Pulse Detail — Threat Intelligence

PULSE NAME

TSEC Honeypot: Exploit Attempt - Week of 2026-04-27

WHITE ladarrellmiller 2026-04-27 Modified: 2026-05-29

2035

IOCs

HIGH VOLUME

Honeypot-observed exploit attempt activity for the week of 2026-04-27. Contains 54 indicators (54 IPv4). Data sourced from TSEC T-Pot honeypot network.

Indicators of Compromise (2035)

All IPv4

TYPE	INDICATOR	DESCRIPTION	CREATED
IPv4	150.95.157.171	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Japan (AS7506, GMO Internet Group, Inc.). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 18 failed login attempts, 18 credential pairs tried across 8 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of 19 mal...	2026-04-29
IPv4	180.18.38.206	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 180.18.38.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	45.156.128.167	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.156.128.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	212.225.186.186	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 212.225.186.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	45.156.87.254	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Eygelshoven, Netherlands (AS51396, Pfcloud UG (haftungsbeschrankt)) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 215 failed login attempts, 215 credential pairs tried across 128 unique usernames, execution of 1 commands (system reconnaissance), delivery of 1 malwa...	2026-04-29
IPv4	27.47.27.211	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.27.211 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-29
IPv4	41.212.50.147	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 41.212.50.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	47.112.215.87	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 47.112.215.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	36.71.184.62	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 36.71.184.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	146.190.103.103	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 146.190.103.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	27.47.24.101	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 27.47.24.101 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-29
IPv4	45.61.151.96	Score: 50/100. Labels: abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:unlisted. 45.61.151.96 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, port-scan, reported).	2026-04-29
IPv4	186.209.190.245	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 186.209.190.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	217.60.245.118	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 217.60.245.118 observed using SSH client fingerprint 'Unknown SSH Client (c118de82e19e)' 2 times when connecting to db1lapetro between 2026-04-29 13:24 and 2026-04-29 13:24 UTC.	2026-04-29
IPv4	118.145.243.156	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 118.145.243.156 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 4 times when connecting to db4lamedtech between 2026-04-29 13:23 and 2026-04-29 13:23 UTC.	2026-04-29
IPv4	193.138.7.158	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 193.138.7.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, high).	2026-04-29
IPv4	46.8.234.48	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 46.8.234.48 observed using SSH client fingerprint 'Unknown SSH Client (c118de82e19e)' 3 times when connecting to db4lamedtech between 2026-04-29 13:13 and 2026-04-29 13:14 UTC.	2026-04-29
IPv4	171.231.183.33	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 171.231.183.33 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 7 times when connecting to mdms1 between 2026-04-29 12:48 and 2026-04-29 13:13 UTC.	2026-04-29
IPv4	116.110.144.180	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 116.110.144.180 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 15 times when connecting to mdms1 between 2026-04-29 12:33 and 2026-04-29 13:16 UTC.	2026-04-29
IPv4	101.168.8.38	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 101.168.8.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	101.96.196.243	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 101.96.196.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	41.223.116.246	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 41.223.116.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-29
IPv4	194.36.25.4	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 194.36.25.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	223.199.163.7	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 223.199.163.7 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-29
IPv4	192.102.6.28	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported. 192.102.6.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-29
IPv4	68.194.76.237	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 68.194.76.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	47.237.213.121	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.213.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	182.119.226.170	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.226.170 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-29
IPv4	143.110.223.17	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 143.110.223.17 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to db4lamedtech between 2026-04-29 14:22 and 2026-04-29 14:22 UTC.	2026-04-29
IPv4	171.37.190.197	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.37.190.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	121.191.15.164	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 121.191.15.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	220.250.10.122	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.250.10.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	84.79.130.168	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 84.79.130.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	2.242.146.62	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 2.242.146.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	131.221.174.70	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 131.221.174.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	40.124.175.76	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 40.124.175.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	112.46.214.31	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 112.46.214.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	112.46.213.50	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 112.46.213.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-29
IPv4	101.68.47.180	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 101.68.47.180 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-29
IPv4	87.249.134.31	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 87.249.134.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-29
IPv4	67.102.7.208	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 67.102.7.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	59.52.101.214	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 59.52.101.214 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-29
IPv4	112.46.212.232	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 112.46.212.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	193.32.248.130	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 193.32.248.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	165.22.198.19	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 165.22.198.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	101.36.121.22	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 101.36.121.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	220.167.232.76	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 220.167.232.76 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-29
IPv4	112.122.236.245	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 112.122.236.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	64.227.70.2	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 64.227.70.2 observed using TLS client fingerprint 'Unknown TLS Client (922ca5a04ed4)' 2 times when connecting to db1lapetro between 2026-04-29 14:53 and 2026-04-29 14:53 UTC.	2026-04-29
IPv4	45.159.230.92	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 45.159.230.92 observed using SSH client fingerprint 'Unknown SSH Client (57e4cc8ee36c)' 3 times when connecting to mdms1 between 2026-04-29 14:26 and 2026-04-29 15:42 UTC.	2026-04-29
IPv4	104.252.175.235	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 104.252.175.235 observed using SSH client fingerprint 'Unknown SSH Client (63ae64767f33)' 3 times when connecting to db1lapetro between 2026-04-29 14:20 and 2026-04-29 14:20 UTC.	2026-04-29
IPv4	81.68.224.112	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 81.68.224.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, port-scan).	2026-04-29
IPv4	80.90.55.176	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 80.90.55.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-29
IPv4	80.90.55.178	Score: 70/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 80.90.55.178 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-29
IPv4	1.193.63.56	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.193.63.56 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-29
IPv4	223.123.41.65	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 223.123.41.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	20.64.104.20	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.64.104.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	112.46.212.164	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 112.46.212.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	35.205.194.142	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 35.205.194.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	109.51.15.184	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 109.51.15.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	196.218.203.10	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 196.218.203.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	181.28.27.213	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 181.28.27.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	95.230.187.71	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 95.230.187.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	222.255.174.162	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 222.255.174.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-29
IPv4	45.84.61.88	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 45.84.61.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-29
IPv4	186.204.20.106	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 186.204.20.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	120.48.37.54	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 120.48.37.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-29
IPv4	118.123.8.189	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 118.123.8.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	61.216.77.224	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 61.216.77.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	103.108.151.19	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 103.108.151.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	111.196.129.169	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 111.196.129.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	82.213.16.222	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 82.213.16.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	222.255.174.164	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 222.255.174.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	111.56.74.228	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 111.56.74.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	94.72.98.60	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 94.72.98.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	122.176.153.200	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 122.176.153.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-29
IPv4	114.30.81.140	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 114.30.81.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	153.56.129.133	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 153.56.129.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-29
IPv4	218.203.76.173	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 218.203.76.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	197.31.52.146	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 197.31.52.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	110.177.177.228	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 110.177.177.228 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-29
IPv4	151.240.65.160	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 151.240.65.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-29
IPv4	172.200.228.35	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 172.200.228.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	74.7.243.239	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 74.7.243.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	112.46.213.27	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.213.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	118.145.245.82	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 118.145.245.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	171.120.24.242	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.120.24.242 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-29
IPv4	101.249.60.40	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 101.249.60.40 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (hacking, low, port-scan).	2026-04-29
IPv4	1.193.63.244	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 1.193.63.244 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-04-29
IPv4	182.242.168.15	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 182.242.168.15 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-29
IPv4	71.38.182.65	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 71.38.182.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	124.174.16.135	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 124.174.16.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-04-29
IPv4	14.135.74.83	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 14.135.74.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	103.203.46.132	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 103.203.46.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	220.167.233.105	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. This IP address, associated with Qinghai Telecom in China, is likely a commodity attacker node targeting healthcare sector systems. It engaged in SSH brute-force attempts against a medtech honeypot (medtech-hp-01), leveraging common credential patterns. The attack shows limited sophistication, consistent with automated scanning tools rat...	2026-04-29
IPv4	59.173.110.131	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.110.131 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, low).	2026-04-29
IPv4	209.99.188.240	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 209.99.188.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	20.65.192.170	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.65.192.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	114.97.190.101	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 114.97.190.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-29
IPv4	113.254.193.180	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 113.254.193.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	50.116.48.207	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 50.116.48.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	118.212.121.197	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 118.212.121.197 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-29
IPv4	20.65.195.121	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.65.195.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	47.82.163.231	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 47.82.163.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	89.117.0.212	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 89.117.0.212 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, port-scan).	2026-04-29
IPv4	24.244.88.167	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 24.244.88.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	217.142.233.208	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 217.142.233.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	101.249.63.248	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.249.63.248 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level4).	2026-04-29
IPv4	8.138.105.104	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 8.138.105.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	106.117.110.21	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.110.21 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-29
IPv4	114.97.190.42	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 114.97.190.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	167.71.102.181	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 167.71.102.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	123.27.253.120	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 123.27.253.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	147.182.130.22	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 147.182.130.22 observed using TLS client fingerprint 'Unknown TLS Client (5103125acceb)' 2 times when connecting to mdms1 between 2026-04-29 18:05 and 2026-04-29 18:05 UTC.	2026-04-29
IPv4	160.119.76.17	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 160.119.76.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	86.177.76.168	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 86.177.76.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	113.162.54.21	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 113.162.54.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	175.107.233.215	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 175.107.233.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	58.247.254.245	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 58.247.254.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	63.78.118.105	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 63.78.118.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	186.121.246.179	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 186.121.246.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	60.12.218.120	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 60.12.218.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	118.178.225.236	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 118.178.225.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	47.236.224.50	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 47.236.224.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	192.241.151.75	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 192.241.151.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	80.66.66.31	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 80.66.66.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	193.181.46.4	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 193.181.46.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	101.126.18.203	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 101.126.18.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-29
IPv4	8.213.229.126	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 8.213.229.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	72.183.218.216	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 72.183.218.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-29
IPv4	186.77.182.252	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 186.77.182.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	136.117.250.67	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:reported, abuseipdb:reported-export, abuseipdb:web-attack. Attacker IP 136.117.250.67 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Linux; U; Android 10; en-US; CPH2015) AppleWebK...' 7 times when connecting to mdms1 between 2026-04-29 18:53 and 2026-04-29 18:53 UTC.	2026-04-29
IPv4	190.167.237.191	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 190.167.237.191 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to mdms1 between 2026-04-29 18:31 and 2026-04-29 19:04 UTC.	2026-04-29
IPv4	112.46.214.48	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 112.46.214.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-29
IPv4	193.181.46.142	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 193.181.46.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	8.152.206.46	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 8.152.206.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	45.153.34.108	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 45.153.34.108 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, hacking, iot-targeted).	2026-04-29
IPv4	174.48.217.193	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 174.48.217.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	185.214.135.211	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.214.135.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	72.255.19.5	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 72.255.19.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-29
IPv4	8.216.3.2	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 8.216.3.2 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).	2026-04-29
IPv4	185.143.228.221	Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, cowrie. 185.143.228.221 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, high, multi-reported).	2026-04-29
IPv4	117.72.178.222	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 117.72.178.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	220.168.46.34	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 220.168.46.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	185.106.29.187	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.106.29.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	47.84.206.90	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.206.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	89.144.194.106	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 89.144.194.106 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 34 times when connecting to db4lamedtech between 2026-04-29 19:38 and 2026-04-29 20:33 UTC.	2026-04-29
IPv4	43.133.191.75	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 43.133.191.75 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 30 times when connecting to db1lapetro between 2026-04-29 19:19 and 2026-04-29 20:08 UTC.	2026-04-29
IPv4	3.66.157.104	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 3.66.157.104 observed using HTTP client fingerprint 'HTTP Client: curl/8.7.1' 2 times when connecting to db1lapetro between 2026-04-29 19:56 and 2026-04-29 20:18 UTC.	2026-04-29
IPv4	124.198.131.100	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 124.198.131.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	87.236.176.99	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	109.245.231.253	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 109.245.231.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-29
IPv4	178.84.93.95	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 178.84.93.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	104.36.21.137	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Phoenix, United States (AS53767, iCastCenter). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 4 unique usernames, execution of 1 post-compromise commands, delivery of 1 malware sample. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); ...	2026-04-29
IPv4	116.1.148.172	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 116.1.148.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ftp-brute).	2026-04-29
IPv4	121.133.110.250	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 121.133.110.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-29
IPv4	103.200.23.192	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 103.200.23.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	189.167.23.36	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 189.167.23.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	37.143.61.241	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 37.143.61.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-29
IPv4	172.245.11.15	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 172.245.11.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-29
IPv4	122.117.50.83	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 122.117.50.83 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-29
IPv4	91.196.152.133	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 91.196.152.133 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2).	2026-04-29
IPv4	45.192.105.182	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 45.192.105.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-29
IPv4	157.245.144.64	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 157.245.144.64 observed using SSH client fingerprint 'Unknown SSH Client (0a07365cc01f)' 19 times when connecting to mdms1 between 2026-04-29 21:51 and 2026-04-29 22:29 UTC.	2026-04-29
IPv4	113.249.110.181	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 113.249.110.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	165.227.170.113	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 165.227.170.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	60.13.7.238	Score: 55/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 60.13.7.238 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-04-30
IPv4	18.97.19.176	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 18.97.19.176 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-30
IPv4	103.147.33.122	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 103.147.33.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	133.125.43.89	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 133.125.43.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	60.161.136.203	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 60.161.136.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	87.236.176.14	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 87.236.176.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	120.48.153.33	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 120.48.153.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	182.126.113.245	Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.126.113.245 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-04-30
IPv4	85.12.233.65	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 85.12.233.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	106.117.114.84	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.117.114.84 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-30
IPv4	61.243.126.8	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 61.243.126.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	179.137.6.253	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 179.137.6.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	5.26.66.133	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 5.26.66.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	165.232.176.205	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 165.232.176.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-30
IPv4	39.126.101.130	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 39.126.101.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	104.245.105.2	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 104.245.105.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	34.14.21.193	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 34.14.21.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	8.130.142.8	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 8.130.142.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-30
IPv4	62.210.198.124	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 62.210.198.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	90.16.77.10	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 90.16.77.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	122.54.146.157	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 122.54.146.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	101.126.147.41	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan, abuseipdb:reported. 101.126.147.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-30
IPv4	106.12.151.23	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.12.151.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	170.106.179.118	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 170.106.179.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	87.236.176.76	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	172.173.93.93	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 172.173.93.93 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 90 times when connecting to db1lapetro between 2026-04-30 01:23 and 2026-04-30 01:23 UTC.	2026-04-30
IPv4	50.3.85.22	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 50.3.85.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	170.130.204.74	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 170.130.204.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	45.156.87.204	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 45.156.87.204 observed using SSH client fingerprint 'Unknown SSH Client (0a07365cc01f)' 685 times when connecting to mdms1 between 2026-04-30 00:52 and 2026-04-30 01:34 UTC.	2026-04-30
IPv4	177.235.108.155	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 177.235.108.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	121.12.160.226	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 121.12.160.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	175.107.224.188	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 175.107.224.188 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-30
IPv4	34.140.175.139	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Brussels, Belgium (AS396982, Google LLC). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 4 unique usernames, execution of 2 post-compromise commands, delivery of 1 malware sample. duration: 47s; 72 events.	2026-04-30
IPv4	104.248.137.13	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 104.248.137.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-30
IPv4	101.53.233.127	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan, abuseipdb:reported. 101.53.233.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-30
IPv4	34.14.127.78	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 34.14.127.78 observed using SSH client fingerprint 'Unknown SSH Client (e788c657d1a2)' 6 times when connecting to mdms1 between 2026-04-30 02:18 and 2026-04-30 02:18 UTC.	2026-04-30
IPv4	185.103.202.198	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.103.202.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	134.122.127.149	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 134.122.127.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	68.233.238.100	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 68.233.238.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	45.78.208.179	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 45.78.208.179 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 8 times when connecting to db1lapetro between 2026-04-30 02:15 and 2026-04-30 03:28 UTC.	2026-04-30
IPv4	45.120.115.150	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.120.115.150 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4).	2026-04-30
IPv4	60.16.197.51	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 60.16.197.51 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-30
IPv4	142.93.0.66	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 142.93.0.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	194.187.179.230	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	77.237.237.43	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 77.237.237.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	180.191.230.61	Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 180.191.230.61 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-04-30
IPv4	223.243.179.70	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported. 223.243.179.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-04-30
IPv4	51.102.248.238	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 51.102.248.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	64.225.75.246	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 64.225.75.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	138.197.200.106	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 138.197.200.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-04-30
IPv4	68.183.180.73	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 68.183.180.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	194.187.179.29	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 194.187.179.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	194.187.179.98	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	189.173.68.128	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 189.173.68.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	36.108.175.251	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 36.108.175.251 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	110.185.106.161	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-04-30
