.188	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 138.201.136.188 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (22 commands), 4 malware samples. Listed on: AbuseIPDB (brute-force, critical, port-scan).	2026-04-18
IPv4	118.212.122.26	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.26 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	144.48.130.46	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 144.48.130.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-18
IPv4	103.89.94.39	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Vietnam (AS131386, Long Van System Solution JSC). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 3 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process kil...	2026-04-18
IPv4	14.135.75.156	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 14.135.75.156 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	121.29.85.44	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 121.29.85.44 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	106.117.106.72	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.106.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	14.135.74.167	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 14.135.74.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-18
IPv4	180.95.231.32	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	194.187.179.209	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.209 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-04-18
IPv4	27.47.27.168	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.27.168 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	116.178.128.197	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	118.212.121.155	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.155 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	222.176.201.59	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	59.173.109.26	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	101.68.7.214	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 101.68.7.214 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	14.135.75.20	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 14.135.75.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	131.0.226.61	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 131.0.226.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	123.144.31.248	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.144.31.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	36.134.151.126	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 36.134.151.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	113.206.179.4	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 113.206.179.4 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	180.76.147.226	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 180.76.147.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	181.45.193.221	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 181.45.193.221 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (20 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	162.243.221.234	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.243.221.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	112.122.237.11	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.122.237.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	124.117.192.65	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-18
IPv4	116.172.249.169	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.172.249.169 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	139.135.46.77	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 139.135.46.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-18
IPv4	116.178.131.30	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-18
IPv4	118.212.121.14	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.121.14 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	59.173.108.173	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	47.84.184.56	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.184.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	47.245.130.209	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.130.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	144.2.91.96	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 144.2.91.96 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	125.91.140.135	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 125.91.140.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	194.187.179.6	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	110.177.183.119	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.183.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	152.42.220.138	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 152.42.220.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	180.111.30.166	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.111.30.166 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	165.154.6.171	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 165.154.6.171 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 26 times when connecting to db4lamedtech between 2026-04-18 08:40 and 2026-04-18 09:20 UTC.	2026-04-18
IPv4	113.206.179.4	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 113.206.179.4 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	180.76.147.226	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 180.76.147.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	181.45.193.221	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 181.45.193.221 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (20 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	162.243.221.234	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.243.221.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	112.122.237.11	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.122.237.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	124.117.192.65	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-18
IPv4	116.172.249.169	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.172.249.169 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	139.135.46.77	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 139.135.46.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-18
IPv4	116.178.131.30	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-18
IPv4	118.212.121.14	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.121.14 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	59.173.108.173	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	47.84.184.56	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.184.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	47.245.130.209	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.130.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	144.2.91.96	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 144.2.91.96 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	125.91.140.135	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 125.91.140.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	194.187.179.6	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	110.177.183.119	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.183.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	152.42.220.138	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 152.42.220.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	180.111.30.166	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.111.30.166 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	165.154.6.171	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 165.154.6.171 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 26 times when connecting to db4lamedtech between 2026-04-18 08:40 and 2026-04-18 09:20 UTC.	2026-04-18
IPv4	193.163.125.189	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.163.125.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	47.251.182.239	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.182.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	47.237.193.55	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.193.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	192.241.186.157	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.241.186.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	60.13.6.173	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 60.13.6.173 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-18
IPv4	110.177.177.79	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 110.177.177.79 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	118.212.120.65	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.120.65 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	36.106.167.142	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.167.142 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	59.173.110.221	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.110.221 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	222.176.201.248	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.248 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	59.173.109.171	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.109.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	218.4.91.162	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 218.4.91.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	220.167.232.35	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.232.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	222.176.200.135	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	205.237.106.117	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 205.237.106.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	110.39.244.189	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 110.39.244.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-18
IPv4	14.18.118.84	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 14.18.118.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	182.242.168.166	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	118.16.132.80	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 118.16.132.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	89.187.80.32	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 89.187.80.32 observed using SSH client fingerprint 'Unknown SSH Client (b21d7cdcc813)' 2 times when connecting to mdms1 between 2026-04-18 10:40 and 2026-04-18 10:40 UTC.	2026-04-18
IPv4	45.39.12.34	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 45.39.12.34 observed using SSH client fingerprint 'Unknown SSH Client (63ae64767f33)' 3 times when connecting to db1lapetro between 2026-04-18 09:54 and 2026-04-18 09:55 UTC.	2026-04-18
IPv4	58.243.46.109	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.46.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-18
IPv4	47.251.90.48	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack, cowrie. 47.251.90.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, reported).	2026-04-18
IPv4	87.227.42.247	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.227.42.247 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	182.242.168.112	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	116.172.200.95	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. This attacker IP (116.172.200.95) is likely a botnet node or automated scanner originating from China, targeting healthcare sector systems via SSH/Telnet brute force attacks against honeypots like medtech-hp-01. The actor used credential patterns consistent with dictionary attacks, leveraging the China Unicom (AS4837) network infrastructure. While GTI scores are low,...	2026-04-18
IPv4	1.83.125.207	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.207 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	123.163.114.33	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.163.114.33 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	123.160.174.226	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.160.174.226 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	124.117.192.56	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This attacker IP (124.117.192.56) is likely part of an automated scanning or brute-force campaign targeting healthcare sector systems, specifically exploiting SSH/Telnet services via honeypot deception. Observed activity includes SSH credential stuffing attempts against a honeytrap system, with no confirmed malware delivery but consistent with comm...	2026-04-18
IPv4	66.167.147.239	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 66.167.147.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	220.167.233.194	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 220.167.233.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	117.50.130.84	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 117.50.130.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-18
IPv4	168.144.99.115	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 168.144.99.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	168.144.102.127	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 168.144.102.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	221.207.35.204	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.35.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-18
IPv4	220.250.10.178	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.10.178 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	113.57.184.23	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 113.57.184.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	1.83.125.94	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	113.166.87.255	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 113.166.87.255 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	60.13.7.48	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 60.13.7.48 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	124.117.193.208	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.193.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	177.157.193.249	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Barbacena, Brazil (AS18881, TELEFONICA BRASIL S.A). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 6 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process ...	2026-04-18
IPv4	198.144.179.84	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 198.144.179.84 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 2 times when connecting to db4lamedtech between 2026-04-18 11:18 and 2026-04-18 11:25 UTC.	2026-04-18
IPv4	20.235.108.177	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 20.235.108.177 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-18 11:05 and 2026-04-18 11:51 UTC.	2026-04-18
IPv4	118.212.123.72	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.123.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, multi-reported).	2026-04-18
IPv4	110.177.176.63	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.176.63 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	180.95.231.15	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	14.135.75.139	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 14.135.75.139 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	106.117.108.17	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 106.117.108.17 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	182.242.168.67	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.242.168.67 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	77.75.93.148	Score: 60/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 77.75.93.148 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-04-18