IPv4	109.224.242.73	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 109.224.242.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	34.62.9.141	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. Attacker IP from Brussels, Belgium (AS396982, Google LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 4 unique usernames, delivery of 1 malware sample. duration: 27s; 66 events.	2026-04-30
IPv4	59.16.212.232	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 59.16.212.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	43.108.12.105	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 43.108.12.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	167.99.182.39	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 167.99.182.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	106.117.111.143	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.117.111.143 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-04-30
IPv4	170.130.204.26	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 170.130.204.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	103.189.235.130	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Indonesia (AS138608, Cloud Host Pte Ltd) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 3 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persist...	2026-04-30
IPv4	194.187.179.231	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	43.164.129.191	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 43.164.129.191 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) App...' 2 times when connecting to db4lamedtech between 2026-04-30 04:36 and 2026-04-30 05:19 UTC.	2026-04-30
IPv4	43.165.126.130	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 43.165.126.130 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) App...' 2 times when connecting to db4lamedtech between 2026-04-30 04:26 and 2026-04-30 05:54 UTC.	2026-04-30
IPv4	170.64.157.54	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 170.64.157.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	165.22.224.250	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 165.22.224.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	165.227.173.41	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 165.227.173.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	103.47.175.162	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 103.47.175.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	195.158.14.118	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 195.158.14.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	122.100.194.101	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 122.100.194.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	206.168.201.106	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 206.168.201.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	207.180.192.27	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 207.180.192.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	103.72.9.112	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 103.72.9.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	167.71.101.60	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 167.71.101.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	5.135.173.212	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 5.135.173.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-30
IPv4	87.236.176.127	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	106.12.80.126	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 106.12.80.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	221.207.35.45	Score: 80/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 221.207.35.45 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, multi-reported).	2026-04-30
IPv4	203.76.108.6	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 203.76.108.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	156.238.224.50	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 156.238.224.50 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to db4lamedtech between 2026-04-30 06:19 and 2026-04-30 06:51 UTC.	2026-04-30
IPv4	189.165.24.20	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 189.165.24.20 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to db4lamedtech between 2026-04-30 06:16 and 2026-04-30 06:44 UTC.	2026-04-30
IPv4	112.90.220.246	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 112.90.220.246 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (6 commands), 2 malware samples. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	36.95.194.54	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 36.95.194.54 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to db1lapetro between 2026-04-30 05:22 and 2026-04-30 05:53 UTC.	2026-04-30
IPv4	212.14.247.121	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. This attacker IP from Nablus, Palestine, is likely a commodity_attacker leveraging automated tools to probe energy sector infrastructure via SSH/Telnet honeypots. Observed interactions with dionaea and cowrie honeypots suggest brute-force attempts using common credentials (e.g., 'admin'/'password') and basic command injections, indicating...	2026-04-30
IPv4	193.163.125.51	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.163.125.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	178.16.54.189	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 178.16.54.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	184.105.139.77	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 184.105.139.77 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-30
IPv4	98.115.32.221	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 98.115.32.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	184.105.139.121	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 184.105.139.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	173.40.98.142	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 173.40.98.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	106.4.21.134	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 106.4.21.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, moderate, multi-reported).	2026-04-30
IPv4	51.68.111.215	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 51.68.111.215 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v2.0.5; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-04-30 07:43 and 2026-04-30 07:43 UTC.	2026-04-30
IPv4	124.29.194.167	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 124.29.194.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	89.43.134.10	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 89.43.134.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	44.220.188.5	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 44.220.188.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-04-30
IPv4	143.198.132.176	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:multi-reported, abuseipdb:reported. 143.198.132.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	131.222.244.11	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 131.222.244.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	43.159.47.35	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 43.159.47.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-30
IPv4	103.176.179.134	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.176.179.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	73.201.144.44	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 73.201.144.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	213.209.159.12	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 213.209.159.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	116.10.202.60	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 116.10.202.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	220.154.131.135	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 220.154.131.135 observed using SSH client fingerprint 'Unknown SSH Client (97281db8c1a6)' 2 times when connecting to db1lapetro between 2026-04-30 08:32 and 2026-04-30 08:38 UTC.	2026-04-30
IPv4	72.229.171.189	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 72.229.171.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	84.54.73.89	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 84.54.73.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	45.232.218.131	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 45.232.218.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	45.181.122.158	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 45.181.122.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	84.54.70.200	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 84.54.70.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	59.173.108.179	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 59.173.108.179 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-04-30
IPv4	185.106.29.188	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 185.106.29.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	150.158.80.239	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 150.158.80.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	209.99.185.25	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 209.99.185.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	81.218.133.183	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 81.218.133.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	125.73.32.184	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 125.73.32.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	178.105.49.189	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 178.105.49.189 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to mdms1 between 2026-04-30 09:49 and 2026-04-30 09:56 UTC.	2026-04-30
IPv4	220.190.114.28	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 220.190.114.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-04-30
IPv4	146.56.197.150	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 146.56.197.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-30
IPv4	117.14.112.45	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 117.14.112.45 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-30
IPv4	182.119.229.169	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.119.229.169 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-30
IPv4	103.228.38.212	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 103.228.38.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	46.62.158.36	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 46.62.158.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	45.79.175.175	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 45.79.175.175 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);' 2 times when connecting to mdms1 between 2026-04-30 09:30 and 2026-04-30 09:30 UTC.	2026-04-30
IPv4	177.238.229.95	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 177.238.229.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	223.123.124.178	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 223.123.124.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	95.215.32.11	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 95.215.32.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	88.151.33.237	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 88.151.33.237 observed using TLS client fingerprint 'Unknown TLS Client (35e4abd44e3e)' 47 times when connecting to mdms1 between 2026-04-30 10:50 and 2026-04-30 10:50 UTC.	2026-04-30
IPv4	174.23.233.141	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 174.23.233.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	3.214.176.44	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 3.214.176.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	208.122.214.89	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, cowrie, firehol:unlisted. 208.122.214.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	190.115.200.80	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 190.115.200.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	201.163.63.74	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 201.163.63.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	190.120.248.152	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 190.120.248.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	8.213.222.198	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 8.213.222.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	146.88.241.102	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 146.88.241.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	62.201.202.156	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 62.201.202.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.242.226.80	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.242.226.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	115.191.11.182	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 115.191.11.182 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-30
IPv4	206.81.12.201	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 206.81.12.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	45.205.1.36	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 45.205.1.36 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (5 commands), 1 malware samples. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	179.1.233.34	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 179.1.233.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	84.221.220.144	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 84.221.220.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	43.165.174.53	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 43.165.174.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	108.174.198.214	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 108.174.198.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	74.50.49.141	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 74.50.49.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	208.117.84.105	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 208.117.84.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	51.81.7.82	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 51.81.7.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	159.65.24.192	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 159.65.24.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	64.227.191.54	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 64.227.191.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	139.59.74.237	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 139.59.74.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	147.135.3.156	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 147.135.3.156 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db1lapetro between 2026-04-30 13:20 and 2026-04-30 13:20 UTC.	2026-04-30
IPv4	142.93.80.248	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 142.93.80.248 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-30
IPv4	165.232.176.27	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 165.232.176.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	24.199.121.97	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 24.199.121.97 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-30
IPv4	185.220.101.33	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.220.101.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.220.101.142	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 185.220.101.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	134.122.123.125	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 134.122.123.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	45.91.250.107	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-04-30
IPv4	185.220.101.21	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-04-30
IPv4	185.220.101.20	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-04-30
IPv4	185.243.218.225	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.243.218.225 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous).	2026-04-30
IPv4	45.66.35.30	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-04-30
IPv4	171.25.193.35	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Sweden. Observed targeting government sector honeypot backup-hp-01 via h0neytr4p. 1 events.	2026-04-30
IPv4	185.220.101.167	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-04-30
IPv4	185.220.101.0	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.220.101.0 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous).	2026-04-30
IPv4	185.220.101.156	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.220.101.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	204.137.14.104	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-04-30
IPv4	185.220.101.143	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-04-30
IPv4	185.220.101.157	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-04-30
IPv4	171.25.193.79	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Sweden. Observed targeting government sector honeypot backup-hp-01 via h0neytr4p. 2 events.	2026-04-30
IPv4	185.220.101.165	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-04-30
IPv4	185.220.100.246	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-04-30
IPv4	198.98.57.151	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-04-30
IPv4	193.189.100.194	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 193.189.100.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	37.157.254.6	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 37.157.254.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	149.202.79.101	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 149.202.79.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	37.77.56.238	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 37.77.56.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, ddos, hacking).	2026-04-30
IPv4	185.181.61.203	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.181.61.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.129.61.7	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.129.61.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.220.101.162	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.220.101.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	45.80.158.27	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.80.158.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.220.100.249	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.220.100.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	107.189.30.69	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 107.189.30.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.220.101.173	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.220.101.173 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_abusers_30d).	2026-04-30
IPv4	187.154.100.150	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Centro, Mexico (AS8151, UNINET). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 19 failed login attempts, 19 credential pairs tried across 10 unique usernames, execution of 44 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of 21 malware ...	2026-04-30
IPv4	185.220.100.255	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.220.100.255 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.220.101.139	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.220.101.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	185.129.62.62	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.129.62.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	94.75.225.81	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 94.75.225.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	20.239.192.136	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.239.192.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.244.109.143	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 185.244.109.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	111.61.117.119	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 111.61.117.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	8.219.94.241	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 8.219.94.241 observed using TLS client fingerprint 'Unknown TLS Client (1007f4fec7e0)' 3 times when connecting to db1lapetro between 2026-04-30 14:44 and 2026-04-30 14:45 UTC.	2026-04-30
IPv4	115.231.76.176	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 115.231.76.176 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-30
IPv4	206.135.161.68	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 206.135.161.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	201.144.57.229	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 201.144.57.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	65.181.123.113	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 65.181.123.113 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-30
IPv4	65.254.93.110	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 65.254.93.110 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-30
IPv4	87.204.217.92	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 87.204.217.92 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-30
IPv4	52.117.231.30	Score: 70/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 52.117.231.30 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-30
IPv4	185.215.164.223	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 185.215.164.223 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-30
IPv4	15.235.86.115	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 15.235.86.115 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-30
IPv4	95.216.142.180	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:firehol_level4. 95.216.142.180 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (hacking, low, port-scan).	2026-04-30
IPv4	167.86.120.92	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 167.86.120.92 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-30
IPv4	47.236.240.52	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 47.236.240.52 observed using TLS client fingerprint 'Unknown TLS Client (6b7366aa3f4b)' 2 times when connecting to db4lamedtech between 2026-04-30 14:41 and 2026-04-30 14:41 UTC.	2026-04-30
IPv4	47.253.247.196	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.253.247.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	165.22.235.3	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 165.22.235.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	146.190.242.161	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 146.190.242.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	172.110.223.159	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. IP observed in Suricata network metadata	2026-04-30
IPv4	162.241.114.82	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 162.241.114.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-30
IPv4	37.140.242.54	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 37.140.242.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	47.236.158.66	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.236.158.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	122.116.145.26	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 122.116.145.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	121.18.43.102	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 121.18.43.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	69.36.165.50	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 69.36.165.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-30
IPv4	146.190.63.248	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 146.190.63.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	46.250.235.67	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 46.250.235.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-04-30
IPv4	173.248.174.144	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 173.248.174.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-04-30
IPv4	159.65.18.197	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 159.65.18.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	195.184.76.40	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. This attacker IP (195.184.76.40) is likely a commodity botnet node targeting healthcare sector assets via SSH/Telnet brute-force attacks against Cisco ASA-exposed honeypots. Observed attempting credential access with generic username/password patterns, leveraging the Cowrie honeypot framework for reconnaissance. While GTI classifies it as low-risk, its...	2026-04-30
IPv4	185.220.101.131	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.220.101.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	45.66.35.28	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.66.35.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.220.101.55	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.220.101.55 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:15 and 2026-04-30 15:15 UTC.	2026-04-30
IPv4	185.220.100.252	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.220.100.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.220.101.24	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.220.101.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.220.101.38	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.220.101.38 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:15 and 2026-04-30 15:15 UTC.	2026-04-30
IPv4	185.100.87.174	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.100.87.174 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_abusers_30d).	2026-04-30
IPv4	185.220.101.159	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.220.101.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.220.100.243	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.220.100.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.220.101.171	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.220.101.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.220.101.50	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.220.101.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	38.135.24.31	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 38.135.24.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	45.154.98.52	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.154.98.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.220.101.51	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 185.220.101.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	199.195.253.124	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 199.195.253.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	23.191.200.16	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 23.191.200.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	185.243.218.226	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.243.218.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.220.101.37	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.220.101.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.220.101.163	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 185.220.101.163 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 3 times when connecting to offbackup1 between 2026-04-30 15:14 and 2026-04-30 15:14 UTC.	2026-04-30
IPv4	107.189.4.209	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 107.189.4.209 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to offbackup1 between 2026-04-30 15:14 and 2026-04-30 15:14 UTC.	2026-04-30
IPv4	193.189.100.198	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 193.189.100.198 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 3 times when connecting to offbackup1 between 2026-04-30 15:14 and 2026-04-30 15:14 UTC.	2026-04-30
IPv4	64.190.76.14	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 64.190.76.14 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:14 and 2026-04-30 15:14 UTC.	2026-04-30
IPv4	124.198.131.165	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 124.198.131.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	185.220.100.248	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.220.100.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	38.135.24.213	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 38.135.24.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	193.189.100.197	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 193.189.100.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	20.65.193.76	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 20.65.193.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	51.158.248.196	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 51.158.248.196 observed using TLS client fingerprint 'Unknown TLS Client (1114e3625f56)' 2 times when connecting to mdms1 between 2026-04-30 15:16 and 2026-04-30 15:16 UTC.	2026-04-30
IPv4	31.44.238.25	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 31.44.238.25 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 7 times when connecting to offbackup1 between 2026-04-30 15:14 and 2026-04-30 15:14 UTC.	2026-04-30
IPv4	185.220.101.137	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 185.220.101.137 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:14 and 2026-04-30 15:14 UTC.	2026-04-30
IPv4	185.220.101.41	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 185.220.101.41 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 3 times when connecting to offbackup1 between 2026-04-30 15:13 and 2026-04-30 15:13 UTC.	2026-04-30
IPv4	82.153.138.57	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 82.153.138.57 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to offbackup1 between 2026-04-30 15:13 and 2026-04-30 15:13 UTC.	2026-04-30
IPv4	178.20.55.16	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 178.20.55.16 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to offbackup1 between 2026-04-30 15:13 and 2026-04-30 15:13 UTC.	2026-04-30
IPv4	185.220.101.166	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 185.220.101.166 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to offbackup1 between 2026-04-30 15:13 and 2026-04-30 15:13 UTC.	2026-04-30
IPv4	185.220.101.59	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.220.101.59 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 9 times when connecting to offbackup1 between 2026-04-30 15:12 and 2026-04-30 15:12 UTC.	2026-04-30
IPv4	185.220.101.148	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.220.101.148 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to offbackup1 between 2026-04-30 15:12 and 2026-04-30 15:12 UTC.	2026-04-30
IPv4	185.220.101.132	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.220.101.132 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:12 and 2026-04-30 15:12 UTC.	2026-04-30
IPv4	178.17.171.102	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 178.17.171.102 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 6 times when connecting to offbackup1 between 2026-04-30 15:12 and 2026-04-30 15:12 UTC.	2026-04-30
IPv4	185.220.101.182	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 185.220.101.182 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:11 and 2026-04-30 15:11 UTC.	2026-04-30
IPv4	80.94.92.92	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 80.94.92.92 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:11 and 2026-04-30 15:11 UTC.	2026-04-30
IPv4	38.135.25.97	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 38.135.25.97 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:11 and 2026-04-30 15:11 UTC.	2026-04-30
IPv4	185.220.101.13	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 185.220.101.13 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:11 and 2026-04-30 15:11 UTC.	2026-04-30
IPv4	45.84.107.200	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 45.84.107.200 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:11 and 2026-04-30 15:11 UTC.	2026-04-30
IPv4	171.25.193.131	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 171.25.193.131 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:11 and 2026-04-30 15:11 UTC.	2026-04-30
IPv4	104.244.72.132	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 104.244.72.132 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:11 and 2026-04-30 15:11 UTC.	2026-04-30
IPv4	45.141.215.169	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 45.141.215.169 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:11 and 2026-04-30 15:11 UTC.	2026-04-30
IPv4	37.114.63.5	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 37.114.63.5 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:11 and 2026-04-30 15:11 UTC.	2026-04-30
IPv4	107.189.11.111	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 107.189.11.111 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:11 and 2026-04-30 15:11 UTC.	2026-04-30
IPv4	37.228.129.128	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP 37.228.129.128 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:11 and 2026-04-30 15:11 UTC.	2026-04-30
IPv4	205.185.113.112	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP 205.185.113.112 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:11 and 2026-04-30 15:11 UTC.	2026-04-30
IPv4	185.220.101.145	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 185.220.101.145 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:11 and 2026-04-30 15:11 UTC.	2026-04-30
IPv4	45.66.35.24	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 45.66.35.24 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:10 and 2026-04-30 15:10 UTC.	2026-04-30
IPv4	185.129.62.63	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 185.129.62.63 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to offbackup1 between 2026-04-30 15:10 and 2026-04-30 15:12 UTC.	2026-04-30