IPv4	116.178.131.66	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	162.243.210.177	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.243.210.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	144.123.77.192	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 144.123.77.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	212.227.57.38	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 212.227.57.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	223.123.38.66	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 223.123.38.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	192.227.176.16	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 192.227.176.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-18
IPv4	220.250.11.120	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 220.250.11.120 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	124.117.193.41	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.193.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	182.119.225.232	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.225.232 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	1.83.125.128	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	112.94.189.78	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 112.94.189.78 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	144.123.76.172	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (144.123.76.172) is likely a commodity attacker targeting healthcare sector devices using SSH brute-force attacks against honeypots. Observed interacting with cowrie-based honeytrap mdms-hp-01, attempting credential access via SSH/Telnet protocols. Limited sophistication suggests automated tooling rather than advanced persistent thr...	2026-04-18
IPv4	199.244.88.227	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 199.244.88.227 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	194.187.179.51	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.51 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-04-18
IPv4	192.144.13.97	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 192.144.13.97 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-18 11:24 and 2026-04-18 12:04 UTC.	2026-04-18
IPv4	45.135.193.118	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.135.193.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	27.47.25.196	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.25.196 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-18
IPv4	74.7.241.14	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 74.7.241.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	221.208.113.190	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 221.208.113.190 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	123.163.114.183	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 123.163.114.183 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	36.227.137.21	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 36.227.137.21 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	118.212.121.220	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	58.212.237.247	Score: 95/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.212.237.247 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-18
IPv4	180.101.144.152	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 180.101.144.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	1.83.125.253	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	106.105.209.240	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 106.105.209.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	45.230.66.109	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.230.66.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	44.220.188.74	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-04-18
IPv4	87.236.176.149	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	185.247.137.217	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	87.236.176.122	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	87.236.176.101	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	165.22.245.23	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 165.22.245.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	222.176.200.194	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	60.13.7.59	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.59 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	165.154.6.177	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Hong Kong, Hong Kong (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 12 failed login attempts, 12 credential pairs tried across 6 unique usernames, execution of 22 commands (SSH key persistence, password changes, system r...	2026-04-18
IPv4	112.46.213.200	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 112.46.213.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-18
IPv4	165.227.140.13	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 165.227.140.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	110.177.181.223	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 110.177.181.223 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	114.97.191.176	Score: 90/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 114.97.191.176 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, multi-reported).	2026-04-18
IPv4	109.238.140.87	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 109.238.140.87 observed using SSH client fingerprint 'Unknown SSH Client (c118de82e19e)' 4 times when connecting to db4lamedtech between 2026-04-18 13:58 and 2026-04-18 13:58 UTC.	2026-04-18
IPv4	58.212.237.162	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	221.132.21.99	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 221.132.21.99 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 35 times when connecting to db1lapetro between 2026-04-18 13:55 and 2026-04-18 13:55 UTC.	2026-04-18
IPv4	59.173.109.247	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.247 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	220.177.9.156	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.177.9.156 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	182.119.226.95	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.226.95 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	47.84.207.166	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.207.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	123.209.104.144	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 123.209.104.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	213.152.187.245	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 213.152.187.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-18
IPv4	158.173.159.116	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 158.173.159.116 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-04-18 13:40 and 2026-04-18 13:41 UTC.	2026-04-18
IPv4	59.173.108.124	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.124 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	59.173.111.27	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.111.27 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	171.120.159.225	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.120.159.225 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	113.57.187.72	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (113.57.187.72) is likely a commodity attacker node originating from Wuhan, China, targeting energy sector honeypots via SSH brute-force attacks. Observed interacting with the petroleum-hp-01 honeypot using honeytrap mechanisms, suggesting exploitation of default credentials or weak authentication vectors. The actor exhibits moderate sop...	2026-04-18
IPv4	1.83.125.110	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.83.125.110 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	222.176.200.34	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	118.232.131.202	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 118.232.131.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	221.207.34.162	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (221.207.34.162) is likely a commodity attacker node targeting healthcare sector devices via SSH brute-force attacks against honeypots. Observed interaction with mdms-hp-01 honeytrap suggests use of common credentials or automated scanning tools, indicative of low-to-medium sophistication. No direct malware or data exfiltration confir...	2026-04-18
IPv4	112.46.214.83	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 112.46.214.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-18
IPv4	157.245.148.140	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 157.245.148.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, hacking, moderate).	2026-04-18
IPv4	93.158.95.213	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 93.158.95.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	185.12.250.58	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 185.12.250.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-18
IPv4	59.173.111.162	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.111.162 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	114.97.191.175	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (114.97.191.175) is likely a commodity botnet node or automated scanner targeting healthcare sector systems via SSH brute-force attacks against honeypots like medtech-hp-01. Observed using default credentials (e.g., 'admin'/'password') and basic command-line interface interactions, indicating low-to-moderate sophistication. W...	2026-04-18
IPv4	182.90.229.17	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 182.90.229.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	203.128.20.208	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 203.128.20.208 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-04-18
IPv4	116.178.131.35	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (116.178.131.35) is likely a commodity attacker targeting healthcare sector SSH services, observed attempting brute-force access to a medtech honeypot via SSH/Telnet protocols. The low-sophistication approach suggests automated tooling with limited persistence mechanisms, leveraging common credentials and scanning techniques against v...	2026-04-18
IPv4	27.47.27.169	Score: 85/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.27.169 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	106.117.117.102	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.117.102 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	36.106.166.38	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.166.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-18
IPv4	123.245.85.163	Score: 85/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.245.85.163 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported).	2026-04-18
IPv4	59.173.110.143	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (59.173.110.143) is likely a commodity attacker originating from Wuhan, China, targeting healthcare sector infrastructure via SSH brute-force attacks against honeypots like mdms-hp-01. The actor used basic credential-guessing techniques and interacted with a Cowrie SSH honeypot, suggesting low sophistication and potential botnet-drive...	2026-04-18
IPv4	222.176.201.110	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	118.212.123.84	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.123.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	141.85.224.164	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 141.85.224.164 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 3 times when connecting to db4lamedtech between 2026-04-18 14:21 and 2026-04-18 14:28 UTC.	2026-04-18
IPv4	46.101.166.229	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. Attacker IP 46.101.166.229 observed using TLS client fingerprint 'Unknown TLS Client (b213b642d5cb)' 21 times when connecting to mdms1 between 2026-04-18 14:05 and 2026-04-18 14:05 UTC.	2026-04-18
IPv4	147.45.50.81	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 147.45.50.81 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to offbackup1 between 2026-04-18 13:25 and 2026-04-18 14:05 UTC.	2026-04-18
IPv4	114.97.190.252	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 114.97.190.252 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	121.29.85.39	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 121.29.85.39 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	112.122.236.102	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.122.236.102 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	116.178.130.226	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	217.120.254.56	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 217.120.254.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	58.19.98.26	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.19.98.26 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	118.212.121.131	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (118.212.121.131) is likely a commodity botnet node conducting SSH brute-force attacks against healthcare sector assets, specifically targeting medtech honeypots. The actor used basic credential patterns and automated tools to probe for vulnerable SSH services, indicating low sophistication. While no confirmed malware or data...	2026-04-18
IPv4	27.47.26.254	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.26.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	116.178.131.128	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.131.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-18
IPv4	185.213.175.176	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.213.175.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	194.187.179.228	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	27.47.24.231	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 27.47.24.231 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-18
IPv4	112.94.190.83	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. This IP (112.94.190.83) is likely a commodity attacker node targeting energy sector SSH services via brute-force attacks against honeypots. Observed interacting with petroleum-hp-01 using SSH credential stuffing techniques, indicative of low-sophistication automated scanning. Limited impact confined to reconnaissance attempts with no confirmed explo...	2026-04-18
IPv4	112.122.236.56	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 112.122.236.56 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	118.212.122.120	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.120 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	60.13.7.108	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	114.97.191.207	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	175.19.74.154	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 175.19.74.154 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-18
IPv4	47.254.213.90	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.213.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	116.178.131.224	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This attacker IP from China's CHINA UNICOM backbone (AS4837) targeted an energy sector honeypot (petroleum-hp-01) using SSH brute-force attempts against Cowrie honeypots. The actor employed common credential patterns and exhibited low sophistication, consistent with commodity attack tools rather than advanced persistent threats. While GTI classifie...	2026-04-18
IPv4	186.137.131.237	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 186.137.131.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	222.176.201.108	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.108 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	202.47.57.63	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported, abuseipdb:port-scan. 202.47.57.63 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, high).	2026-04-18
IPv4	223.199.179.49	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 223.199.179.49 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	114.97.190.93	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.190.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-18
IPv4	182.242.169.14	Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 182.242.169.14 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-18
IPv4	123.191.139.150	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.191.139.150 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	1.83.125.3	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.3 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	93.123.109.164	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 93.123.109.164 observed using TLS client fingerprint 'Unknown TLS Client (f705a791346f)' 8 times when connecting to mdms1 between 2026-04-18 15:37 and 2026-04-18 15:37 UTC.	2026-04-18
IPv4	41.111.215.65	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 41.111.215.65 observed using SSH client fingerprint 'Unknown SSH Client (b21d7cdcc813)' 2 times when connecting to db4lamedtech between 2026-04-18 15:22 and 2026-04-18 15:22 UTC.	2026-04-18
IPv4	81.198.11.136	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 81.198.11.136 observed using SSH client fingerprint 'Unknown SSH Client (c118de82e19e)' 3 times when connecting to mdms1 between 2026-04-18 15:18 and 2026-04-18 15:18 UTC.	2026-04-18
IPv4	216.152.152.32	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 216.152.152.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	58.243.46.173	Score: 55/100. Labels: abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 58.243.46.173 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, multi-reported, port-scan).	2026-04-18
IPv4	171.120.158.227	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 171.120.158.227 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-18
IPv4	47.237.193.44	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.237.193.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-18
IPv4	171.120.158.126	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 171.120.158.126 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	223.199.185.118	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 223.199.185.118 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	59.52.100.223	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.52.100.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	222.220.145.93	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 222.220.145.93 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	116.172.201.36	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.172.201.36 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	118.212.123.104	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. This IP (118.212.123.104) is likely a commodity attacker associated with China Unicom's backbone network, targeting healthcare sector SSH honeypots using brute-force credential attempts. Observed activity includes honeytrap interactions via SSH/Telnet with patterns suggesting automated scanning for default credentials, indicating low sophistication...	2026-04-18
IPv4	121.29.84.122	Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.84.122 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	148.113.222.4	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Canada (AS16276, OVH SAS) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 15 failed login attempts, 15 credential pairs tried across 8 unique usernames, execution of 44 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), deliver...	2026-04-18
IPv4	36.106.167.71	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	42.240.144.74	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 42.240.144.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-18
IPv4	27.47.24.78	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.78 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	47.251.168.192	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.168.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	59.173.109.208	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.109.208 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	59.52.102.138	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.52.102.138 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	27.47.26.246	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.26.246 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	220.250.11.97	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.11.97 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	59.173.108.102	Score: 70/100. Labels: abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 59.173.108.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	116.178.130.224	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.130.224 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	72.255.32.99	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 72.255.32.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	121.29.149.244	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.244 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	171.120.28.177	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.120.28.177 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	4.210.177.132	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 4.210.177.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	118.212.122.20	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-18
IPv4	60.13.6.188	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.6.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	165.154.6.102	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 165.154.6.102 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 28 times when connecting to mdms1 between 2026-04-18 16:07 and 2026-04-18 16:48 UTC.	2026-04-18
IPv4	5.255.115.58	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 5.255.115.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-18
IPv4	159.89.31.79	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 159.89.31.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	36.133.118.11	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 36.133.118.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	42.121.253.235	Score: 95/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, cowrie. 42.121.253.235 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported).	2026-04-18
IPv4	139.135.60.84	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 139.135.60.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	47.84.204.82	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.204.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	162.243.7.163	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.243.7.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	110.54.127.34	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 110.54.127.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	119.48.135.208	Score: 55/100. Labels: abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:unlisted. 119.48.135.208 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, port-scan, reported).	2026-04-18
IPv4	114.97.190.199	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	118.212.122.122	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	143.198.219.173	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 143.198.219.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-18
IPv4	72.255.32.84	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 72.255.32.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	60.13.7.187	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 60.13.7.187 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	47.254.122.150	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.254.122.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	107.189.20.102	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 107.189.20.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	124.117.193.23	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 124.117.193.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-18
IPv4	123.245.84.171	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. This IP (123.245.84.171) is likely a commodity attacker leveraging automated SSH brute-force tools to target healthcare sector systems, observed attempting access via honeytrap on honeypot mdms-hp-01. The low sophistication attack pattern suggests use of common credentials and generic tooling, with limited impact confined to honeypot interactions.	2026-04-18
IPv4	47.243.254.192	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 47.243.254.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-18
IPv4	180.95.231.16	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.16 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	59.173.109.71	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.109.71 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	165.227.153.177	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 165.227.153.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	209.38.224.169	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 209.38.224.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	103.25.231.252	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 103.25.231.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	2.26.101.11	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 2.26.101.11 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 2 times when connecting to db4lamedtech between 2026-04-18 17:55 and 2026-04-18 17:55 UTC.	2026-04-18
IPv4	62.171.176.65	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 62.171.176.65 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 24 times when connecting to offbackup1 between 2026-04-18 16:53 and 2026-04-18 17:33 UTC.	2026-04-18
IPv4	83.218.116.2	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 83.218.116.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	47.92.97.77	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 47.92.97.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	112.239.102.182	Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 112.239.102.182 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	144.172.101.50	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 144.172.101.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	178.128.66.109	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 178.128.66.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	20.252.27.216	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 20.252.27.216 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	47.251.50.33	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.50.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	180.250.196.141	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 180.250.196.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	44.220.188.181	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 44.220.188.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-18
IPv4	42.240.149.189	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 42.240.149.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-18
IPv4	98.80.4.2	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 98.80.4.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-04-18
IPv4	83.65.143.95	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 83.65.143.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	42.55.8.231	Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 42.55.8.231 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	4.232.146.182	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 4.232.146.182 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 11 times when connecting to db4lamedtech between 2026-04-18 18:54 and 2026-04-18 18:54 UTC.	2026-04-18
IPv4	103.100.209.142	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.100.209.142 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-18 18:06 and 2026-04-18 18:48 UTC.	2026-04-18
IPv4	58.243.47.32	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.243.47.32 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-18
IPv4	212.28.191.53	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 212.28.191.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	119.136.154.127	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 119.136.154.127 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	58.212.237.13	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.212.237.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	121.29.84.214	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	47.251.243.140	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.243.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	41.220.144.172	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 41.220.144.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	222.94.32.2	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 222.94.32.2 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-18
IPv4	8.154.1.148	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Hangzhou, China (AS37963, Hangzhou Alibaba Advertising Co.,Ltd.). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included delivery of 1 malware sample. 2 events.	2026-04-18
IPv4	172.86.70.20	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 172.86.70.20 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous).	2026-04-18
IPv4	66.167.169.155	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.167.169.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	192.42.116.58	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.42.116.58 classified as scanning infrastructure conducting network reconnaissance (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous); AbuseIPDB (critical, ddos, reported).	2026-04-18
IPv4	162.243.242.193	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 162.243.242.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	206.135.174.143	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 206.135.174.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	196.218.108.51	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 196.218.108.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	1.34.7.104	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 1.34.7.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	202.44.227.34	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 202.44.227.34 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	182.187.137.7	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 182.187.137.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	217.64.170.254	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 217.64.170.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-18
IPv4	141.98.11.158	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 141.98.11.158 observed using TLS client fingerprint 'Unknown TLS Client (897ab0d8b89c)' 15 times when connecting to db4lamedtech between 2026-04-18 20:17 and 2026-04-18 20:17 UTC.	2026-04-18
IPv4	180.111.30.58	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 180.111.30.58 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	112.94.188.151	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 112.94.188.151 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	47.237.192.242	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.192.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	144.123.76.192	Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 144.123.76.192 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-18