IPv4	77.48.28.204	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP 77.48.28.204 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 9 times when connecting to offbackup1 between 2026-04-30 15:10 and 2026-04-30 15:10 UTC.	2026-04-30
IPv4	198.96.155.3	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP 198.96.155.3 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:10 and 2026-04-30 15:10 UTC.	2026-04-30
IPv4	89.234.157.254	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 89.234.157.254 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:10 and 2026-04-30 15:10 UTC.	2026-04-30
IPv4	185.220.101.35	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.220.101.35 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to offbackup1 between 2026-04-30 15:10 and 2026-04-30 15:11 UTC.	2026-04-30
IPv4	94.16.115.121	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 94.16.115.121 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:10 and 2026-04-30 15:10 UTC.	2026-04-30
IPv4	45.66.35.26	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 45.66.35.26 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to offbackup1 between 2026-04-30 15:09 and 2026-04-30 15:09 UTC.	2026-04-30
IPv4	185.220.101.40	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. Attacker IP 185.220.101.40 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 3 times when connecting to offbackup1 between 2026-04-30 15:09 and 2026-04-30 15:14 UTC.	2026-04-30
IPv4	185.183.157.214	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.183.157.214 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to offbackup1 between 2026-04-30 15:09 and 2026-04-30 15:09 UTC.	2026-04-30
IPv4	94.142.244.16	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. Attacker IP 94.142.244.16 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:09 and 2026-04-30 15:09 UTC.	2026-04-30
IPv4	185.132.53.121	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP 185.132.53.121 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:09 and 2026-04-30 15:09 UTC.	2026-04-30
IPv4	124.198.132.172	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 124.198.132.172 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:08 and 2026-04-30 15:08 UTC.	2026-04-30
IPv4	185.220.101.152	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.220.101.152 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:08 and 2026-04-30 15:08 UTC.	2026-04-30
IPv4	5.83.143.18	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 5.83.143.18 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:08 and 2026-04-30 15:08 UTC.	2026-04-30
IPv4	185.129.61.5	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.129.61.5 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:07 and 2026-04-30 15:07 UTC.	2026-04-30
IPv4	5.166.107.132	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 5.166.107.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	104.248.89.185	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 104.248.89.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-04-30
IPv4	18.97.26.73	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 18.97.26.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	51.75.116.156	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 51.75.116.156 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-04-30 16:58 and 2026-04-30 16:58 UTC.	2026-04-30
IPv4	31.57.184.116	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 31.57.184.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	200.247.204.229	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 200.247.204.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	43.164.190.28	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. 43.164.190.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-30
IPv4	190.120.253.132	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low. 190.120.253.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	136.144.42.100	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 136.144.42.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	114.141.59.195	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 114.141.59.195 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 6 times when connecting to mdms1 between 2026-04-30 16:37 and 2026-04-30 16:58 UTC.	2026-04-30
IPv4	161.35.23.210	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 161.35.23.210 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, l...' 3 times when connecting to mdms1 between 2026-04-30 16:25 and 2026-04-30 16:38 UTC.	2026-04-30
IPv4	157.245.76.106	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 157.245.76.106 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, l...' 5 times when connecting to db4lamedtech between 2026-04-30 16:26 and 2026-04-30 16:32 UTC.	2026-04-30
IPv4	165.154.23.10	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 165.154.23.10 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 31 times when connecting to mdms1 between 2026-04-30 15:38 and 2026-04-30 16:43 UTC.	2026-04-30
IPv4	45.141.215.156	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 45.141.215.156 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:07 and 2026-04-30 15:07 UTC.	2026-04-30
IPv4	185.220.101.136	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.220.101.136 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:07 and 2026-04-30 15:07 UTC.	2026-04-30
IPv4	185.220.101.190	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.220.101.190 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to offbackup1 between 2026-04-30 15:07 and 2026-04-30 15:07 UTC.	2026-04-30
IPv4	124.198.131.62	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 124.198.131.62 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:07 and 2026-04-30 15:07 UTC.	2026-04-30
IPv4	171.25.193.78	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 171.25.193.78 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 7 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:13 UTC.	2026-04-30
IPv4	185.220.101.150	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 185.220.101.150 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:09 UTC.	2026-04-30
IPv4	185.231.33.38	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 185.231.33.38 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 23 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:15 UTC.	2026-04-30
IPv4	124.198.131.121	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 124.198.131.121 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:06 UTC.	2026-04-30
IPv4	185.220.101.187	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 185.220.101.187 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:12 UTC.	2026-04-30
IPv4	185.241.208.136	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 185.241.208.136 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 6 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:07 UTC.	2026-04-30
IPv4	185.220.101.177	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.220.101.177 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 6 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:12 UTC.	2026-04-30
IPv4	185.220.101.97	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 185.220.101.97 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 3 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:10 UTC.	2026-04-30
IPv4	64.190.76.13	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 64.190.76.13 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:06 UTC.	2026-04-30
IPv4	158.174.210.97	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 158.174.210.97 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:06 UTC.	2026-04-30
IPv4	185.220.100.251	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 185.220.100.251 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 6 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:12 UTC.	2026-04-30
IPv4	51.91.18.151	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 51.91.18.151 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:06 UTC.	2026-04-30
IPv4	107.189.8.181	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 107.189.8.181 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:06 UTC.	2026-04-30
IPv4	51.158.252.2	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:tor-exit. Attacker IP 51.158.252.2 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:06 UTC.	2026-04-30
IPv4	185.220.101.185	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 185.220.101.185 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 7 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:06 UTC.	2026-04-30
IPv4	45.84.107.101	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 45.84.107.101 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 6 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:13 UTC.	2026-04-30
IPv4	51.38.225.46	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 51.38.225.46 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 5 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:08 UTC.	2026-04-30
IPv4	77.90.185.51	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. Attacker IP 77.90.185.51 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 10 times when connecting to offbackup1 between 2026-04-30 15:06 and 2026-04-30 15:06 UTC.	2026-04-30
IPv4	185.220.101.160	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.220.101.160 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 3 times when connecting to offbackup1 between 2026-04-30 15:05 and 2026-04-30 15:05 UTC.	2026-04-30
IPv4	185.220.101.175	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.220.101.175 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to offbackup1 between 2026-04-30 15:05 and 2026-04-30 15:05 UTC.	2026-04-30
IPv4	185.220.101.58	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 185.220.101.58 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 3 times when connecting to offbackup1 between 2026-04-30 15:05 and 2026-04-30 15:05 UTC.	2026-04-30
IPv4	23.129.64.99	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP 23.129.64.99 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 5 times when connecting to offbackup1 between 2026-04-30 15:05 and 2026-04-30 15:05 UTC.	2026-04-30
IPv4	107.189.12.157	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 107.189.12.157 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 3 times when connecting to offbackup1 between 2026-04-30 15:05 and 2026-04-30 15:05 UTC.	2026-04-30
IPv4	45.84.107.222	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 45.84.107.222 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to offbackup1 between 2026-04-30 15:05 and 2026-04-30 15:12 UTC.	2026-04-30
IPv4	107.189.13.254	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 107.189.13.254 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 31 times when connecting to offbackup1 between 2026-04-30 15:05 and 2026-04-30 15:15 UTC.	2026-04-30
IPv4	185.220.101.172	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.220.101.172 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 3 times when connecting to offbackup1 between 2026-04-30 15:05 and 2026-04-30 15:05 UTC.	2026-04-30
IPv4	185.246.188.74	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.246.188.74 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 12 times when connecting to offbackup1 between 2026-04-30 15:05 and 2026-04-30 15:10 UTC.	2026-04-30
IPv4	107.189.30.86	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 107.189.30.86 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 3 times when connecting to offbackup1 between 2026-04-30 15:05 and 2026-04-30 15:05 UTC.	2026-04-30
IPv4	192.76.153.253	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 192.76.153.253 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 22 times when connecting to offbackup1 between 2026-04-30 15:04 and 2026-04-30 15:10 UTC.	2026-04-30
IPv4	45.84.107.182	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 45.84.107.182 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 10 times when connecting to offbackup1 between 2026-04-30 15:04 and 2026-04-30 15:15 UTC.	2026-04-30
IPv4	95.211.239.220	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:low, abuseipdb:port-scan. Attacker IP 95.211.239.220 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 5 times when connecting to offbackup1 between 2026-04-30 15:04 and 2026-04-30 15:04 UTC.	2026-04-30
IPv4	212.86.126.239	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 212.86.126.239 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 12 times when connecting to offbackup1 between 2026-04-30 15:04 and 2026-04-30 15:13 UTC.	2026-04-30
IPv4	45.137.99.182	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 45.137.99.182 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 26 times when connecting to offbackup1 between 2026-04-30 15:04 and 2026-04-30 15:12 UTC.	2026-04-30
IPv4	185.220.100.247	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.220.100.247 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 6 times when connecting to offbackup1 between 2026-04-30 15:04 and 2026-04-30 15:14 UTC.	2026-04-30
IPv4	64.94.85.248	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 64.94.85.248 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 77 times when connecting to offbackup1 between 2026-04-30 15:03 and 2026-04-30 15:15 UTC.	2026-04-30
IPv4	72.5.43.62	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 72.5.43.62 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 19 times when connecting to offbackup1 between 2026-04-30 15:03 and 2026-04-30 15:15 UTC.	2026-04-30
IPv4	209.145.51.187	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 209.145.51.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	159.203.0.216	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 159.203.0.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	18.97.26.84	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan, abuseipdb:reported. 18.97.26.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	213.136.68.104	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 213.136.68.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	186.53.140.208	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 186.53.140.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	44.220.188.208	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 44.220.188.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	210.105.67.198	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 210.105.67.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	108.35.197.146	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 108.35.197.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	45.183.184.74	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 45.183.184.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	171.36.6.156	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 171.36.6.156 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-30
IPv4	175.19.74.151	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 175.19.74.151 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-30
IPv4	38.242.145.53	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 38.242.145.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-30
IPv4	139.59.136.184	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 139.59.136.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	112.94.191.114	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 112.94.191.114 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-04-30
IPv4	206.189.233.36	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 206.189.233.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	167.71.81.114	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 167.71.81.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	179.146.87.138	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 179.146.87.138 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 34 times when connecting to mdms1 between 2026-04-30 16:45 and 2026-04-30 17:22 UTC.	2026-04-30
IPv4	162.241.124.88	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 162.241.124.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	62.171.135.210	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 62.171.135.210 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-30
IPv4	104.197.200.168	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 104.197.200.168 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-30
IPv4	87.243.0.112	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 87.243.0.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	69.64.39.142	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 69.64.39.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	35.231.74.111	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 35.231.74.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	143.198.166.161	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 143.198.166.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	50.6.3.16	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 50.6.3.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	125.16.207.125	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 125.16.207.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	45.14.109.139	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 45.14.109.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	45.14.109.141	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 45.14.109.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	106.12.15.118	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 106.12.15.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	45.14.109.135	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 45.14.109.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	45.14.109.142	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 45.14.109.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	185.196.21.251	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 185.196.21.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	190.8.165.126	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 190.8.165.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	81.152.46.62	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 81.152.46.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	94.183.177.120	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 94.183.177.120 observed using SSH client fingerprint 'Unknown SSH Client (63ae64767f33)' 3 times when connecting to mdms1 between 2026-04-30 18:31 and 2026-04-30 18:31 UTC.	2026-04-30
IPv4	47.215.144.229	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.215.144.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	168.197.104.44	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 168.197.104.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-30
IPv4	112.46.214.37	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 112.46.214.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	117.50.202.140	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. 117.50.202.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-30
IPv4	159.89.174.87	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 159.89.174.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	167.99.73.110	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 167.99.73.110 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-30
IPv4	147.135.213.175	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 147.135.213.175 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 3 times when connecting to db4lamedtech between 2026-04-30 19:54 and 2026-04-30 19:54 UTC.	2026-04-30
IPv4	27.74.242.139	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 27.74.242.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	203.83.11.210	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 203.83.11.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	206.189.2.13	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 206.189.2.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	14.103.115.106	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 14.103.115.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	5.255.115.37	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 5.255.115.37 observed using TLS client fingerprint 'Unknown TLS Client (44944ceb6923)' 3 times when connecting to mdms1 between 2026-04-30 19:18 and 2026-04-30 19:18 UTC.	2026-04-30
IPv4	20.216.139.188	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 20.216.139.188 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 30 times when connecting to db1lapetro between 2026-04-30 18:35 and 2026-04-30 19:17 UTC.	2026-04-30
IPv4	165.245.213.59	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 165.245.213.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	147.135.252.181	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 147.135.252.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	101.96.215.50	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 101.96.215.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-04-30
IPv4	31.22.4.152	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 31.22.4.152 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-04-30
IPv4	183.64.171.136	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 183.64.171.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	103.187.147.165	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.187.147.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	117.40.114.62	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 117.40.114.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-04-30
IPv4	121.228.124.165	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 121.228.124.165 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-30
IPv4	115.190.188.79	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:port-scan, abuseipdb:reported. 115.190.188.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	100.29.192.14	Score: 51/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 100.29.192.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	84.54.73.195	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 84.54.73.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	142.91.170.158	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 142.91.170.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	157.245.113.227	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 157.245.113.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	103.96.117.45	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 103.96.117.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	194.187.179.171	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	121.196.27.240	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 121.196.27.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	103.248.120.6	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.248.120.6 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 31 times when connecting to offbackup1 between 2026-04-30 19:27 and 2026-04-30 20:53 UTC.	2026-04-30
IPv4	134.209.25.199	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 134.209.25.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	172.245.40.74	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 172.245.40.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-30
IPv4	62.72.47.196	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 62.72.47.196 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, iot-targeted, low).	2026-04-30
IPv4	189.15.124.62	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 189.15.124.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-04-30
IPv4	220.154.131.119	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 220.154.131.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-04-30
IPv4	162.240.26.9	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 162.240.26.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	185.196.21.3	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 185.196.21.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	162.241.149.223	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 162.241.149.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	165.154.22.228	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 165.154.22.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	51.75.119.229	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 51.75.119.229 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 3 times when connecting to db1lapetro between 2026-04-30 21:43 and 2026-04-30 21:43 UTC.	2026-04-30
IPv4	192.36.109.89	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 192.36.109.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-04-30
IPv4	98.70.26.150	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 98.70.26.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	14.225.19.47	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 14.225.19.47 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-04-30
IPv4	5.95.121.178	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 5.95.121.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-04-30
IPv4	103.39.225.73	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from China (AS4816, China Telecom Group). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 3 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, firewall manip...	2026-04-30
IPv4	151.237.67.196	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 151.237.67.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-04-30
IPv4	172.98.32.39	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 172.98.32.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-04-30
IPv4	59.173.110.244	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.173.110.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	134.122.139.75	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 134.122.139.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	223.123.73.59	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 223.123.73.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-04-30
IPv4	43.110.18.225	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 43.110.18.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-04-30
IPv4	189.194.140.170	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 189.194.140.170 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to db1lapetro between 2026-04-30 22:12 and 2026-04-30 22:49 UTC.	2026-04-30
IPv4	45.87.249.100	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 45.87.249.100 observed using SSH client fingerprint 'Unknown SSH Client (63ae64767f33)' 3 times when connecting to db1lapetro between 2026-04-30 22:07 and 2026-04-30 22:07 UTC.	2026-04-30
IPv4	171.243.185.101	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 171.243.185.101 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, high, multi-reported).	2026-05-01
IPv4	186.19.22.55	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 186.19.22.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	202.70.139.19	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 202.70.139.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	46.225.136.172	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 46.225.136.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	116.110.4.192	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 116.110.4.192 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 2 times when connecting to db1lapetro between 2026-05-01 00:06 and 2026-05-01 00:14 UTC.	2026-05-01
IPv4	116.110.4.186	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 116.110.4.186 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 3 times when connecting to mdms1 between 2026-05-01 00:09 and 2026-05-01 00:18 UTC.	2026-05-01
IPv4	49.88.156.34	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 49.88.156.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	157.245.105.107	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 157.245.105.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	57.128.246.209	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 57.128.246.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-01
IPv4	185.184.197.227	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 185.184.197.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	48.215.98.69	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 48.215.98.69 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-04-30 23:48 and 2026-04-30 23:48 UTC.	2026-05-01
IPv4	112.248.109.99	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 112.248.109.99 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-05-01
IPv4	195.9.34.73	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 195.9.34.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	101.249.63.52	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 101.249.63.52 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level4).	2026-05-01
IPv4	5.59.246.66	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 5.59.246.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	43.245.162.34	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 43.245.162.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	124.13.124.212	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 124.13.124.212 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 34 times when connecting to mdms1 between 2026-04-30 23:15 and 2026-04-30 23:44 UTC.	2026-05-01
IPv4	134.122.28.88	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 134.122.28.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	143.110.217.244	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 143.110.217.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	103.35.123.141	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 103.35.123.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	74.7.241.58	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 74.7.241.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	124.225.69.188	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 124.225.69.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	18.97.26.96	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 18.97.26.96 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-01
IPv4	203.167.14.5	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 203.167.14.5 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	38.242.200.149	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 38.242.200.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	185.225.210.175	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 185.225.210.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	116.99.174.111	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 116.99.174.111 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 7 times when connecting to db1lapetro between 2026-05-01 00:33 and 2026-05-01 00:55 UTC.	2026-05-01
IPv4	24.19.160.116	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 24.19.160.116 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to offbackup1 between 2026-05-01 00:29 and 2026-05-01 01:08 UTC.	2026-05-01
IPv4	134.122.28.88	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 134.122.28.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	143.110.217.244	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 143.110.217.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	103.35.123.141	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 103.35.123.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	74.7.241.58	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 74.7.241.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	124.225.69.188	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 124.225.69.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	18.97.26.96	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 18.97.26.96 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-01
IPv4	203.167.14.5	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 203.167.14.5 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	38.242.200.149	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 38.242.200.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	185.225.210.175	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 185.225.210.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	116.99.174.111	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 116.99.174.111 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 7 times when connecting to db1lapetro between 2026-05-01 00:33 and 2026-05-01 00:55 UTC.	2026-05-01
IPv4	24.19.160.116	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 24.19.160.116 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to offbackup1 between 2026-05-01 00:29 and 2026-05-01 01:08 UTC.	2026-05-01
IPv4	84.54.73.212	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 84.54.73.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	149.50.116.106	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 149.50.116.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	112.111.141.7	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 112.111.141.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	5.189.173.41	Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, cowrie. 5.189.173.41 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-01
IPv4	77.71.168.199	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 77.71.168.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	74.82.47.22	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 74.82.47.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	45.56.69.35	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 45.56.69.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	45.156.129.137	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.156.129.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	123.96.242.92	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.96.242.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	98.70.112.172	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 98.70.112.172 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-01