IPv4	47.84.203.7	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.203.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	36.106.167.109	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.167.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	116.178.129.233	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	1.83.125.115	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 1.83.125.115 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	144.123.76.168	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 144.123.76.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	112.122.236.75	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.122.236.75 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-18
IPv4	36.141.93.74	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 36.141.93.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	192.241.178.14	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 192.241.178.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	223.199.174.43	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 223.199.174.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	171.8.138.34	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 171.8.138.34 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-18
IPv4	176.223.15.113	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 176.223.15.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-04-18
IPv4	223.123.35.132	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 223.123.35.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	37.220.123.125	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 37.220.123.125 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-18
IPv4	162.243.249.124	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 162.243.249.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	18.97.5.7	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 18.97.5.7 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	220.250.10.170	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.10.170 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	114.97.191.77	Score: 80/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, cowrie. This attacker IP (114.97.191.77) is likely a commodity threat actor targeting healthcare sector systems via SSH brute-force attacks against honeypots. Observed interacting with the medtech-hp-01 honeypot using common credential patterns, indicative of automated tooling rather than advanced persistent techniques. Limited impact to date, but poses moderate risk to ...	2026-04-18
IPv4	14.135.74.87	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 14.135.74.87 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).	2026-04-18
IPv4	180.95.231.134	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 180.95.231.134 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	27.47.26.141	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.26.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-18
IPv4	91.126.40.196	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 91.126.40.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-18
IPv4	182.138.158.57	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 182.138.158.57 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-18
IPv4	110.177.178.24	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 110.177.178.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-18
IPv4	116.110.211.181	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 116.110.211.181 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 6 times when connecting to db4lamedtech between 2026-04-18 22:32 and 2026-04-18 22:56 UTC.	2026-04-18
IPv4	113.230.28.252	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 113.230.28.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	185.247.137.173	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	189.137.129.243	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 189.137.129.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	113.206.178.228	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 113.206.178.228 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	116.30.192.148	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 116.30.192.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	173.79.214.163	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 173.79.214.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	213.149.178.117	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 213.149.178.117 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	27.47.24.23	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. This attacker IP from Guangzhou, China, is likely a commodity threat actor targeting energy sector systems via SSH/Telnet brute-force attacks. Observed exploiting honeypot petroleum-hp-01 using automated credential guessing, indicative of low-sophistication tooling. Limited impact confined to reconnaissance attempts with no confirmed malware deplo...	2026-04-19
IPv4	117.89.89.18	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 117.89.89.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	118.212.121.148	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	186.66.73.232	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 186.66.73.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	47.236.69.140	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.236.69.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	27.47.25.76	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.25.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	44.220.185.229	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 44.220.185.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	157.230.44.122	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 157.230.44.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	37.221.194.216	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP 37.221.194.216 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; Website-info.net-Robot; https://web...' 4 times when connecting to db4lamedtech between 2026-04-19 00:00 and 2026-04-19 00:00 UTC.	2026-04-19
IPv4	192.210.150.199	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 192.210.150.199 observed using TLS client fingerprint 'Unknown TLS Client (627cf90ec23b)' 2 times when connecting to mdms1 between 2026-04-18 23:56 and 2026-04-18 23:56 UTC.	2026-04-19
IPv4	139.59.15.155	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP 139.59.15.155 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 10 times when connecting to offbackup1 between 2026-04-18 23:23 and 2026-04-18 23:58 UTC.	2026-04-19
IPv4	82.158.231.29	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 82.158.231.29 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-18 23:23 and 2026-04-19 00:04 UTC.	2026-04-19
IPv4	211.59.174.163	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 211.59.174.163 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0' 4 times when connecting to mdms1 between 2026-04-18 23:21 and 2026-04-18 23:21 UTC.	2026-04-19
IPv4	95.220.229.232	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 95.220.229.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	47.251.116.252	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.116.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	110.177.183.200	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.183.200 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	101.249.60.255	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 101.249.60.255 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	60.218.58.58	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 60.218.58.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	51.158.203.184	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 51.158.203.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-19
IPv4	116.178.128.104	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.104 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	117.3.2.35	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 117.3.2.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	144.123.77.54	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 144.123.77.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	221.207.35.88	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 221.207.35.88 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	94.102.49.125	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 94.102.49.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	139.59.96.164	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 139.59.96.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	222.94.32.37	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.94.32.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	114.97.191.58	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.191.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	198.11.177.57	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 198.11.177.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	59.52.103.113	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.52.103.113 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	118.212.123.183	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.123.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	116.178.131.189	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.178.131.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-19
IPv4	59.173.109.155	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.155 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	218.31.137.254	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 218.31.137.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	87.236.176.47	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	160.119.154.193	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 160.119.154.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, multi-reported).	2026-04-19
IPv4	137.184.204.143	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 137.184.204.143 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 6 times when connecting to db1lapetro between 2026-04-19 00:57 and 2026-04-19 01:04 UTC.	2026-04-19
IPv4	50.2.161.27	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 50.2.161.27 observed using SSH client fingerprint 'Unknown SSH Client (c118de82e19e)' 5 times when connecting to db4lamedtech between 2026-04-19 00:28 and 2026-04-19 00:29 UTC.	2026-04-19
IPv4	210.79.191.205	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 210.79.191.205 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to mdms1 between 2026-04-19 00:07 and 2026-04-19 00:50 UTC.	2026-04-19
IPv4	77.239.125.12	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 77.239.125.12 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-19 00:02 and 2026-04-19 00:39 UTC.	2026-04-19
IPv4	213.225.14.165	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 213.225.14.165 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to db1lapetro between 2026-04-18 23:38 and 2026-04-19 00:23 UTC.	2026-04-19
IPv4	49.228.244.133	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 49.228.244.133 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (22 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	59.103.108.126	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 59.103.108.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	116.178.130.188	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.188 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	59.173.108.67	Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.108.67 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	43.248.109.243	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 43.248.109.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	221.207.34.50	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 221.207.34.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	143.198.88.49	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 143.198.88.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	121.143.108.102	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 121.143.108.102 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-19
IPv4	61.107.201.84	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 61.107.201.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	14.135.75.72	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.75.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	116.178.128.151	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	222.95.168.113	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 222.95.168.113 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	119.30.119.33	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 119.30.119.33 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d); AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	222.95.168.134	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 222.95.168.134 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	39.112.249.86	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 39.112.249.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	116.178.129.224	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.224 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	134.122.74.27	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 134.122.74.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-19
IPv4	20.203.102.60	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 20.203.102.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	1.177.63.19	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 1.177.63.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	47.77.224.160	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.77.224.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	47.250.140.130	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.250.140.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	139.135.45.233	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 139.135.45.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	159.89.123.129	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata	2026-04-19
IPv4	182.119.225.121	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 182.119.225.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	94.156.14.80	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 94.156.14.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level4); AbuseIPDB (brute-force, critical, ftp-brute).	2026-04-19
IPv4	27.47.24.255	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 27.47.24.255 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	110.177.183.19	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.183.19 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	112.217.199.222	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Sejong, South Korea (AS3786, LG DACOM Corporation). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 3 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process k...	2026-04-19
IPv4	118.212.121.126	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.121.126 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	206.189.81.157	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 206.189.81.157 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-19
IPv4	8.34.210.48	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 8.34.210.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, ftp-brute).	2026-04-19
IPv4	106.13.190.191	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 106.13.190.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-04-19
IPv4	220.250.10.22	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.10.22 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	59.173.110.27	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.27 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	191.55.229.201	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 191.55.229.201 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	112.237.187.97	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 112.237.187.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	110.177.176.14	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.176.14 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	116.178.131.184	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.184 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	201.27.236.113	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 201.27.236.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	223.199.168.30	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 223.199.168.30 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	58.243.46.220	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.46.220 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	116.178.128.211	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	14.135.74.183	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	172.213.136.193	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 172.213.136.193 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 144 times when connecting to mdms1 between 2026-04-19 03:08 and 2026-04-19 03:09 UTC.	2026-04-19
IPv4	34.95.197.36	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 34.95.197.36 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-19 02:57 and 2026-04-19 03:47 UTC.	2026-04-19
IPv4	103.143.231.24	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 103.143.231.24 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-19 02:55 and 2026-04-19 03:35 UTC.	2026-04-19
IPv4	223.123.72.144	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 223.123.72.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	176.116.56.92	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 176.116.56.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	223.17.111.233	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 223.17.111.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-19
IPv4	80.85.246.74	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 80.85.246.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	162.243.77.244	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.243.77.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	182.119.224.64	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.224.64 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-19
IPv4	182.242.169.20	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.242.169.20 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	106.1.128.94	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 106.1.128.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	59.52.103.123	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.52.103.123 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	179.33.210.213	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 179.33.210.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	107.172.180.205	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 107.172.180.205 observed using TLS client fingerprint 'Unknown TLS Client (91c1469a7b78)' 4 times when connecting to db4lamedtech between 2026-04-19 05:02 and 2026-04-19 05:02 UTC.	2026-04-19
IPv4	121.29.85.237	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 121.29.85.237 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	182.242.168.185	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	182.119.228.176	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 182.119.228.176 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	31.56.196.120	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Helsinki, Finland. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 5 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of 19 malware samples. SSH ...	2026-04-19
IPv4	34.68.34.73	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. Attacker IP 34.68.34.73 observed using TLS client fingerprint 'Unknown TLS Client (5097cc59300b)' 4 times when connecting to offbackup1 between 2026-04-19 04:27 and 2026-04-19 04:34 UTC.	2026-04-19
IPv4	118.212.120.142	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 118.212.120.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	41.214.41.189	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 41.214.41.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	112.46.212.187	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 112.46.212.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	175.107.211.28	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 175.107.211.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	182.119.230.204	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.230.204 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	15.237.177.126	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 15.237.177.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	170.244.82.106	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 170.244.82.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	176.65.149.20	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 176.65.149.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	168.144.46.253	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 168.144.46.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-19
IPv4	27.47.25.166	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.25.166 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	106.117.110.160	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.117.110.160 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	149.50.114.248	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 149.50.114.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	123.163.114.209	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.163.114.209 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	116.172.200.107	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.172.200.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	165.22.23.144	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 165.22.23.144 observed using SSH client fingerprint 'Unknown SSH Client (c118de82e19e)' 4 times when connecting to mdms1 between 2026-04-19 05:53 and 2026-04-19 05:54 UTC.	2026-04-19
IPv4	45.131.155.103	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 45.131.155.103 observed using TLS client fingerprint 'Unknown TLS Client (5dfe0f5f4cc2)' 11 times when connecting to mdms1 between 2026-04-19 05:17 and 2026-04-19 05:17 UTC.	2026-04-19
IPv4	181.233.152.49	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 181.233.152.49 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 23 times when connecting to db1lapetro between 2026-04-19 05:03 and 2026-04-19 06:03 UTC.	2026-04-19
IPv4	143.110.253.198	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 143.110.253.198 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 33 times when connecting to offbackup1 between 2026-04-19 04:31 and 2026-04-19 05:19 UTC.	2026-04-19
IPv4	14.135.74.16	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 14.135.74.16 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	42.0.89.217	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 42.0.89.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	171.120.24.216	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.120.24.216 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	182.88.191.12	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.88.191.12 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	60.13.6.108	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	116.172.249.18	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. The IP 116.172.249.18, associated with China Unicom's backbone network, is likely a commodity attacker using automated tools to conduct SSH brute-force attacks against healthcare sector honeypots. Observed targeting medtech-hp-01 via honeytrap with attempts to exploit default credentials (e.g., 'root'/'admin'), indicating low sophistication and focus on credentia...	2026-04-19
IPv4	171.36.7.37	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 171.36.7.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	116.178.128.134	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.134 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-19
IPv4	114.199.196.216	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 114.199.196.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	112.46.213.43	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.213.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	118.194.250.95	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 118.194.250.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	60.13.7.53	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	106.117.110.246	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 106.117.110.246 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	144.123.76.124	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 144.123.76.124 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	116.172.201.228	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.172.201.228 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-19
IPv4	80.212.252.177	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 80.212.252.177 observed using SSH client fingerprint 'Unknown SSH Client (c118de82e19e)' 3 times when connecting to offbackup1 between 2026-04-19 06:57 and 2026-04-19 06:58 UTC.	2026-04-19
IPv4	220.134.94.69	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 220.134.94.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	144.31.164.241	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 144.31.164.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	106.117.110.229	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.110.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	202.111.183.254	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 202.111.183.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	159.65.2.115	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 159.65.2.115 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	123.245.84.165	Score: 55/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.245.84.165 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-04-19
IPv4	47.84.140.29	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.140.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	58.59.110.138	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.59.110.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-19
IPv4	171.36.6.162	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.36.6.162 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	122.96.28.236	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 122.96.28.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	103.109.137.10	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. This attacker IP (103.109.137.10) is likely an automated scanner or botnet node targeting healthcare sector systems via SSH/Telnet protocols. Observed probing a Dionaea honeypot with basic command sessions, suggesting low-to-medium sophistication. The IP's association with GTI-malicious classification and Firehol Level 3 listing indicates pote...	2026-04-19
IPv4	104.223.22.102	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata	2026-04-19
IPv4	1.94.215.60	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 1.94.215.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	116.178.131.253	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	66.132.172.237	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.172.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	110.177.180.91	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.180.91 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	120.32.92.158	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 120.32.92.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	194.187.179.72	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-19
IPv4	171.120.157.136	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.120.157.136 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	113.206.129.23	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 113.206.129.23 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	116.178.128.106	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 116.178.128.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	183.92.115.197	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 183.92.115.197 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	222.176.201.124	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.201.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	168.144.29.34	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, fatt. Attacker IP 168.144.29.34 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to mdms1 between 2026-04-19 07:50 and 2026-04-19 07:50 UTC.	2026-04-19
IPv4	82.25.35.169	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 82.25.35.169 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 3 times when connecting to mdms1 between 2026-04-19 07:39 and 2026-04-19 07:39 UTC.	2026-04-19
IPv4	123.235.91.95	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 123.235.91.95 observed using SSH client fingerprint 'Unknown SSH Client (c118de82e19e)' 3 times when connecting to db1lapetro between 2026-04-19 07:38 and 2026-04-19 07:38 UTC.	2026-04-19
IPv4	180.111.30.117	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.111.30.117 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-19
IPv4	14.135.75.19	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 14.135.75.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	185.226.197.62	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.226.197.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	59.173.108.193	Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.193 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	106.117.114.127	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.114.127 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	138.75.69.4	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 138.75.69.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	171.116.202.199	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.116.202.199 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	171.36.6.76	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.36.6.76 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	220.167.233.86	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 220.167.233.86 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	121.29.84.215	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.84.215 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	118.212.121.9	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.9 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	221.207.35.246	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (221.207.35.246) is likely a commodity attacker targeting energy sector infrastructure, observed exploiting SSH honeypots (e.g., petroleum-hp-01) via brute-force credential attempts and command injection. The actor used basic tools like Cowrie to probe systems, suggesting limited sophistication but potential for broader ...	2026-04-19
IPv4	217.165.229.12	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 217.165.229.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	180.95.238.237	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 180.95.238.237 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-19
IPv4	123.163.114.139	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.163.114.139 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-19