IPv4	172.206.32.4	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 172.206.32.4 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 32 times when connecting to offbackup1 between 2026-05-01 00:30 and 2026-05-01 01:31 UTC.	2026-05-01
IPv4	109.127.82.67	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 109.127.82.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	142.111.77.77	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 142.111.77.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	36.134.211.121	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 36.134.211.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-01
IPv4	8.216.17.97	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.216.17.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	114.97.190.176	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 114.97.190.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	182.119.231.79	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 182.119.231.79 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	23.95.112.73	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 23.95.112.73 observed using TLS client fingerprint 'Unknown TLS Client (35e4abd44e3e)' 20 times when connecting to db4lamedtech between 2026-05-01 02:41 and 2026-05-01 02:41 UTC.	2026-05-01
IPv4	146.190.63.48	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 146.190.63.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	170.84.23.204	Score: 55/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 170.84.23.204 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-05-01
IPv4	172.94.9.39	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 172.94.9.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	20.78.158.176	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 20.78.158.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	62.138.14.43	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 62.138.14.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	103.203.46.128	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 103.203.46.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	190.34.242.84	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported, abuseipdb:port-scan. 190.34.242.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-01
IPv4	35.241.145.172	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 35.241.145.172 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-05-01
IPv4	189.51.192.170	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 189.51.192.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	72.255.32.130	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 72.255.32.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	176.120.22.147	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 176.120.22.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	37.139.186.95	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 37.139.186.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	178.141.244.184	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 178.141.244.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	160.119.76.62	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 160.119.76.62 observed using TLS client fingerprint 'Unknown TLS Client (9adadc86ac72)' 6 times when connecting to offbackup1 between 2026-05-01 03:45 and 2026-05-01 03:46 UTC.	2026-05-01
IPv4	194.163.179.2	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 194.163.179.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-01
IPv4	194.195.116.65	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 194.195.116.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	98.70.34.60	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 98.70.34.60 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 30 times when connecting to db4lamedtech between 2026-05-01 02:54 and 2026-05-01 03:23 UTC.	2026-05-01
IPv4	103.169.160.74	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 103.169.160.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	167.86.87.228	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 167.86.87.228 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-01
IPv4	162.215.1.156	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 162.215.1.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	200.83.138.236	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 200.83.138.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	185.141.119.89	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 185.141.119.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	34.62.199.99	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 34.62.199.99 observed using SSH client fingerprint 'Unknown SSH Client (e788c657d1a2)' 6 times when connecting to mdms1 between 2026-05-01 05:16 and 2026-05-01 05:16 UTC.	2026-05-01
IPv4	14.103.112.116	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 14.103.112.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	20.193.153.121	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported, abuseipdb:port-scan. 20.193.153.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-01
IPv4	161.35.182.50	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 161.35.182.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	35.195.69.175	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 35.195.69.175 observed using SSH client fingerprint 'Unknown SSH Client (e788c657d1a2)' 6 times when connecting to db1lapetro between 2026-05-01 05:01 and 2026-05-01 05:01 UTC.	2026-05-01
IPv4	50.96.93.50	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 50.96.93.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	110.39.235.67	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 110.39.235.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	118.70.236.96	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 118.70.236.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	34.38.116.27	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 34.38.116.27 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	61.184.21.192	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from China (AS151185, China Telecom). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 2 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, firewa...	2026-05-01
IPv4	216.25.89.89	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 216.25.89.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	138.197.164.175	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 138.197.164.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	206.189.95.232	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 206.189.95.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	185.200.38.156	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.200.38.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	112.122.237.200	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. This attacker IP (112.122.237.200) is likely a commodity attacker leveraging automated SSH brute-force tools against healthcare sector targets. Observed attempting access to honeypot medtech-hp-01 via honeytrap, suggesting focus on medical technology infrastructure. Limited sophistication indicated by generic credential patterns and lack of advanced evasion technique...	2026-05-01
IPv4	79.143.189.125	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 79.143.189.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	186.113.255.201	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 186.113.255.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	9.205.152.92	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 9.205.152.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	92.63.135.124	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 92.63.135.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	51.178.205.234	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 51.178.205.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	185.245.182.86	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 185.245.182.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	43.131.49.51	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Frankfurt am Main, Germany (AS132203, Tencent Building, Kejizhongyi Avenue). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 23 failed login attempts, 23 credential pairs tried across 14 unique usernames, execution of 20 commands (SSH key persistence, password changes, system recon...	2026-05-01
IPv4	212.129.5.158	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 212.129.5.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	109.169.93.218	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 109.169.93.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	193.22.146.118	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 193.22.146.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	62.210.127.65	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 62.210.127.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	178.18.244.178	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 178.18.244.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	216.25.89.80	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 216.25.89.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	14.103.113.224	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 14.103.113.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	120.77.56.147	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 120.77.56.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	74.82.47.52	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 74.82.47.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	31.24.230.154	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 31.24.230.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-01
IPv4	35.205.5.62	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 35.205.5.62 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-01
IPv4	197.242.152.246	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 197.242.152.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-01
IPv4	106.75.239.166	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.75.239.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	202.47.56.240	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 202.47.56.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	38.51.205.81	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 38.51.205.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, iot-targeted).	2026-05-01
IPv4	222.174.78.162	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 222.174.78.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	59.125.27.231	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 59.125.27.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	34.125.158.14	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 34.125.158.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-01
IPv4	78.31.71.103	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 78.31.71.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	125.113.235.41	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 125.113.235.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	181.65.191.218	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 181.65.191.218 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to mdms1 between 2026-05-01 05:44 and 2026-05-01 06:18 UTC.	2026-05-01
IPv4	85.11.167.8	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 85.11.167.8 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 4 times when connecting to offbackup1 between 2026-05-01 06:30 and 2026-05-01 06:30 UTC.	2026-05-01
IPv4	165.22.34.189	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 165.22.34.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	123.96.75.28	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.96.75.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	192.42.116.103	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 192.42.116.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	137.59.230.89	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 137.59.230.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	44.220.185.239	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 44.220.185.239 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-01
IPv4	58.19.140.186	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.19.140.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	50.102.11.48	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 50.102.11.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	34.22.216.80	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 34.22.216.80 observed using SSH client fingerprint 'Unknown SSH Client (e788c657d1a2)' 6 times when connecting to db4lamedtech between 2026-05-01 08:17 and 2026-05-01 08:17 UTC.	2026-05-01
IPv4	118.212.120.36	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	45.23.213.116	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 45.23.213.116 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, port-scan).	2026-05-01
IPv4	69.6.213.191	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 69.6.213.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	180.111.30.27	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.111.30.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	103.253.215.4	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 103.253.215.4 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-01
IPv4	179.184.131.91	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 179.184.131.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	79.238.178.149	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 79.238.178.149 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	103.26.86.224	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 103.26.86.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	220.177.133.191	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 220.177.133.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	115.190.223.7	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 115.190.223.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-05-01
IPv4	167.71.18.160	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 167.71.18.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-01
IPv4	197.249.255.56	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 197.249.255.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	188.132.249.66	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 188.132.249.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	103.242.106.129	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 103.242.106.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	47.237.198.29	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.237.198.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	223.123.35.129	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 223.123.35.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	187.181.177.252	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 187.181.177.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	121.13.236.122	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 121.13.236.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	104.194.159.95	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-01
IPv4	45.84.198.26	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 45.84.198.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	45.141.118.86	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 45.141.118.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	45.139.199.21	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 45.139.199.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	43.161.217.205	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 43.161.217.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	198.163.207.24	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 198.163.207.24 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 35 times when connecting to mdms1 between 2026-05-01 09:12 and 2026-05-01 09:13 UTC.	2026-05-01
IPv4	187.89.154.163	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 187.89.154.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	77.53.238.44	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 77.53.238.44 observed using SSH client fingerprint 'Unknown SSH Client (c118de82e19e)' 4 times when connecting to mdms1 between 2026-05-01 09:06 and 2026-05-01 09:06 UTC.	2026-05-01
IPv4	162.241.208.143	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 162.241.208.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	222.118.59.16	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 222.118.59.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	144.91.111.239	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 144.91.111.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	206.189.19.19	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 206.189.19.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	185.111.235.80	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 185.111.235.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	138.197.191.87	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 138.197.191.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	178.128.236.104	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 178.128.236.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-01
IPv4	43.164.3.23	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 43.164.3.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	170.130.201.38	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 170.130.201.38 observed using SSH client fingerprint 'Unknown SSH Client (c118de82e19e)' 4 times when connecting to db4lamedtech between 2026-05-01 08:53 and 2026-05-01 08:53 UTC.	2026-05-01
IPv4	2.26.85.77	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 2.26.85.77 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 2 times when connecting to db1lapetro between 2026-05-01 08:54 and 2026-05-01 08:54 UTC.	2026-05-01
IPv4	112.121.177.138	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 112.121.177.138 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 3 times when connecting to mdms1 between 2026-05-01 08:52 and 2026-05-01 08:52 UTC.	2026-05-01
IPv4	206.0.183.192	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 206.0.183.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	191.31.165.82	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 191.31.165.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	45.235.111.147	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 45.235.111.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	192.227.221.116	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. IP observed in Suricata network metadata	2026-05-01
IPv4	34.52.184.116	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 34.52.184.116 observed using SSH client fingerprint 'Unknown SSH Client (e788c657d1a2)' 6 times when connecting to offbackup1 between 2026-05-01 08:41 and 2026-05-01 08:41 UTC.	2026-05-01
IPv4	106.105.238.141	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 106.105.238.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	188.166.190.228	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 188.166.190.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	159.89.93.86	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.89.93.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	183.215.223.68	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 183.215.223.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	197.243.16.108	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 197.243.16.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-01
IPv4	49.50.96.70	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 49.50.96.70 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, iot-targeted, low).	2026-05-01
IPv4	64.31.55.230	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 64.31.55.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-01
IPv4	47.252.53.96	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 47.252.53.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	15.204.11.198	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 15.204.11.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-01
IPv4	103.7.4.71	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 103.7.4.71 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to db4lamedtech between 2026-05-01 09:37 and 2026-05-01 10:11 UTC.	2026-05-01
IPv4	216.218.206.89	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 216.218.206.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	120.48.78.222	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 120.48.78.222 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 5 times when connecting to mdms1 between 2026-05-01 08:34 and 2026-05-01 09:01 UTC.	2026-05-01
IPv4	103.178.85.18	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 103.178.85.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	80.216.109.162	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 80.216.109.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	200.54.121.210	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 200.54.121.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	183.236.48.45	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 183.236.48.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-01
IPv4	178.62.97.244	Score: 58/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 178.62.97.244 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-01
IPv4	27.29.116.137	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 27.29.116.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	72.255.59.94	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 72.255.59.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	64.227.40.21	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 64.227.40.21 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 15 times when connecting to mdms1 between 2026-05-01 11:06 and 2026-05-01 11:30 UTC.	2026-05-01
IPv4	177.2.11.1	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 177.2.11.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	139.135.45.75	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 139.135.45.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	139.59.231.238	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 139.59.231.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	212.227.164.133	Score: 69/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 212.227.164.133 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-01
IPv4	72.255.17.44	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 72.255.17.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	101.0.71.126	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 101.0.71.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	194.233.86.176	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 194.233.86.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	103.84.193.204	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 103.84.193.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	192.241.179.233	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 192.241.179.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	184.105.139.98	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 184.105.139.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	183.207.45.124	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 183.207.45.124 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 75 times when connecting to db1lapetro between 2026-05-01 10:46 and 2026-05-01 10:47 UTC.	2026-05-01
IPv4	23.97.62.117	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 23.97.62.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	86.246.231.52	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 86.246.231.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	149.28.172.240	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 149.28.172.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	157.66.146.183	Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 157.66.146.183 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-05-01
IPv4	194.187.179.41	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	118.212.122.73	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	18.97.5.111	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 18.97.5.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	220.250.11.22	Score: 54/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.250.11.22 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	172.233.25.248	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 172.233.25.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-01
IPv4	172.236.24.239	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 172.236.24.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	139.162.79.127	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 139.162.79.127 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	175.110.219.37	Score: 56/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 175.110.219.37 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-01
IPv4	84.54.73.23	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. 84.54.73.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, low).	2026-05-01
IPv4	45.70.9.144	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 45.70.9.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	137.220.224.4	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 137.220.224.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	147.182.158.211	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Toronto, Canada (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 9 failed login attempts, 9 credential pairs tried across 3 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron pe...	2026-05-01
IPv4	50.116.107.32	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 50.116.107.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-01
IPv4	191.52.217.46	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 191.52.217.46 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	103.115.50.107	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 103.115.50.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	84.54.70.109	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low. 84.54.70.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	59.61.184.59	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 59.61.184.59 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	87.236.176.159	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	45.164.61.29	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 45.164.61.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	103.196.235.72	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.196.235.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	120.48.111.71	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 120.48.111.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-01
IPv4	37.193.56.149	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 37.193.56.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	67.209.122.178	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 67.209.122.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	45.116.231.166	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 45.116.231.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-01
IPv4	106.0.4.42	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 106.0.4.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-01
IPv4	86.6.130.213	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 86.6.130.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	88.253.253.106	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 88.253.253.106 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	45.79.181.39	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported, abuseipdb:port-scan. 45.79.181.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-01
IPv4	172.232.148.77	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 172.232.148.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	83.147.241.74	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 83.147.241.74 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-05-01 12:58 and 2026-05-01 12:59 UTC.	2026-05-01
IPv4	176.65.139.165	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 176.65.139.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	68.235.46.224	Score: 52/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 68.235.46.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	103.228.69.212	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 103.228.69.212 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 34 times when connecting to offbackup1 between 2026-05-01 12:50 and 2026-05-01 13:27 UTC.	2026-05-01
IPv4	203.124.54.250	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 203.124.54.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	43.161.233.190	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 43.161.233.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	31.9.49.33	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 31.9.49.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	104.28.162.50	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 104.28.162.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	118.212.120.106	Score: 69/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 118.212.120.106 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-01
IPv4	188.79.94.250	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 188.79.94.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	36.255.33.213	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 36.255.33.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	185.46.78.218	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 185.46.78.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	91.195.157.235	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 91.195.157.235 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	109.241.134.137	Score: 57/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 109.241.134.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	91.195.157.227	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 91.195.157.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	43.157.133.6	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 43.157.133.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-01
IPv4	142.167.70.176	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 142.167.70.176 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 31 times when connecting to mdms1 between 2026-05-01 12:09 and 2026-05-01 12:39 UTC.	2026-05-01
IPv4	185.80.91.81	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 185.80.91.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	103.153.42.126	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 103.153.42.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	177.105.113.170	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 177.105.113.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	194.187.179.180	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	141.95.119.253	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 141.95.119.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	36.106.167.99	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.167.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	5.189.148.206	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 5.189.148.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	35.189.234.110	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 35.189.234.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	194.187.179.84	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-01
IPv4	112.124.33.87	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 112.124.33.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	162.243.236.176	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 162.243.236.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	24.160.172.5	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 24.160.172.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	82.165.107.148	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 82.165.107.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	206.189.138.28	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 206.189.138.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	14.103.114.197	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 14.103.114.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	108.175.0.215	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 108.175.0.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	168.144.23.229	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 168.144.23.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	27.47.27.49	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 27.47.27.49 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	187.120.19.122	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 187.120.19.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	168.196.144.234	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 168.196.144.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	154.70.82.119	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 154.70.82.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	164.92.210.125	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 164.92.210.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	118.218.219.250	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 118.218.219.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	94.243.15.30	Score: 62/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 94.243.15.30 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	103.82.26.182	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 103.82.26.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	70.37.89.177	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 70.37.89.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	175.207.13.34	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 175.207.13.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	192.241.156.252	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 192.241.156.252 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to mdms1 between 2026-05-01 14:44 and 2026-05-01 15:27 UTC.	2026-05-01