IPv4	164.90.176.246	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 164.90.176.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	106.4.161.74	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.4.161.74 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	62.101.244.51	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 62.101.244.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	106.117.110.85	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 106.117.110.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-19
IPv4	180.95.238.182	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.182 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	189.248.133.168	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 189.248.133.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	89.190.156.27	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 89.190.156.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	117.15.94.40	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.15.94.40 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	119.48.135.139	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 119.48.135.139 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	122.228.62.153	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 122.228.62.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	185.226.196.22	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.226.196.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	108.36.216.161	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 108.36.216.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	113.57.187.238	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 113.57.187.238 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	47.84.201.0	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.201.0 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	47.84.186.80	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.186.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	116.178.130.79	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.130.79 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	47.84.204.178	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.204.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	47.250.42.174	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.250.42.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	175.107.3.191	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 175.107.3.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	116.178.131.4	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.4 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	109.169.10.3	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 109.169.10.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	171.36.6.69	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 171.36.6.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	123.245.85.222	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	138.68.178.174	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 138.68.178.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-19
IPv4	101.126.151.92	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.126.151.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-19
IPv4	222.176.200.116	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	44.252.134.205	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 44.252.134.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	59.173.110.133	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.133 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-19
IPv4	182.119.227.103	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.227.103 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	101.249.60.58	Score: 75/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 101.249.60.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	123.160.233.80	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.160.233.80 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	5.183.29.210	Score: 85/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 5.183.29.210 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (15 commands), 1 malware samples. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	116.178.131.76	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 116.178.131.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	188.143.244.141	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 188.143.244.141 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 X11; Ubuntu; Linux x86_64; rv:126.0 Gecko/201001...' 5 times when connecting to db1lapetro between 2026-04-19 09:07 and 2026-04-19 09:13 UTC.	2026-04-19
IPv4	78.100.64.148	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 78.100.64.148 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to mdms1 between 2026-04-19 09:01 and 2026-04-19 09:46 UTC.	2026-04-19
IPv4	120.138.6.3	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 120.138.6.3 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 32 times when connecting to db4lamedtech between 2026-04-19 08:56 and 2026-04-19 09:38 UTC.	2026-04-19
IPv4	36.41.186.9	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 36.41.186.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	182.45.145.10	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 182.45.145.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-04-19
IPv4	144.123.76.125	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 144.123.76.125 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	209.38.110.64	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 209.38.110.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-19
IPv4	124.117.192.122	Score: 95/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.117.192.122 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-19
IPv4	123.144.20.180	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.144.20.180 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	60.13.6.251	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.13.6.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	118.212.121.167	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This attacker IP (118.212.121.167) is likely a commodity threat actor targeting healthcare sector devices, observed attempting SSH brute-force attacks against a medtech honeypot (medtech-hp-01). The low-sophistication approach suggests automated tooling rather than advanced persistent threats, with potential impact on medical device access or data ...	2026-04-19
IPv4	110.177.179.216	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 110.177.179.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	209.38.107.164	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 209.38.107.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	109.105.210.83	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 109.105.210.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	167.71.66.173	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 167.71.66.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, multi-reported).	2026-04-19
IPv4	87.106.187.209	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Germany (AS8560, IONOS SE). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 4 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, firewall manip...	2026-04-19
IPv4	220.167.233.174	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This attacker IP (220.167.233.174) is likely a commodity attacker targeting healthcare sector SSH services via brute-force attacks against honeypots. Observed interaction with the cowrie-based honeypot mdms-hp-01 suggests attempts to exploit weak credentials, consistent with low-sophistication automated tools. While not highly sophisticated, ...	2026-04-19
IPv4	188.166.234.144	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 188.166.234.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	116.178.130.115	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.178.130.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-19
IPv4	198.50.152.30	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 198.50.152.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	27.47.26.222	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.47.26.222 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	47.77.182.54	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.77.182.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	59.173.109.13	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (59.173.109.13) is likely a commodity attacker targeting healthcare sector systems via SSH brute-force attacks against honeypots. Observed attempting access to mdms-hp-01 using honeytrap mechanisms, suggesting automated tooling focused on credential guessing rather than advanced persistence. Limited sophistication indicated by lack of...	2026-04-19
IPv4	118.99.80.33	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 118.99.80.33 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-19 09:31 and 2026-04-19 10:22 UTC.	2026-04-19
IPv4	101.249.63.227	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 101.249.63.227 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	159.89.161.155	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.89.161.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	142.93.132.154	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 142.93.132.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	68.44.81.167	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 68.44.81.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	27.47.27.2	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.27.2 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	116.178.128.66	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.128.66 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	176.65.139.50	Score: 55/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 176.65.139.50 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (critical, exploited-host, hacking).	2026-04-19
IPv4	59.52.102.136	Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.52.102.136 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	14.135.74.44	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 14.135.74.44 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-19
IPv4	110.177.177.106	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 110.177.177.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	106.117.117.48	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.117.48 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	180.111.30.144	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 180.111.30.144 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	59.52.103.216	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 59.52.103.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	115.190.203.62	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 115.190.203.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-19
IPv4	88.134.110.36	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 88.134.110.36 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 15 times when connecting to mdms1 between 2026-04-19 12:14 and 2026-04-19 12:14 UTC.	2026-04-19
IPv4	116.178.131.199	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 116.178.131.199 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	135.181.99.121	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 135.181.99.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	159.65.144.102	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 159.65.144.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	36.106.167.152	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 36.106.167.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	197.242.151.4	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 197.242.151.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	157.245.103.109	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 157.245.103.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	218.64.60.239	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 218.64.60.239 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	222.176.201.227	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-19
IPv4	103.248.93.98	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 103.248.93.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	114.97.190.89	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.190.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-19
IPv4	59.173.108.97	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 59.173.108.97 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-19
IPv4	1.193.63.214	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 1.193.63.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	175.107.205.69	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 175.107.205.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	116.178.129.52	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	68.183.26.25	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 68.183.26.25 observed using TLS client fingerprint 'Unknown TLS Client (5a17bf06e2bd)' 3 times when connecting to offbackup1 between 2026-04-19 11:33 and 2026-04-19 11:33 UTC.	2026-04-19
IPv4	165.154.4.105	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 165.154.4.105 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-19 11:20 and 2026-04-19 12:03 UTC.	2026-04-19
IPv4	42.115.137.76	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 42.115.137.76 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-19 11:15 and 2026-04-19 12:07 UTC.	2026-04-19
IPv4	154.124.106.55	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 154.124.106.55 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 8 times when connecting to offbackup1 between 2026-04-19 10:58 and 2026-04-19 11:22 UTC.	2026-04-19
IPv4	163.245.218.253	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 163.245.218.253 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 29 times when connecting to db4lamedtech between 2026-04-19 10:49 and 2026-04-19 11:29 UTC.	2026-04-19
IPv4	106.117.111.49	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 106.117.111.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	185.247.137.71	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	59.52.103.10	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP is likely a commodity attacker targeting healthcare sector SSH services via brute-force attempts using default credentials. The actor interacted with a honeypot (medtech-hp-01) through SSH, suggesting low sophistication and focus on credential theft rather than advanced persistence. Limited impact observed, though aligned with broader...	2026-04-19
IPv4	66.167.169.176	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.167.169.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	103.167.172.122	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 103.167.172.122 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	182.242.168.179	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	66.132.186.212	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.186.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	8.222.233.188	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 8.222.233.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-19
IPv4	47.237.205.173	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.205.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	101.249.62.166	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.249.62.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	124.117.193.21	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.193.21 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-04-19