IPv4	198.38.81.1	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 198.38.81.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	120.48.116.64	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 120.48.116.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	187.190.35.163	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 187.190.35.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	104.247.73.65	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 104.247.73.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	70.32.93.157	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 70.32.93.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	159.224.213.138	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 159.224.213.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	69.64.32.253	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 69.64.32.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	38.242.220.199	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 38.242.220.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	194.242.57.77	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 194.242.57.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, ftp-brute).	2026-05-01
IPv4	94.130.226.243	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 94.130.226.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	213.199.40.249	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 213.199.40.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	178.105.10.234	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 178.105.10.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	36.106.167.128	Score: 72/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.106.167.128 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-01
IPv4	95.111.249.13	Score: 57/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 95.111.249.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	185.192.97.169	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 185.192.97.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	185.115.179.178	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 185.115.179.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	178.18.246.56	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 178.18.246.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	181.13.173.86	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 181.13.173.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	5.89.75.194	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 5.89.75.194 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 31 times when connecting to db4lamedtech between 2026-05-01 14:24 and 2026-05-01 15:01 UTC.	2026-05-01
IPv4	41.216.178.119	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 41.216.178.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	98.84.1.175	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 98.84.1.175 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-01
IPv4	168.144.75.218	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 168.144.75.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	143.110.217.57	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 143.110.217.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-01
IPv4	108.165.95.7	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 108.165.95.7 observed using HTTP client fingerprint 'HTTP Client: Go-http-client/1.1' 2 times when connecting to db1lapetro between 2026-05-01 14:18 and 2026-05-01 14:53 UTC.	2026-05-01
IPv4	154.241.38.218	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 154.241.38.218 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 17 times when connecting to offbackup1 between 2026-05-01 14:24 and 2026-05-01 14:52 UTC.	2026-05-01
IPv4	149.210.203.167	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 149.210.203.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-01
IPv4	46.149.191.249	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 46.149.191.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	65.1.204.46	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 65.1.204.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	176.119.185.210	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 176.119.185.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	37.9.207.66	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 37.9.207.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	31.41.249.197	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 31.41.249.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	103.92.43.206	Score: 57/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 103.92.43.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, low).	2026-05-01
IPv4	49.213.215.198	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 49.213.215.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	69.65.3.164	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 69.65.3.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	51.77.100.208	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 51.77.100.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-05-01
IPv4	98.80.4.64	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 98.80.4.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, ftp-brute).	2026-05-01
IPv4	101.99.6.166	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 101.99.6.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	40.80.207.25	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 40.80.207.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	144.31.85.193	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 144.31.85.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	47.236.143.27	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 47.236.143.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	103.89.77.114	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 103.89.77.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	5.42.113.29	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 5.42.113.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	77.241.18.2	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 77.241.18.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	102.36.229.122	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 102.36.229.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	36.139.195.167	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 36.139.195.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	82.78.18.36	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 82.78.18.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	181.177.194.101	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 181.177.194.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	175.158.183.88	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 175.158.183.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	103.55.224.248	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 103.55.224.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	223.74.101.105	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 223.74.101.105 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	177.124.85.14	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 177.124.85.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	79.55.76.75	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 79.55.76.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	165.227.84.14	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 165.227.84.14 observed using TLS client fingerprint 'Unknown TLS Client (922ca5a04ed4)' 2 times when connecting to db4lamedtech between 2026-05-01 17:14 and 2026-05-01 17:15 UTC.	2026-05-01
IPv4	107.148.180.44	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 107.148.180.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	66.116.233.137	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 66.116.233.137 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-01
IPv4	81.88.62.121	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 81.88.62.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	138.68.86.32	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 138.68.86.32 observed using TLS client fingerprint 'Unknown TLS Client (922ca5a04ed4)' 2 times when connecting to offbackup1 between 2026-05-01 16:54 and 2026-05-01 16:54 UTC.	2026-05-01
IPv4	203.83.11.211	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 203.83.11.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	36.64.131.10	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 36.64.131.10 observed using SSH client fingerprint 'Unknown SSH Client (748f8c627d3f)' 2 times when connecting to db1lapetro between 2026-05-01 16:46 and 2026-05-01 16:47 UTC.	2026-05-01
IPv4	176.65.139.61	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from Luxembourg (AS214472, Offshore LC). Observed targeting healthcare sector honeypot medtech-hp-01 via adbhoney. Session included execution of 1 commands (payload download). duration: 45s; 3 events.	2026-05-01
IPv4	89.216.39.8	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 89.216.39.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	66.94.112.214	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 66.94.112.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	102.68.120.7	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 102.68.120.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	181.110.191.181	Score: 56/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 181.110.191.181 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-01
IPv4	131.153.99.58	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 131.153.99.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	179.179.196.180	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 179.179.196.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	150.228.105.105	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 150.228.105.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	223.25.245.241	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 223.25.245.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	74.131.78.7	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 74.131.78.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	154.26.136.97	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 154.26.136.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	194.39.227.110	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 194.39.227.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	43.165.7.135	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:reported. 43.165.7.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	197.210.143.182	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 197.210.143.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	41.220.217.15	Score: 58/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 41.220.217.15 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	216.10.244.249	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 216.10.244.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	191.101.59.69	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 191.101.59.69 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-01
IPv4	20.118.251.45	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 20.118.251.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	3.82.92.91	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 3.82.92.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	74.118.63.155	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 74.118.63.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	74.118.63.158	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 74.118.63.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, low).	2026-05-01
IPv4	54.226.226.30	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 54.226.226.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	74.118.63.154	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 74.118.63.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, iot-targeted).	2026-05-01
IPv4	115.195.224.247	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 115.195.224.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	103.211.218.76	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 103.211.218.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-01
IPv4	191.176.194.150	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 191.176.194.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	74.91.200.154	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 74.91.200.154 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to db1lapetro between 2026-05-01 17:31 and 2026-05-01 18:11 UTC.	2026-05-01
IPv4	95.214.211.19	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 95.214.211.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	205.144.220.90	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 205.144.220.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	188.113.188.77	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 188.113.188.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-01
IPv4	222.138.118.48	Score: 63/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 222.138.118.48 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	27.79.45.243	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 27.79.45.243 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 14 times when connecting to db1lapetro between 2026-05-01 16:58 and 2026-05-01 17:46 UTC.	2026-05-01
IPv4	27.79.45.95	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 27.79.45.95 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 14 times when connecting to mdms1 between 2026-05-01 16:53 and 2026-05-01 17:49 UTC.	2026-05-01
IPv4	139.28.49.242	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 139.28.49.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	161.97.66.49	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 161.97.66.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	90.221.10.43	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 90.221.10.43 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-01
IPv4	176.65.139.26	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 176.65.139.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	165.22.183.184	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 165.22.183.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-01
IPv4	196.119.102.126	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 196.119.102.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	180.76.147.163	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 180.76.147.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	112.46.212.55	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 112.46.212.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	43.154.81.51	Score: 56/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 43.154.81.51 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-01
IPv4	189.147.19.238	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 189.147.19.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-01
IPv4	91.220.149.169	Score: 62/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 91.220.149.169 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	141.98.153.253	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 141.98.153.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	83.111.195.123	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 83.111.195.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	109.127.82.20	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 109.127.82.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	123.191.156.128	Score: 62/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, client:go. 123.191.156.128 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	200.97.54.186	Score: 51/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 200.97.54.186 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-01
IPv4	142.11.210.54	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 142.11.210.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-01
IPv4	46.236.65.44	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 46.236.65.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	151.236.33.96	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 151.236.33.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	27.47.25.237	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. This attacker IP (27.47.25.237) is likely a commodity botnet node originating from China Unicom Guangzhou, targeting healthcare sector systems via SSH brute-force attacks against honeypots. Observed interacting with the mdms-hp-01 honeytrap using credential stuffing techniques, suggesting low-to-moderate sophistication focused on lateral movement o...	2026-05-01
IPv4	218.78.122.202	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 218.78.122.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-01
IPv4	43.161.254.229	Score: 57/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 43.161.254.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	190.220.172.154	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 190.220.172.154 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 21 times when connecting to mdms1 between 2026-05-01 20:02 and 2026-05-01 20:37 UTC.	2026-05-01
IPv4	199.244.88.219	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 199.244.88.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	38.180.9.58	Score: 67/100. Labels: abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 38.180.9.58 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, iot-targeted, moderate).	2026-05-01
IPv4	185.23.69.25	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 185.23.69.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	209.145.55.42	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 209.145.55.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-01
IPv4	176.124.88.30	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 176.124.88.30 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to mdms1 between 2026-05-01 19:55 and 2026-05-01 20:28 UTC.	2026-05-01
IPv4	64.225.109.136	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 64.225.109.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	119.18.55.35	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 119.18.55.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	190.12.119.106	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 190.12.119.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-01
IPv4	109.122.9.202	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 109.122.9.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	177.54.231.9	Score: 63/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 177.54.231.9 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-05-01
IPv4	43.225.164.6	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 43.225.164.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	103.174.102.62	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 103.174.102.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	49.50.87.140	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 49.50.87.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	118.212.121.196	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.121.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	203.154.91.50	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 203.154.91.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	98.80.4.33	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 98.80.4.33 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-01
IPv4	159.203.117.32	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 159.203.117.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	2.26.74.37	Score: 57/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 2.26.74.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-01
IPv4	44.220.188.254	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 44.220.188.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	176.65.139.166	Score: 93/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 176.65.139.166 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	189.84.38.242	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 189.84.38.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	81.229.41.66	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 81.229.41.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	47.79.38.129	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.79.38.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	124.29.194.237	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 124.29.194.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	190.122.188.3	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 190.122.188.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-01
IPv4	131.222.253.232	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 131.222.253.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	148.68.57.12	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 148.68.57.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	193.77.182.48	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 193.77.182.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	117.134.197.70	Score: 74/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 117.134.197.70 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-05-01
IPv4	180.191.255.59	Score: 64/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 180.191.255.59 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-05-01
IPv4	205.251.153.87	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 205.251.153.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-01
IPv4	168.144.78.179	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 168.144.78.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-01
IPv4	107.173.199.134	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 107.173.199.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	73.7.106.229	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 73.7.106.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	113.164.234.202	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 113.164.234.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	103.98.237.89	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 103.98.237.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	102.209.221.226	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 102.209.221.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-01
IPv4	177.202.156.189	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 177.202.156.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	171.12.10.171	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.12.10.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	8.208.119.101	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 8.208.119.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-01
IPv4	183.128.230.200	Score: 64/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 183.128.230.200 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-05-01
IPv4	208.115.211.186	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 208.115.211.186 observed using TLS client fingerprint 'Unknown TLS Client (44944ceb6923)' 3 times when connecting to mdms1 between 2026-05-01 21:20 and 2026-05-01 21:20 UTC.	2026-05-01
IPv4	178.128.149.186	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 178.128.149.186 observed using TLS client fingerprint 'Unknown TLS Client (d9936b62f453)' 2 times when connecting to db4lamedtech between 2026-05-01 20:58 and 2026-05-01 20:58 UTC.	2026-05-01
IPv4	164.92.185.127	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 164.92.185.127 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 6 times when connecting to db4lamedtech between 2026-05-01 20:53 and 2026-05-01 21:01 UTC.	2026-05-01
IPv4	185.226.196.25	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 185.226.196.25 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/12...' 14 times when connecting to db1lapetro between 2026-05-01 20:37 and 2026-05-01 20:41 UTC.	2026-05-01
IPv4	20.40.58.215	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 20.40.58.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	45.63.105.35	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 45.63.105.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	144.48.135.214	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 144.48.135.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	108.59.252.232	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 108.59.252.232 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	177.197.78.28	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 177.197.78.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	123.14.43.251	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 123.14.43.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	84.46.241.174	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 84.46.241.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	125.122.109.202	Score: 61/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 125.122.109.202 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	111.40.55.167	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 111.40.55.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	192.42.116.14	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.42.116.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	200.155.140.14	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 200.155.140.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	58.243.46.209	Score: 63/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 58.243.46.209 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-01
IPv4	60.16.201.243	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. This attacker IP (60.16.201.243) is likely a commodity botnet node targeting healthcare sector SSH services, observed attempting brute-force access to a medtech honeypot (medtech-hp-01) using common credentials. The attack involved SSH/Telnet command sessions with low sophistication, aligning with automated scanning tools rather than advanced persistent threats. ...	2026-05-01
IPv4	112.123.17.147	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 112.123.17.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	212.78.94.170	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 212.78.94.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	38.255.25.132	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 38.255.25.132 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-01
IPv4	183.82.0.254	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 183.82.0.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-01
IPv4	176.57.184.211	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 176.57.184.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	126.209.3.122	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 126.209.3.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	206.168.201.249	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 206.168.201.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	182.119.227.139	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.227.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-01
IPv4	4.148.17.40	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 4.148.17.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-01
IPv4	110.4.47.27	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 110.4.47.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-01
IPv4	165.232.191.157	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 165.232.191.157 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 6 times when connecting to db4lamedtech between 2026-05-01 22:02 and 2026-05-01 22:17 UTC.	2026-05-01
IPv4	51.15.145.170	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 51.15.145.170 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 20 times when connecting to db1lapetro between 2026-05-01 21:02 and 2026-05-01 21:37 UTC.	2026-05-01
IPv4	35.171.41.249	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh. 35.171.41.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	103.89.157.191	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 103.89.157.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	138.118.3.111	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 138.118.3.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	85.99.178.122	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low. 85.99.178.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	185.110.191.72	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.110.191.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	112.46.214.46	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 112.46.214.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	44.220.188.138	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 44.220.188.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-02
IPv4	205.254.169.195	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 205.254.169.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	119.73.59.64	Score: 61/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 119.73.59.64 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-05-02
IPv4	200.216.33.145	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 200.216.33.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	60.247.225.148	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 60.247.225.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	181.120.248.39	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 181.120.248.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	176.65.139.9	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 176.65.139.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	103.82.231.113	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 103.82.231.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	18.118.100.31	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 18.118.100.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	177.232.84.129	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 177.232.84.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	172.86.116.222	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 172.86.116.222 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-02
IPv4	204.168.224.178	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 204.168.224.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	88.188.151.209	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 88.188.151.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	103.123.226.42	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 103.123.226.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	195.128.138.27	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 195.128.138.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	80.28.217.161	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 80.28.217.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	197.232.159.165	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 197.232.159.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	81.214.84.178	Score: 84/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 81.214.84.178 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	106.75.1.153	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 106.75.1.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	186.167.113.77	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 186.167.113.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	36.133.214.135	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.133.214.135 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	101.168.28.121	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 101.168.28.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	76.14.162.91	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 76.14.162.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	190.120.252.192	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 190.120.252.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-02
IPv4	102.216.84.254	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 102.216.84.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	177.23.61.234	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 177.23.61.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	38.7.3.54	Score: 52/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 38.7.3.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	98.158.129.28	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 98.158.129.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	179.110.174.92	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 179.110.174.92 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 31 times when connecting to offbackup1 between 2026-05-01 23:34 and 2026-05-02 00:20 UTC.	2026-05-02
IPv4	59.50.25.69	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 59.50.25.69 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 32 times when connecting to db4lamedtech between 2026-05-01 23:18 and 2026-05-01 23:44 UTC.	2026-05-02
IPv4	51.190.191.170	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 51.190.191.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	181.90.67.112	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 181.90.67.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	76.65.159.78	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 76.65.159.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	152.32.235.6	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 152.32.235.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	151.80.247.175	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 151.80.247.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	45.134.142.221	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 45.134.142.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	177.8.71.130	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 177.8.71.130 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-02
IPv4	87.236.176.13	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	124.29.214.62	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 124.29.214.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	117.2.219.223	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 117.2.219.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	105.111.168.38	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 105.111.168.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	18.97.19.240	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 18.97.19.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	176.65.148.85	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 176.65.148.85 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, hacking).	2026-05-02
IPv4	223.123.73.89	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 223.123.73.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	103.50.130.3	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 103.50.130.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	139.135.44.74	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 139.135.44.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	207.180.204.158	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 207.180.204.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	209.38.248.17	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 209.38.248.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	74.82.47.34	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 74.82.47.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	190.120.255.31	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 190.120.255.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	121.150.137.99	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 121.150.137.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	175.0.68.177	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 175.0.68.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-02
IPv4	46.101.89.42	Score: 50/100. Labels: abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 46.101.89.42 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to mdms1 between 2026-05-02 00:35 and 2026-05-02 00:35 UTC.	2026-05-02
IPv4	144.124.192.244	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low. 144.124.192.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	185.247.124.166	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 185.247.124.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	190.33.71.11	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 190.33.71.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	202.145.0.18	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 202.145.0.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	177.185.78.33	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 177.185.78.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	20.64.104.94	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 20.64.104.94 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-05-02
IPv4	112.46.213.203	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.213.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	154.53.60.133	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 154.53.60.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	15.204.179.150	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 15.204.179.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-02
IPv4	187.220.63.223	Score: 61/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 187.220.63.223 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	85.137.56.240	Score: 89/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 85.137.56.240 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-05-02
IPv4	76.127.61.251	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 76.127.61.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	179.125.128.167	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 179.125.128.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	190.97.236.113	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 190.97.236.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	103.28.121.27	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 103.28.121.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	104.168.149.94	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 104.168.149.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	82.163.78.34	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 82.163.78.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	103.100.39.122	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported, abuseipdb:port-scan. 103.100.39.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-02
IPv4	47.251.96.168	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.251.96.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	159.89.12.166	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 159.89.12.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	34.77.2.168	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 34.77.2.168 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-05-02
IPv4	45.187.6.237	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 45.187.6.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	8.216.8.87	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 8.216.8.87 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (exploited-host, hacking, moderate).	2026-05-02
IPv4	185.220.101.60	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.220.101.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	59.98.68.173	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 59.98.68.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	107.189.5.121	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 107.189.5.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	185.220.101.134	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.220.101.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	101.128.175.153	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 101.128.175.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	43.162.109.249	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 43.162.109.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	59.98.69.113	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 59.98.69.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	34.62.34.27	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 34.62.34.27 observed using SSH client fingerprint 'Unknown SSH Client (e788c657d1a2)' 6 times when connecting to mdms1 between 2026-05-02 03:01 and 2026-05-02 03:01 UTC.	2026-05-02
IPv4	176.65.139.55	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 176.65.139.55 observed using TLS client fingerprint 'Unknown TLS Client (9c67bc077de0)' 2 times when connecting to db4lamedtech between 2026-05-02 02:48 and 2026-05-02 02:48 UTC.	2026-05-02
IPv4	85.240.62.84	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 85.240.62.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	79.127.222.201	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 79.127.222.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	84.54.70.90	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 84.54.70.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	64.89.160.95	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 64.89.160.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	47.237.214.193	Score: 51/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 47.237.214.193 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-02
IPv4	90.26.212.232	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 90.26.212.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	192.243.104.11	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 192.243.104.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	42.96.20.16	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Vietnam (AS131423, Branch of Long Van System Solution JSC - Hanoi). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 6 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persist...	2026-05-02
IPv4	102.68.120.73	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low. 102.68.120.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	172.86.72.145	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 172.86.72.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-02
IPv4	144.48.130.217	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 144.48.130.217 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	98.80.4.24	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 98.80.4.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-02
IPv4	43.165.198.144	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 43.165.198.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-02
IPv4	77.68.87.230	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 77.68.87.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	189.165.66.186	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 189.165.66.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	43.165.170.119	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 43.165.170.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-02
IPv4	157.245.32.229	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 157.245.32.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	34.14.73.161	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 34.14.73.161 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	2.27.7.16	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 2.27.7.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	3.129.245.101	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 3.129.245.101 observed using HTTP client fingerprint 'HTTP Client: visionheight.com/scan Mozilla/5.0 (Macintosh; Intel Mac OS X...' 2 times when connecting to db1lapetro between 2026-05-02 04:02 and 2026-05-02 04:02 UTC.	2026-05-02
IPv4	34.79.220.100	Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP 34.79.220.100 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible)' 6 times when connecting to mdms1 between 2026-05-02 03:46 and 2026-05-02 03:47 UTC.	2026-05-02
IPv4	203.159.90.15	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 203.159.90.15 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to db4lamedtech between 2026-05-02 03:45 and 2026-05-02 03:45 UTC.	2026-05-02
IPv4	185.233.100.23	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. Attacker IP 185.233.100.23 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to mdms1 between 2026-05-02 03:45 and 2026-05-02 03:45 UTC.	2026-05-02
IPv4	185.220.101.107	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 185.220.101.107 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 7 times when connecting to mdms1 between 2026-05-02 03:44 and 2026-05-02 03:45 UTC.	2026-05-02
IPv4	185.220.101.189	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 185.220.101.189 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to mdms1 between 2026-05-02 03:44 and 2026-05-02 03:44 UTC.	2026-05-02
IPv4	185.243.218.232	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 185.243.218.232 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 6 times when connecting to mdms1 between 2026-05-02 03:44 and 2026-05-02 03:44 UTC.	2026-05-02
IPv4	192.42.116.54	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 192.42.116.54 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 14 times when connecting to mdms1 between 2026-05-02 03:43 and 2026-05-02 03:43 UTC.	2026-05-02
IPv4	202.181.177.206	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP 202.181.177.206 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to mdms1 between 2026-05-02 03:43 and 2026-05-02 03:43 UTC.	2026-05-02
IPv4	185.220.101.96	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 185.220.101.96 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to mdms1 between 2026-05-02 03:43 and 2026-05-02 03:43 UTC.	2026-05-02
IPv4	192.42.116.116	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 192.42.116.116 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 21 times when connecting to db4lamedtech between 2026-05-02 03:43 and 2026-05-02 03:45 UTC.	2026-05-02
IPv4	192.42.116.106	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 192.42.116.106 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 24 times when connecting to mdms1 between 2026-05-02 03:43 and 2026-05-02 03:44 UTC.	2026-05-02
IPv4	192.42.116.113	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 192.42.116.113 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to db4lamedtech between 2026-05-02 03:42 and 2026-05-02 03:43 UTC.	2026-05-02
IPv4	185.220.101.42	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. Attacker IP 185.220.101.42 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to db4lamedtech between 2026-05-02 03:42 and 2026-05-02 03:42 UTC.	2026-05-02
IPv4	185.220.101.103	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.220.101.103 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to mdms1 between 2026-05-02 03:42 and 2026-05-02 03:42 UTC.	2026-05-02
IPv4	171.25.193.132	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 171.25.193.132 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 3 times when connecting to mdms1 between 2026-05-02 03:42 and 2026-05-02 03:42 UTC.	2026-05-02
IPv4	185.220.101.176	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.220.101.176 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to db4lamedtech between 2026-05-02 03:42 and 2026-05-02 03:42 UTC.	2026-05-02
IPv4	192.42.116.117	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 192.42.116.117 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 26 times when connecting to db4lamedtech between 2026-05-02 03:40 and 2026-05-02 03:45 UTC.	2026-05-02
IPv4	45.138.16.125	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 45.138.16.125 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to mdms1 between 2026-05-02 03:39 and 2026-05-02 03:39 UTC.	2026-05-02
IPv4	212.38.189.186	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 212.38.189.186 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to db4lamedtech between 2026-05-02 03:39 and 2026-05-02 03:39 UTC.	2026-05-02
IPv4	45.154.98.160	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 45.154.98.160 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 4 times when connecting to mdms1 between 2026-05-02 03:38 and 2026-05-02 03:39 UTC.	2026-05-02
IPv4	45.80.158.143	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 45.80.158.143 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 2 times when connecting to mdms1 between 2026-05-02 03:38 and 2026-05-02 03:38 UTC.	2026-05-02
IPv4	192.42.116.104	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 192.42.116.104 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 13 times when connecting to mdms1 between 2026-05-02 03:41 and 2026-05-02 03:41 UTC.	2026-05-02
IPv4	192.42.116.20	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 192.42.116.20 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 14 times when connecting to db4lamedtech between 2026-05-02 03:41 and 2026-05-02 03:42 UTC.	2026-05-02
IPv4	192.42.116.67	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 192.42.116.67 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 13 times when connecting to mdms1 between 2026-05-02 03:40 and 2026-05-02 03:40 UTC.	2026-05-02
IPv4	192.42.116.65	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 192.42.116.65 observed using TLS client fingerprint 'Unknown TLS Client (13bbf59da66a)' 18 times when connecting to mdms1 between 2026-05-02 03:39 and 2026-05-02 03:43 UTC.	2026-05-02
IPv4	94.242.169.200	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 94.242.169.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	101.108.19.234	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 101.108.19.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	199.188.199.132	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 199.188.199.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	184.105.139.91	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 184.105.139.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	185.30.203.91	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 185.30.203.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	66.70.247.183	Score: 67/100. Labels: abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 66.70.247.183 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, iot-targeted, moderate).	2026-05-02
IPv4	123.144.23.215	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.144.23.215 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	47.237.217.163	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.237.217.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	43.164.196.47	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 43.164.196.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	34.22.130.101	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 34.22.130.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	120.240.178.221	Score: 61/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 120.240.178.221 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	185.198.46.166	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.198.46.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	34.79.15.38	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 34.79.15.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	81.94.69.93	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 81.94.69.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	84.15.149.169	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 84.15.149.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	148.66.133.193	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Singapore, Singapore (AS26496, GoDaddy.com, LLC). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. duration: 13m 20s; 60 events.	2026-05-02
IPv4	200.59.186.9	Score: 58/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 200.59.186.9 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	43.165.186.188	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.165.186.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	61.220.97.68	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 61.220.97.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	216.45.59.110	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 216.45.59.110 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to offbackup1 between 2026-05-02 04:52 and 2026-05-02 04:53 UTC.	2026-05-02
IPv4	209.97.135.141	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 209.97.135.141 observed using TLS client fingerprint 'Unknown TLS Client (13b2aa2e2098)' 14 times when connecting to mdms1 between 2026-05-02 04:41 and 2026-05-02 04:41 UTC.	2026-05-02
IPv4	35.195.192.28	Score: 85/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 35.195.192.28 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible)' 4 times when connecting to db1lapetro between 2026-05-02 04:32 and 2026-05-02 04:32 UTC.	2026-05-02
IPv4	176.31.156.35	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 176.31.156.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	34.76.121.185	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 34.76.121.185 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	200.155.135.170	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 200.155.135.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	117.134.197.67	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 117.134.197.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	74.118.168.214	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 74.118.168.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	43.165.198.224	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 43.165.198.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-02
IPv4	79.35.16.170	Score: 67/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 79.35.16.170 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-05-02
IPv4	89.43.135.40	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 89.43.135.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	213.199.33.248	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 213.199.33.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	47.83.20.215	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 47.83.20.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	47.239.236.171	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.239.236.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	8.243.73.196	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 8.243.73.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	45.179.148.123	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 45.179.148.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	123.245.85.179	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.85.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	185.190.140.26	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.190.140.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	157.245.156.89	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 157.245.156.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	121.175.52.154	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 121.175.52.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	103.161.232.74	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 103.161.232.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	47.80.18.15	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 47.80.18.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, moderate).	2026-05-02
IPv4	108.16.87.154	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 108.16.87.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	123.245.85.21	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 123.245.85.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	72.255.26.120	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 72.255.26.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	27.155.92.28	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 27.155.92.28 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 3 times when connecting to mdms1 between 2026-05-02 06:15 and 2026-05-02 06:15 UTC.	2026-05-02
IPv4	38.55.199.204	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 38.55.199.204 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-05-02 05:41 and 2026-05-02 05:42 UTC.	2026-05-02
IPv4	195.178.110.155	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 195.178.110.155 observed using TLS client fingerprint 'Unknown TLS Client (922ca5a04ed4)' 15 times when connecting to db1lapetro between 2026-05-02 05:14 and 2026-05-02 05:14 UTC.	2026-05-02
IPv4	161.97.163.222	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 161.97.163.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	123.160.235.252	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.160.235.252 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-02
IPv4	35.241.228.146	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 35.241.228.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	139.135.41.179	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 139.135.41.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	47.239.61.135	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 47.239.61.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	47.253.113.111	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 47.253.113.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	47.237.211.9	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.237.211.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	47.237.209.9	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.209.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	47.237.213.55	Score: 51/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 47.237.213.55 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-02
IPv4	47.83.18.71	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.83.18.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	119.30.116.83	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 119.30.116.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	103.199.16.90	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.199.16.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	113.255.144.254	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 113.255.144.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	72.167.150.243	Score: 56/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 72.167.150.243 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-02
IPv4	185.164.80.171	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 185.164.80.171 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	86.46.213.86	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 86.46.213.86 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-02
IPv4	95.64.136.246	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 95.64.136.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	117.134.199.21	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 117.134.199.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	20.207.201.147	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.207.201.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	191.199.237.36	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 191.199.237.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	34.77.254.14	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 34.77.254.14 observed using SSH client fingerprint 'Unknown SSH Client (e788c657d1a2)' 6 times when connecting to db4lamedtech between 2026-05-02 06:59 and 2026-05-02 06:59 UTC.	2026-05-02
IPv4	159.100.14.130	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export, abuseipdb:web-attack. Attacker IP 159.100.14.130 observed using TLS client fingerprint 'Unknown TLS Client (707df29f2fba)' 10 times when connecting to mdms1 between 2026-05-02 06:31 and 2026-05-02 06:31 UTC.	2026-05-02
IPv4	83.235.21.125	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 83.235.21.125 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to db4lamedtech between 2026-05-02 05:55 and 2026-05-02 06:33 UTC.	2026-05-02
IPv4	172.110.223.151	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 172.110.223.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	115.198.39.105	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 115.198.39.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	185.247.137.181	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	34.51.143.110	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 34.51.143.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	93.158.90.66	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 93.158.90.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	153.75.247.232	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 153.75.247.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	46.163.184.136	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 46.163.184.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	8.210.246.133	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 8.210.246.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	68.235.46.145	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 68.235.46.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	211.226.243.231	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 211.226.243.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	60.185.195.137	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 60.185.195.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	45.156.87.149	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 45.156.87.149 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (high, reported).	2026-05-02
IPv4	115.190.151.242	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 115.190.151.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-02
IPv4	164.155.49.172	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 164.155.49.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	34.76.254.33	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 34.76.254.33 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	102.88.54.9	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 102.88.54.9 observed using HTTP client fingerprint 'HTTP Client: python-requests/2.26.0' 2 times when connecting to db4lamedtech between 2026-05-02 08:26 and 2026-05-02 08:31 UTC.	2026-05-02
IPv4	34.19.127.202	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 34.19.127.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	34.19.127.191	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 34.19.127.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, ftp-brute).	2026-05-02
IPv4	34.19.127.194	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 34.19.127.194 observed using TLS client fingerprint 'Unknown TLS Client (154048e4d80d)' 2 times when connecting to offbackup1 between 2026-05-02 08:22 and 2026-05-02 08:22 UTC.	2026-05-02
IPv4	185.216.134.126	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 185.216.134.126 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to db4lamedtech between 2026-05-02 07:48 and 2026-05-02 08:30 UTC.	2026-05-02
IPv4	138.255.157.62	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 138.255.157.62 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to db1lapetro between 2026-05-02 07:51 and 2026-05-02 08:29 UTC.	2026-05-02
IPv4	107.175.59.202	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-02
IPv4	103.151.116.185	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 103.151.116.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	66.132.186.207	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.186.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	185.151.29.229	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 185.151.29.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	146.56.199.139	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 146.56.199.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-02
IPv4	194.187.179.184	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	128.199.182.55	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 128.199.182.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	143.105.137.67	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 143.105.137.67 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-02
IPv4	27.147.191.110	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 27.147.191.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	160.187.191.220	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 160.187.191.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	138.99.81.3	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 138.99.81.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	131.222.250.187	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 131.222.250.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	185.187.78.237	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported. 185.187.78.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-02
IPv4	223.123.41.66	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 223.123.41.66 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-02
IPv4	185.24.60.48	Score: 54/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 185.24.60.48 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	94.158.58.121	Score: 57/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 94.158.58.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, low).	2026-05-02
IPv4	116.234.76.167	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 116.234.76.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	197.210.194.147	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 197.210.194.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	43.99.45.17	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 43.99.45.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	51.68.107.161	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 51.68.107.161 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v2.0.5; http://mj12bot.com/...' 2 times when connecting to db1lapetro between 2026-05-02 09:22 and 2026-05-02 09:22 UTC.	2026-05-02
IPv4	35.233.82.81	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 35.233.82.81 observed using SSH client fingerprint 'Unknown SSH Client (e788c657d1a2)' 6 times when connecting to db1lapetro between 2026-05-02 08:42 and 2026-05-02 08:42 UTC.	2026-05-02
IPv4	213.209.159.229	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 213.209.159.229 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:136.0) Gecko/20...' 6 times when connecting to db1lapetro between 2026-05-02 08:26 and 2026-05-02 08:26 UTC.	2026-05-02
IPv4	103.75.188.246	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 103.75.188.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	103.152.159.189	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 103.152.159.189 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	45.76.119.200	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 45.76.119.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	44.220.188.196	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 44.220.188.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	138.68.54.186	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 138.68.54.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	123.160.235.175	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.160.235.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	66.94.117.64	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 66.94.117.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-02