IPv4	49.143.82.212	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 49.143.82.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	18.97.26.110	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 18.97.26.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	124.117.192.134	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	112.122.237.97	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.122.237.97 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	106.14.124.92	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 106.14.124.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	123.145.22.219	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 123.145.22.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, port-scan).	2026-04-19
IPv4	112.94.189.38	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.189.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	116.178.131.142	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	109.105.210.85	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 109.105.210.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	182.218.116.96	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 182.218.116.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	141.98.11.159	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 141.98.11.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	159.65.122.151	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. Attacker IP 159.65.122.151 observed using HTTP client fingerprint 'HTTP Client (d41d8cd98f00)' 3 times when connecting to db1lapetro between 2026-04-19 13:17 and 2026-04-19 13:17 UTC.	2026-04-19
IPv4	101.126.21.156	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 101.126.21.156 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-19
IPv4	47.108.225.192	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.108.225.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, high).	2026-04-19
IPv4	139.59.118.51	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 139.59.118.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	142.93.110.22	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 142.93.110.22 observed using TLS client fingerprint 'Unknown TLS Client (b213b642d5cb)' 21 times when connecting to offbackup1 between 2026-04-19 13:05 and 2026-04-19 13:05 UTC.	2026-04-19
IPv4	27.47.24.44	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.24.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	123.145.36.217	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.145.36.217 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	134.209.158.177	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 134.209.158.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	101.249.62.158	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.62.158 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	124.227.31.103	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 124.227.31.103 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	172.237.44.215	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 172.237.44.215 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 245 times when connecting to db4lamedtech between 2026-04-19 12:01 and 2026-04-19 12:45 UTC.	2026-04-19
IPv4	23.94.133.71	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 23.94.133.71 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/...' 2 times when connecting to db4lamedtech between 2026-04-19 11:52 and 2026-04-19 11:52 UTC.	2026-04-19
IPv4	82.67.128.170	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 82.67.128.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	43.226.37.251	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 43.226.37.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-19
IPv4	38.76.214.64	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 38.76.214.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	103.143.231.2	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 103.143.231.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	59.173.108.18	Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.18 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	101.249.63.196	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 101.249.63.196 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	116.178.128.174	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.174 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-19
IPv4	121.29.149.19	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	139.59.66.130	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 139.59.66.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	222.176.200.107	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.107 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	221.207.35.184	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.35.184 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	27.47.26.71	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.26.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	182.119.229.254	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.229.254 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	116.178.131.147	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	123.245.84.227	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	110.177.180.61	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.180.61 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	59.173.111.131	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.111.131 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	106.75.163.178	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 106.75.163.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	175.30.48.204	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 175.30.48.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	27.71.84.200	Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 27.71.84.200 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (exploited-host, hacking, high).	2026-04-19
IPv4	151.115.90.242	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 151.115.90.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-19
IPv4	20.216.153.41	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.216.153.41 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 275 times when connecting to db4lamedtech between 2026-04-19 14:01 and 2026-04-19 14:02 UTC.	2026-04-19
IPv4	4.186.56.66	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 4.186.56.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	36.106.167.215	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 36.106.167.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	121.29.149.9	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 121.29.149.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-19
IPv4	175.196.135.77	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 175.196.135.77 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	59.173.111.117	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.111.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	112.94.191.93	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.94.191.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	1.94.245.79	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-04-19
IPv4	110.177.181.70	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 110.177.181.70 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-19
IPv4	220.250.11.145	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 220.250.11.145 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	116.178.129.40	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.40 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	119.48.134.159	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 119.48.134.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	182.119.228.113	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.228.113 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	180.95.238.88	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.88 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	182.119.227.45	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 182.119.227.45 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	182.119.226.18	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.226.18 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	27.47.25.251	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (27.47.25.251) is likely a commodity attacker node originating from China Unicom Guangzhou, targeting healthcare sector honeypots via SSH brute-force attacks. Observed activity includes honeytrap interactions with mdms-hp-01, suggesting use of common credentials or automated scanning tools. The low sophistication and limited detection ac...	2026-04-19
IPv4	171.12.10.9	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 171.12.10.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	106.117.110.232	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.117.110.232 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	121.29.149.246	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	59.173.110.242	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	27.47.24.122	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.24.122 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	58.212.237.22	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.212.237.22 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	45.61.184.223	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. IP observed in Suricata network metadata	2026-04-19
IPv4	44.220.185.124	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 44.220.185.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-04-19
IPv4	58.243.47.113	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 58.243.47.113 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	116.178.129.171	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 116.178.129.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	39.105.37.102	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 39.105.37.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	60.16.201.195	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 60.16.201.195 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	36.106.166.154	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 36.106.166.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	219.78.212.97	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 219.78.212.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	60.13.6.249	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 60.13.6.249 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-19
IPv4	106.12.170.135	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 106.12.170.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	221.207.34.115	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 221.207.34.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	46.151.182.163	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 46.151.182.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	116.178.130.114	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	119.48.135.95	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 119.48.135.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	220.250.10.118	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.10.118 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	185.247.137.238	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	58.16.114.232	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included delivery of 1 malware sample. 2 events.	2026-04-19
IPv4	47.236.159.204	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.236.159.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	27.47.24.158	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.24.158 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	159.65.188.17	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 159.65.188.17 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to db4lamedtech between 2026-04-19 15:28 and 2026-04-19 15:28 UTC.	2026-04-19
IPv4	116.99.174.174	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 116.99.174.174 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 13 times when connecting to mdms1 between 2026-04-19 14:38 and 2026-04-19 15:23 UTC.	2026-04-19
IPv4	27.79.5.46	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 27.79.5.46 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 14 times when connecting to db4lamedtech between 2026-04-19 14:36 and 2026-04-19 15:21 UTC.	2026-04-19
IPv4	118.212.122.250	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.250 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	106.117.104.198	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 106.117.104.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	117.159.39.226	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 117.159.39.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	59.173.108.253	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.253 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	165.22.212.55	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 165.22.212.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	182.119.230.88	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.230.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	58.243.46.176	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.46.176 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	47.243.247.4	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.243.247.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	221.232.125.226	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 221.232.125.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	101.36.106.43	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 101.36.106.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	123.245.85.130	Score: 90/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.130 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-04-19
IPv4	222.95.168.240	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 222.95.168.240 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-19
IPv4	58.19.143.178	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 58.19.143.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	87.236.176.132	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	98.80.4.22	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 98.80.4.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	58.243.46.232	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 58.243.46.232 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	124.29.214.78	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 124.29.214.78 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	59.173.108.218	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.108.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	171.37.92.253	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.37.92.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	1.83.125.182	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 1.83.125.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	68.183.236.46	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 68.183.236.46 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to offbackup1 between 2026-04-19 16:06 and 2026-04-19 16:51 UTC.	2026-04-19
IPv4	52.255.183.238	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 52.255.183.238 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-19 16:01 and 2026-04-19 16:41 UTC.	2026-04-19
IPv4	143.198.45.31	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 143.198.45.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	87.236.176.115	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. This attacker IP (87.236.176.115) is likely an automated brute-force actor associated with Driftnet Ltd (AS211298), targeting SSH services in the technology sector via Cowrie honeypots. Observed activity includes rapid credential stuffing attempts using a Go-based SSH client (HASSH: 16443846184e...), suggesting low-sophistication automated scanni...	2026-04-19
IPv4	94.26.106.246	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 94.26.106.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	176.65.139.20	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 176.65.139.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	101.96.195.62	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 101.96.195.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	116.178.129.199	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	52.55.58.190	Score: 55/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 52.55.58.190 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-04-19
IPv4	123.117.152.83	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 123.117.152.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-19
IPv4	23.129.64.178	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 23.129.64.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	118.212.122.163	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.163 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	106.4.161.139	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 106.4.161.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	110.177.176.60	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. This IP (110.177.176.60) is likely a commodity attacker associated with automated SSH brute-force campaigns targeting energy sector infrastructure. Observed attempting access to honeypot petroleum-hp-01 using SSH, with no malware or data exfiltration detected. Attack patterns suggest low sophistication, relying on credential stuffing rather t...	2026-04-19
IPv4	129.159.149.21	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 129.159.149.21 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	157.230.36.62	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 157.230.36.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	182.88.191.231	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.88.191.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	220.250.11.123	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.11.123 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	1.83.125.45	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 1.83.125.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-19
IPv4	108.254.64.17	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 108.254.64.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	171.12.10.142	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 171.12.10.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	43.100.93.138	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 43.100.93.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-19
IPv4	118.212.120.28	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 118.212.120.28 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	103.5.210.47	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Vietnam (AS38253, Hanoi Telecom JSC). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included delivery of 1 malware sample. 2 events.	2026-04-19
IPv4	101.249.61.156	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.61.156 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level4).	2026-04-19
IPv4	119.48.135.228	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 119.48.135.228 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	14.96.160.226	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 14.96.160.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	182.119.226.45	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.226.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	87.236.176.135	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	182.242.169.33	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.242.169.33 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	220.154.133.141	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 220.154.133.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-19
IPv4	59.173.111.33	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.111.33 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	87.236.176.187	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	222.176.200.90	Score: 70/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. This IP (222.176.200.90) is likely a commodity attacker originating from China, targeting healthcare sector honeypots via SSH brute-force attacks using common credentials. Observed interaction with the mdms-hp-01 honeypot suggests focus on medical device management systems, leveraging automated tools for credential guessing and initial access attempts.	2026-04-19
IPv4	14.135.74.98	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 14.135.74.98 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	14.1.104.230	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 14.1.104.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	218.93.206.26	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 218.93.206.26 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 2 times when connecting to mdms1 between 2026-04-19 18:47 and 2026-04-19 18:47 UTC.	2026-04-19
IPv4	34.186.248.28	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 34.186.248.28 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Linux; Android 13; Infinix X688B) AppleWebKit/5...' 7 times when connecting to mdms1 between 2026-04-19 18:32 and 2026-04-19 18:32 UTC.	2026-04-19
IPv4	176.147.144.172	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 176.147.144.172 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to db1lapetro between 2026-04-19 17:31 and 2026-04-19 18:05 UTC.	2026-04-19
IPv4	110.177.179.116	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.179.116 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	112.122.236.35	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.122.236.35 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-19
IPv4	116.178.129.144	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.178.129.144 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	221.199.73.131	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 221.199.73.131 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	118.212.120.17	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	60.13.6.170	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 60.13.6.170 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	114.97.190.153	Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.190.153 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-19
IPv4	153.0.126.52	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 153.0.126.52 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	175.140.228.55	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 175.140.228.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	117.40.114.2	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 117.40.114.2 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	1.85.218.196	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.85.218.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	27.47.24.64	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.24.64 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	182.119.228.119	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 182.119.228.119 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-04-19
IPv4	45.152.180.202	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, cowrie. IP observed in Suricata network metadata	2026-04-19
IPv4	112.122.237.126	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.122.237.126 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	1.83.125.168	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 1.83.125.168 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	118.212.121.222	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 118.212.121.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	101.249.62.87	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 101.249.62.87 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	141.155.143.246	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 141.155.143.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	118.212.122.113	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-19
IPv4	157.157.221.246	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 157.157.221.246 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 27 times when connecting to mdms1 between 2026-04-19 18:55 and 2026-04-19 19:31 UTC.	2026-04-19
IPv4	59.173.110.214	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.214 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	112.122.237.186	Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 112.122.237.186 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-19
IPv4	222.176.200.255	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 222.176.200.255 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	222.176.200.185	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	47.77.236.190	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.77.236.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	44.220.185.162	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 44.220.185.162 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	36.106.167.201	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.167.201 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	36.106.167.175	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.167.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-19
IPv4	110.37.48.162	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 110.37.48.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	116.178.128.115	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 116.178.128.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	60.13.6.19	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. The IP 60.13.6.19, associated with China Unicom's backbone network (AS4837), is likely a commodity attacker using automated SSH brute-force techniques against energy sector honeypots. Observed targeting petroleum-hp-01 via honeytrap with default credential attempts (e.g., 'admin:admin'), indicating low sophistication and potential botnet-driv...	2026-04-19
IPv4	14.135.75.1	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 14.135.75.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	222.176.201.87	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-19
IPv4	14.135.74.210	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	121.29.149.239	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 121.29.149.239 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	91.92.241.223	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 91.92.241.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	59.173.111.99	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.173.111.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	117.40.113.29	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 117.40.113.29 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	121.29.149.140	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 121.29.149.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	222.176.201.246	Score: 85/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 222.176.201.246 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	116.178.129.47	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.129.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	106.117.116.176	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.116.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	222.176.200.127	Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 222.176.200.127 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	194.26.192.253	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 194.26.192.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	193.163.125.115	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 193.163.125.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	59.173.109.49	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.109.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-19
IPv4	118.196.117.234	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 118.196.117.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	2.26.54.60	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 2.26.54.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	4.231.224.223	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 4.231.224.223 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 159 times when connecting to db4lamedtech between 2026-04-19 21:01 and 2026-04-19 21:02 UTC.	2026-04-19
IPv4	68.69.177.112	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 68.69.177.112 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 9 times when connecting to db1lapetro between 2026-04-19 20:32 and 2026-04-19 20:32 UTC.	2026-04-19
IPv4	4.157.39.13	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 4.157.39.13 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 4 times when connecting to offbackup1 between 2026-04-19 20:32 and 2026-04-19 20:33 UTC.	2026-04-19
IPv4	172.202.75.66	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 172.202.75.66 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 109 times when connecting to db4lamedtech between 2026-04-19 20:17 and 2026-04-19 20:18 UTC.	2026-04-19
IPv4	185.180.141.70	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.180.141.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	108.189.70.72	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 108.189.70.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	123.245.84.110	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 123.245.84.110 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	112.122.237.81	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 112.122.237.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	198.176.61.178	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 198.176.61.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-19
IPv4	178.62.255.187	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 178.62.255.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	134.199.206.42	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 134.199.206.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-19
IPv4	139.135.40.239	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 139.135.40.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	110.177.183.11	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 110.177.183.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	180.95.238.59	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-19
IPv4	60.13.6.94	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 60.13.6.94 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-19
IPv4	110.177.180.14	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 110.177.180.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-19
IPv4	121.29.149.120	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 121.29.149.120 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-19
IPv4	110.177.183.137	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 110.177.183.137 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-19
IPv4	47.251.55.106	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 47.251.55.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-19
IPv4	216.73.216.135	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 216.73.216.135 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatibl...' 2 times when connecting to db1lapetro between 2026-04-19 21:34 and 2026-04-19 21:34 UTC.	2026-04-19
IPv4	207.244.227.110	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 207.244.227.110 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-04-19 21:31 and 2026-04-19 21:32 UTC.	2026-04-19