IPv4	179.125.124.177	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 179.125.124.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	24.245.128.174	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 24.245.128.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	193.104.222.7	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 193.104.222.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	165.101.9.38	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 165.101.9.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	35.241.165.245	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 35.241.165.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	35.241.214.123	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 35.241.214.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	220.244.178.210	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 220.244.178.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	171.231.176.146	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 171.231.176.146 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 14 times when connecting to db1lapetro between 2026-05-02 09:27 and 2026-05-02 10:18 UTC.	2026-05-02
IPv4	27.79.43.128	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 27.79.43.128 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 17 times when connecting to mdms1 between 2026-05-02 09:27 and 2026-05-02 10:19 UTC.	2026-05-02
IPv4	45.153.34.112	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 45.153.34.112 observed using SSH client fingerprint 'Unknown SSH Client (0a07365cc01f)' 685 times when connecting to db4lamedtech between 2026-05-02 08:59 and 2026-05-02 09:41 UTC.	2026-05-02
IPv4	213.199.63.29	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 213.199.63.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	103.179.13.189	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 103.179.13.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-02
IPv4	8.216.16.145	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 8.216.16.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	139.28.49.212	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 139.28.49.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	98.80.4.17	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 98.80.4.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	64.226.127.28	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 64.226.127.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	123.145.29.209	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.145.29.209 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	106.75.244.186	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 106.75.244.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-02
IPv4	86.146.192.113	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 86.146.192.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	94.198.190.5	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 94.198.190.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	216.218.206.79	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 216.218.206.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	180.76.224.62	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 180.76.224.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, multi-reported).	2026-05-02
IPv4	192.42.116.68	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.42.116.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	201.62.106.103	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 201.62.106.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	112.94.190.131	Score: 65/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 112.94.190.131 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-02
IPv4	167.86.73.135	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 167.86.73.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	113.166.127.6	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 113.166.127.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	34.56.128.168	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 34.56.128.168 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0' 43 times when connecting to mdms1 between 2026-05-02 11:07 and 2026-05-02 11:07 UTC.	2026-05-02
IPv4	185.80.91.26	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 185.80.91.26 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-05-02 10:42 and 2026-05-02 10:42 UTC.	2026-05-02
IPv4	101.176.22.141	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 101.176.22.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	4.248.96.1	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 4.248.96.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	185.247.137.39	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	46.2.179.220	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 46.2.179.220 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	91.220.63.98	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 91.220.63.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	165.154.135.185	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 165.154.135.185 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/...' 2 times when connecting to db4lamedtech between 2026-05-02 12:13 and 2026-05-02 12:13 UTC.	2026-05-02
IPv4	107.150.104.68	Score: 85/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 107.150.104.68 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (ZZ; Linux i686) AppleWebKit/537.36 (KHTML, like...' 2 times when connecting to mdms1 between 2026-05-02 12:01 and 2026-05-02 12:01 UTC.	2026-05-02
IPv4	45.94.31.222	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 45.94.31.222 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to db4lamedtech between 2026-05-02 11:33 and 2026-05-02 12:10 UTC.	2026-05-02
IPv4	167.172.109.6	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 167.172.109.6 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to mdms1 between 2026-05-02 11:30 and 2026-05-02 12:04 UTC.	2026-05-02
IPv4	157.230.20.55	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 157.230.20.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-02
IPv4	206.189.63.131	Score: 56/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 206.189.63.131 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-02
IPv4	165.227.130.62	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 165.227.130.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-05-02
IPv4	165.227.148.131	Score: 64/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 165.227.148.131 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, multi-reported).	2026-05-02
IPv4	61.137.199.2	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 61.137.199.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	170.84.212.53	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 170.84.212.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	106.75.251.101	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 106.75.251.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	181.232.183.16	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 181.232.183.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	15.204.231.216	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 15.204.231.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	132.148.148.91	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 132.148.148.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	176.241.84.34	Score: 55/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 176.241.84.34 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-05-02
IPv4	135.148.120.182	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 135.148.120.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	87.121.84.79	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 87.121.84.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	43.164.131.148	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 43.164.131.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-02
IPv4	162.254.243.28	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 162.254.243.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	220.191.28.253	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.191.28.253 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	180.216.244.199	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 180.216.244.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	182.44.12.249	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 182.44.12.249 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 12 times when connecting to offbackup1 between 2026-05-02 12:03 and 2026-05-02 12:48 UTC.	2026-05-02
IPv4	202.66.164.7	Score: 62/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 202.66.164.7 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	210.3.66.51	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 210.3.66.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	44.220.185.169	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 44.220.185.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-05-02
IPv4	223.196.174.152	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 223.196.174.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	162.222.33.23	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 162.222.33.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-02
IPv4	14.135.74.230	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 14.135.74.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	1.69.143.221	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 1.69.143.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	45.165.202.16	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 45.165.202.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	116.178.131.101	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.101 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-02
IPv4	59.173.111.231	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 59.173.111.231 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-02
IPv4	104.168.58.60	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 104.168.58.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	120.48.168.33	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 120.48.168.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).	2026-05-02
IPv4	35.185.240.253	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 35.185.240.253 observed using TLS client fingerprint 'Unknown TLS Client (7465186b1421)' 2 times when connecting to offbackup1 between 2026-05-02 14:40 and 2026-05-02 14:40 UTC.	2026-05-02
IPv4	182.8.182.134	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 182.8.182.134 observed using SSH client fingerprint 'Unknown SSH Client (ec7378c1a92f)' 2 times when connecting to db1lapetro between 2026-05-02 14:14 and 2026-05-02 14:14 UTC.	2026-05-02
IPv4	27.47.24.167	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 27.47.24.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	103.191.165.66	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.191.165.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	40.124.174.73	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 40.124.174.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	176.65.139.182	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 176.65.139.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	175.107.233.40	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 175.107.233.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	45.181.226.183	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 45.181.226.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	43.164.190.124	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.164.190.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	109.105.211.13	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 109.105.211.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	109.105.211.10	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 109.105.211.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	109.105.211.12	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 109.105.211.12 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	109.105.211.9	Score: 69/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 109.105.211.9 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	109.105.211.2	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 109.105.211.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	68.183.119.28	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 68.183.119.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	203.154.89.146	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 203.154.89.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	47.250.165.68	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.250.165.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	152.32.85.4	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 152.32.85.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	38.159.55.141	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 38.159.55.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	187.49.116.162	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 187.49.116.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	176.65.139.125	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 176.65.139.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	181.214.80.149	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 181.214.80.149 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 2 times when connecting to mdms1 between 2026-05-02 14:57 and 2026-05-02 14:57 UTC.	2026-05-02
IPv4	93.91.196.243	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 93.91.196.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	201.3.85.250	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 201.3.85.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	150.95.25.201	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 150.95.25.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	204.13.48.116	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 204.13.48.116 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-05-02
IPv4	45.70.9.235	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 45.70.9.235 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	112.46.213.36	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 112.46.213.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	76.38.56.120	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 76.38.56.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	23.80.90.81	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 23.80.90.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	116.178.130.43	Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 116.178.130.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	118.33.113.91	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 118.33.113.91 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to db4lamedtech between 2026-05-02 15:00 and 2026-05-02 15:38 UTC.	2026-05-02
IPv4	222.127.208.141	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 222.127.208.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	194.187.179.116	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-02
IPv4	194.187.179.23	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.23 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-05-02
IPv4	200.115.105.130	Score: 74/100. Labels: abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 200.115.105.130 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (ddos, hacking, low).	2026-05-02
IPv4	165.245.253.121	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 165.245.253.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-02
IPv4	172.86.90.11	Score: 83/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 172.86.90.11 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, high).	2026-05-02
IPv4	194.187.179.20	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	150.230.43.218	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 150.230.43.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-02
IPv4	3.220.15.173	Score: 57/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 3.220.15.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, port-scan).	2026-05-02
IPv4	95.131.147.215	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 95.131.147.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	213.230.86.23	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 213.230.86.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	106.75.16.140	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 106.75.16.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	94.26.106.205	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 94.26.106.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	179.153.14.135	Score: 51/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 179.153.14.135 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-02
IPv4	195.3.220.7	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 195.3.220.7 observed using TLS client fingerprint 'Unknown TLS Client (4551a285e32a)' 28 times when connecting to mdms1 between 2026-05-02 16:55 and 2026-05-02 16:56 UTC.	2026-05-02
IPv4	23.227.147.163	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 23.227.147.163 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to offbackup1 between 2026-05-02 16:16 and 2026-05-02 16:46 UTC.	2026-05-02
IPv4	180.76.143.27	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 180.76.143.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	59.103.119.15	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 59.103.119.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	115.209.232.147	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 115.209.232.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	196.75.1.99	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 196.75.1.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	141.95.188.145	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 141.95.188.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	220.250.10.55	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 220.250.10.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	113.31.115.157	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 113.31.115.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	173.212.231.37	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 173.212.231.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	44.217.155.218	Score: 70/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 44.217.155.218 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-05-02
IPv4	102.210.146.49	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 102.210.146.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	164.92.225.4	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 164.92.225.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-02
IPv4	176.67.16.84	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 176.67.16.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	165.154.6.75	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 165.154.6.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	190.193.92.220	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 190.193.92.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	217.198.149.59	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 217.198.149.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	82.221.131.71	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 82.221.131.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	209.14.102.13	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 209.14.102.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	109.105.211.3	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 109.105.211.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	109.105.211.8	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 109.105.211.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	109.105.211.15	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 109.105.211.15 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	109.105.211.7	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 109.105.211.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	109.105.211.11	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 109.105.211.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	109.105.211.6	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 109.105.211.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	47.76.24.252	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 47.76.24.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	31.24.230.189	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 31.24.230.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	188.246.35.94	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 188.246.35.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	173.244.195.101	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 173.244.195.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-02
IPv4	41.214.45.102	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 41.214.45.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	217.172.180.92	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 217.172.180.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	49.116.25.62	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 49.116.25.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	45.187.6.195	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 45.187.6.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	113.180.168.152	Score: 55/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 113.180.168.152 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-05-02
IPv4	103.59.160.69	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-02
IPv4	138.121.113.106	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 138.121.113.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	2.27.35.160	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 2.27.35.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	183.152.179.66	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 183.152.179.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	45.239.203.39	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 45.239.203.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	2.26.252.212	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 2.26.252.212 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...' 50 times when connecting to mdms1 between 2026-05-02 19:19 and 2026-05-02 19:19 UTC.	2026-05-02
IPv4	196.189.51.7	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 196.189.51.7 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 14 times when connecting to db1lapetro between 2026-05-02 18:27 and 2026-05-02 19:41 UTC.	2026-05-02
IPv4	223.15.246.7	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 223.15.246.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	65.20.69.206	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 65.20.69.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	89.25.230.156	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 89.25.230.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	194.44.33.41	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 194.44.33.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	183.146.0.20	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 183.146.0.20 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-05-02
IPv4	181.94.227.215	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 181.94.227.215 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	94.243.15.126	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 94.243.15.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	109.123.86.57	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 109.123.86.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	176.65.139.143	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 176.65.139.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	211.248.94.185	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 211.248.94.185 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 32 times when connecting to db1lapetro between 2026-05-02 19:02 and 2026-05-02 20:02 UTC.	2026-05-02
IPv4	195.178.110.132	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 195.178.110.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	210.212.28.149	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 210.212.28.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	80.90.55.13	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 80.90.55.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	186.243.15.152	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 186.243.15.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	186.24.62.193	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 186.24.62.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-02
IPv4	37.140.75.215	Score: 54/100. Labels: abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 37.140.75.215 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, iot-targeted, low).	2026-05-02
IPv4	183.147.205.97	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 183.147.205.97 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-05-02
IPv4	115.230.11.189	Score: 54/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, cowrie. 115.230.11.189 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-02
IPv4	94.243.13.44	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 94.243.13.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	191.243.217.221	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 191.243.217.221 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	119.91.20.139	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 119.91.20.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	20.65.193.136	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.65.193.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	170.79.37.84	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 170.79.37.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	193.93.249.93	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 193.93.249.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	190.115.167.98	Score: 52/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 190.115.167.98 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-02
IPv4	47.82.7.61	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.82.7.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	154.0.185.8	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 154.0.185.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	201.77.107.136	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 201.77.107.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	190.114.242.154	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 190.114.242.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	217.23.12.21	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 217.23.12.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	66.167.147.90	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.167.147.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	59.98.71.121	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 59.98.71.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	196.219.72.45	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 196.219.72.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	67.102.7.186	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 67.102.7.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	190.123.46.157	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 190.123.46.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	190.0.95.171	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 190.0.95.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	103.132.237.18	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 103.132.237.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, port-scan).	2026-05-02
IPv4	40.77.167.55	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 40.77.167.55 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-02
IPv4	120.48.29.51	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 120.48.29.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	69.206.82.126	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 69.206.82.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	35.187.58.104	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 35.187.58.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	199.127.63.58	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 199.127.63.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	31.42.188.184	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 31.42.188.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	200.8.77.152	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 200.8.77.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-02
IPv4	60.210.41.42	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 60.210.41.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	51.9.5.209	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 51.9.5.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	132.148.142.253	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 132.148.142.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	91.192.81.64	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, client:libssh. IP observed in Suricata network metadata	2026-05-02
IPv4	89.42.231.160	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 89.42.231.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	195.244.58.170	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. Attacker IP from Türkiye (AS43391, Netdirekt Bilisim Danismanlik Iletisim Hizmetleri Sanayi Ve Ticaret As). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. duration: 2m 58s; 14 events.	2026-05-02
IPv4	107.172.80.207	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, client:libssh. 107.172.80.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	148.135.13.202	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 148.135.13.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	62.210.38.102	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 62.210.38.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	13.57.228.226	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 13.57.228.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	89.45.201.189	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 89.45.201.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	108.181.132.17	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 108.181.132.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	35.88.78.118	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 35.88.78.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	213.169.34.33	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 213.169.34.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-02
IPv4	184.154.156.13	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, client:libssh. 184.154.156.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	88.198.67.242	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 88.198.67.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	38.46.217.98	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh. 38.46.217.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	89.37.117.71	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 89.37.117.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	136.243.75.182	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, client:libssh. 136.243.75.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-02
IPv4	88.150.140.229	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 88.150.140.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-02
IPv4	64.225.33.78	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 64.225.33.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	123.96.76.70	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 123.96.76.70 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-02
IPv4	172.235.130.101	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 172.235.130.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	138.255.103.45	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 138.255.103.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-02
IPv4	138.124.31.169	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 138.124.31.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-02
IPv4	14.103.127.2	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 14.103.127.2 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 18 times when connecting to mdms1 between 2026-05-02 21:11 and 2026-05-02 21:53 UTC.	2026-05-02
IPv4	115.198.33.191	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 115.198.33.191 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	102.219.189.149	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 102.219.189.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	109.105.211.17	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 109.105.211.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	66.55.92.249	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 66.55.92.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	34.140.35.58	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 34.140.35.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	76.33.236.194	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 76.33.236.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	220.189.144.26	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 220.189.144.26 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	104.236.66.186	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 104.236.66.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	95.215.8.165	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 95.215.8.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	190.60.34.210	Score: 54/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 190.60.34.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-03
IPv4	188.3.38.95	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 188.3.38.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	119.167.5.58	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 119.167.5.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	191.37.83.243	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 191.37.83.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-03
IPv4	60.185.141.161	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.185.141.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	139.162.180.143	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, client:libssh. 139.162.180.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-03
IPv4	45.148.145.60	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 45.148.145.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	154.0.163.160	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 154.0.163.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	86.111.176.100	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 86.111.176.100 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to db1lapetro between 2026-05-02 23:10 and 2026-05-02 23:13 UTC.	2026-05-03
IPv4	23.239.96.154	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 23.239.96.154 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to db1lapetro between 2026-05-02 23:09 and 2026-05-02 23:13 UTC.	2026-05-03
IPv4	212.192.216.2	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 212.192.216.2 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to db1lapetro between 2026-05-02 23:09 and 2026-05-02 23:13 UTC.	2026-05-03
IPv4	81.171.10.178	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 81.171.10.178 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to mdms1 between 2026-05-02 22:59 and 2026-05-02 23:02 UTC.	2026-05-03
IPv4	213.162.209.84	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 213.162.209.84 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to mdms1 between 2026-05-02 22:58 and 2026-05-02 23:00 UTC.	2026-05-03
IPv4	108.181.57.247	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 108.181.57.247 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to db4lamedtech between 2026-05-02 22:53 and 2026-05-02 23:00 UTC.	2026-05-03
IPv4	194.42.205.100	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 194.42.205.100 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to mdms1 between 2026-05-02 22:56 and 2026-05-02 23:04 UTC.	2026-05-03
IPv4	107.173.41.67	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 107.173.41.67 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to mdms1 between 2026-05-02 22:56 and 2026-05-02 23:12 UTC.	2026-05-03
IPv4	65.60.61.159	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 65.60.61.159 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to db1lapetro between 2026-05-02 22:56 and 2026-05-02 23:03 UTC.	2026-05-03
IPv4	45.142.0.5	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. Attacker IP 45.142.0.5 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 4 times when connecting to db1lapetro between 2026-05-02 22:52 and 2026-05-02 23:07 UTC.	2026-05-03
IPv4	176.65.131.192	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 176.65.131.192 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to db4lamedtech between 2026-05-02 22:52 and 2026-05-02 22:54 UTC.	2026-05-03
IPv4	184.154.78.51	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, client:libssh. Attacker IP 184.154.78.51 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 4 times when connecting to mdms1 between 2026-05-02 22:47 and 2026-05-02 23:08 UTC.	2026-05-03
IPv4	198.20.127.163	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, client:libssh. Attacker IP 198.20.127.163 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 4 times when connecting to mdms1 between 2026-05-02 22:47 and 2026-05-02 23:10 UTC.	2026-05-03
IPv4	198.38.85.149	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 198.38.85.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-03
IPv4	201.217.246.40	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 201.217.246.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	193.226.77.175	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 193.226.77.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	114.33.44.32	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 114.33.44.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	193.43.159.166	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 193.43.159.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level4); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	148.135.49.242	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, client:libssh. 148.135.49.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-03
IPv4	183.212.240.107	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 183.212.240.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-03
IPv4	66.132.186.243	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.132.186.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	207.244.226.215	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 207.244.226.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	217.149.29.120	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 217.149.29.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	183.159.112.70	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 183.159.112.70 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-03
IPv4	98.80.4.77	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 98.80.4.77 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-03
IPv4	107.189.24.162	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 107.189.24.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	45.185.93.188	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported, abuseipdb:port-scan. 45.185.93.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-03
IPv4	181.199.164.154	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 181.199.164.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	173.236.16.74	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 173.236.16.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	170.84.70.231	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 170.84.70.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	125.120.204.91	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 125.120.204.91 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-03
IPv4	142.171.90.82	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 142.171.90.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-03
IPv4	207.148.77.87	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 207.148.77.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	111.228.9.229	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 111.228.9.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	45.88.0.252	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 45.88.0.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	65.60.61.228	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 65.60.61.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-03
IPv4	38.196.82.66	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 38.196.82.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	82.156.133.159	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 82.156.133.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	181.78.65.188	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 181.78.65.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	109.105.211.16	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 109.105.211.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	109.175.27.48	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 109.175.27.48 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 34 times when connecting to db4lamedtech between 2026-05-03 00:12 and 2026-05-03 00:39 UTC.	2026-05-03
IPv4	23.95.202.126	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 23.95.202.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-03
IPv4	82.208.160.112	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 82.208.160.112 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	34.76.192.78	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 34.76.192.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	167.249.32.109	Score: 77/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 167.249.32.109 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-05-03
IPv4	194.187.179.148	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	45.79.55.133	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 45.79.55.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	170.64.180.79	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 170.64.180.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	185.191.126.221	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 185.191.126.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	207.90.195.18	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 207.90.195.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	106.12.148.154	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 106.12.148.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	221.164.139.123	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 221.164.139.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	27.206.138.8	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 27.206.138.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	184.105.139.87	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 184.105.139.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	195.170.172.102	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:reported. Attacker IP 195.170.172.102 observed using TLS client fingerprint 'Unknown TLS Client (44944ceb6923)' 3 times when connecting to db1lapetro between 2026-05-03 01:16 and 2026-05-03 01:16 UTC.	2026-05-03
IPv4	181.234.2.36	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 181.234.2.36 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to db4lamedtech between 2026-05-03 00:58 and 2026-05-03 01:30 UTC.	2026-05-03
IPv4	181.97.227.163	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 181.97.227.163 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to db4lamedtech between 2026-05-03 00:12 and 2026-05-03 00:48 UTC.	2026-05-03
IPv4	103.4.234.236	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 103.4.234.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	58.19.143.91	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 58.19.143.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	116.178.131.61	Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 116.178.131.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	185.117.74.54	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 185.117.74.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	138.219.224.43	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 138.219.224.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	102.209.57.62	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 102.209.57.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	187.137.204.75	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 187.137.204.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	74.208.248.251	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 74.208.248.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	120.36.16.110	Score: 54/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 120.36.16.110 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	192.36.109.127	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. This IP (192.36.109.127) is likely a commodity attacker node associated with automated SSH brute-forcing via the Tanner tool, targeting healthcare sector honeypots. Observed activity includes low-sophistication credential guessing attacks using common username/password pairs, with limited impact confined to medtech systems. The actor leveraged...	2026-05-03
IPv4	58.212.237.190	Score: 67/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 58.212.237.190 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	105.196.14.202	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 105.196.14.202 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-03
IPv4	23.94.87.102	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 23.94.87.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-03
IPv4	50.109.39.150	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 50.109.39.150 observed using SSH client fingerprint 'Unknown SSH Client (c118de82e19e)' 3 times when connecting to db4lamedtech between 2026-05-03 02:37 and 2026-05-03 02:37 UTC.	2026-05-03
IPv4	74.87.117.149	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 74.87.117.149 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to db4lamedtech between 2026-05-03 01:19 and 2026-05-03 01:52 UTC.	2026-05-03
IPv4	46.101.113.85	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 46.101.113.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-03
IPv4	181.166.222.47	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 181.166.222.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	192.249.53.215	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 192.249.53.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	79.187.48.220	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 79.187.48.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	83.14.227.162	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 83.14.227.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	173.21.53.212	Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, commands:executed. 173.21.53.212 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	77.139.21.14	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 77.139.21.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	185.247.137.150	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	59.8.230.151	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 59.8.230.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	85.120.81.62	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 85.120.81.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	108.178.7.34	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 108.178.7.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	34.34.163.208	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 34.34.163.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-03
IPv4	180.95.238.111	Score: 90/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.95.238.111 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	135.125.236.201	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 135.125.236.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	160.119.76.48	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 160.119.76.48 observed using TLS client fingerprint 'Unknown TLS Client (9adadc86ac72)' 6 times when connecting to offbackup1 between 2026-05-03 03:19 and 2026-05-03 03:19 UTC.	2026-05-03
IPv4	139.59.70.177	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 139.59.70.177 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to db4lamedtech between 2026-05-03 03:04 and 2026-05-03 03:04 UTC.	2026-05-03
IPv4	103.157.96.22	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low. Attacker IP from Indonesia (AS55688, PT. Beon Intermedia). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 6 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery of 19 malware sa...	2026-05-03
IPv4	164.164.197.148	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from India (AS7633, Software Technology Parks of India - Bangalore). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 19 failed login attempts, 19 credential pairs tried across 7 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persi...	2026-05-03
IPv4	79.137.67.86	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 79.137.67.86 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level2).	2026-05-03
IPv4	46.151.150.196	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 46.151.150.196 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	72.255.19.176	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 72.255.19.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	212.64.204.243	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 212.64.204.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	200.54.228.34	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 200.54.228.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	178.208.239.41	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 178.208.239.41 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	84.54.71.30	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 84.54.71.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	44.220.185.171	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 44.220.185.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-05-03
IPv4	185.247.137.91	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	161.35.236.158	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 161.35.236.158 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-03
IPv4	138.36.29.219	Score: 63/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 138.36.29.219 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	112.46.212.61	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 112.46.212.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	46.101.226.179	Score: 54/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 46.101.226.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	137.184.201.203	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 137.184.201.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	138.97.162.61	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 138.97.162.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	91.208.184.122	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 91.208.184.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-03
IPv4	101.47.156.170	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 101.47.156.170 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to offbackup1 between 2026-05-03 03:36 and 2026-05-03 04:16 UTC.	2026-05-03
IPv4	213.230.92.224	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 213.230.92.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	81.162.239.149	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 81.162.239.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	117.251.207.149	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 117.251.207.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	159.203.136.205	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 159.203.136.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	191.179.94.211	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 191.179.94.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	47.165.119.210	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.165.119.210 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	4.245.191.186	Score: 62/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 4.245.191.186 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	159.223.0.197	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-03
IPv4	34.22.217.31	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 34.22.217.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-03
IPv4	23.234.112.161	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 23.234.112.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-03
IPv4	220.167.232.175	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 220.167.232.175 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-03
IPv4	122.96.28.13	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 122.96.28.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	112.213.34.40	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Sydney, Australia (AS133159, Mammoth Media Pty Ltd). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. duration: 9m 54s; 22 events.	2026-05-03
IPv4	203.198.100.131	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 203.198.100.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	159.203.141.2	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 159.203.141.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	34.52.208.139	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 34.52.208.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-03
IPv4	34.78.22.12	Score: 52/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 34.78.22.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-03
IPv4	172.236.117.71	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-03
IPv4	35.205.145.95	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-03
IPv4	34.34.160.10	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-03
IPv4	45.128.199.175	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 45.128.199.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, ftp-brute).	2026-05-03
IPv4	27.47.27.1	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 27.47.27.1 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	116.178.130.36	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.130.36 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-03
IPv4	212.102.44.92	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. IP observed in Suricata network metadata	2026-05-03
IPv4	43.165.65.117	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.165.65.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	116.255.208.101	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.255.208.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	213.230.87.125	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 213.230.87.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	177.54.146.223	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 177.54.146.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	101.50.2.44	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 101.50.2.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	223.129.6.71	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 223.129.6.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	107.175.136.139	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 107.175.136.139 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to db4lamedtech between 2026-05-03 05:38 and 2026-05-03 05:39 UTC.	2026-05-03
IPv4	46.37.66.201	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 46.37.66.201 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to db4lamedtech between 2026-05-03 05:16 and 2026-05-03 05:55 UTC.	2026-05-03
IPv4	209.97.174.161	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 209.97.174.161 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko...' 2 times when connecting to db1lapetro between 2026-05-03 05:16 and 2026-05-03 05:16 UTC.	2026-05-03
IPv4	38.252.213.30	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 38.252.213.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	217.216.91.60	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 217.216.91.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	91.208.184.96	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 91.208.184.96 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-03
IPv4	34.79.201.3	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 34.79.201.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	131.222.211.249	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 131.222.211.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	103.91.74.47	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 103.91.74.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	125.118.178.15	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 125.118.178.15 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	194.146.13.166	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 194.146.13.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	134.209.84.70	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 134.209.84.70 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-03
IPv4	35.205.98.220	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 35.205.98.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	47.83.253.203	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.83.253.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-03
IPv4	47.83.239.118	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.83.239.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-03
IPv4	18.97.5.35	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 18.97.5.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	173.19.19.38	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 173.19.19.38 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	93.15.254.46	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 93.15.254.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	87.236.176.128	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	102.211.234.171	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 102.211.234.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-03
IPv4	188.166.61.138	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 188.166.61.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-03
IPv4	37.238.165.84	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 37.238.165.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	34.77.14.16	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 34.77.14.16 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	34.77.140.220	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 34.77.140.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	181.121.53.244	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 181.121.53.244 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	115.196.172.203	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 115.196.172.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	34.22.189.163	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:web-attack. 34.22.189.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-03
IPv4	36.71.183.187	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 36.71.183.187 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to db4lamedtech between 2026-05-03 05:23 and 2026-05-03 06:03 UTC.	2026-05-03
IPv4	13.71.92.229	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 13.71.92.229 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 31 times when connecting to offbackup1 between 2026-05-03 05:36 and 2026-05-03 06:05 UTC.	2026-05-03
IPv4	178.251.107.14	Score: 73/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 178.251.107.14 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-03
IPv4	193.163.125.45	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.163.125.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	99.252.90.4	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 99.252.90.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	45.226.62.78	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 45.226.62.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	179.234.210.111	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 179.234.210.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	1.176.244.68	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 1.176.244.68 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	45.80.174.12	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 45.80.174.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	104.247.173.204	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 104.247.173.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	144.123.76.93	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 144.123.76.93 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	20.164.42.117	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 20.164.42.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	194.187.179.93	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	68.169.46.76	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 68.169.46.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	38.244.193.201	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 38.244.193.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	35.233.124.62	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 35.233.124.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	146.148.15.88	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 146.148.15.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, ftp-brute).	2026-05-03
IPv4	106.117.105.134	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.117.105.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	125.120.105.34	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 125.120.105.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	130.211.85.140	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Brussels, Belgium (AS396982, Google LLC). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 5 unique usernames, execution of 2 post-compromise commands, delivery of 1 malware sample. duration: 22s; 68 events.	2026-05-03
IPv4	66.96.195.132	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.96.195.132 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-03
IPv4	37.104.184.77	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 37.104.184.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	181.78.86.79	Score: 54/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 181.78.86.79 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-05-03
IPv4	85.28.47.237	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 85.28.47.237 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to mdms1 between 2026-05-03 07:22 and 2026-05-03 07:22 UTC.	2026-05-03
IPv4	180.76.146.159	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 180.76.146.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	45.59.70.199	Score: 62/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 45.59.70.199 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	195.178.110.223	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 195.178.110.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	139.135.43.81	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 139.135.43.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	62.60.234.140	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 62.60.234.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	84.54.70.1	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 84.54.70.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	148.66.133.188	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 148.66.133.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	125.34.171.202	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 125.34.171.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-03
IPv4	197.232.159.7	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 197.232.159.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	103.168.211.147	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 103.168.211.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	35.241.146.94	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 35.241.146.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	35.205.204.148	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 35.205.204.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	129.224.206.180	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 129.224.206.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	220.134.94.17	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 220.134.94.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	91.93.192.10	Score: 67/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 91.93.192.10 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	83.111.200.154	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 83.111.200.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	138.121.106.37	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 138.121.106.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	83.111.209.155	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 83.111.209.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	123.13.41.128	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 123.13.41.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-03
IPv4	188.247.59.226	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 188.247.59.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	110.36.31.244	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 110.36.31.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	86.46.33.160	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 86.46.33.160 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	159.224.180.238	Score: 62/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 159.224.180.238 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	109.248.231.212	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 109.248.231.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	147.45.212.171	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 147.45.212.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	137.184.143.71	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-03
IPv4	118.193.77.116	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-03
IPv4	20.44.177.173	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.44.177.173 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	185.226.196.20	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.226.196.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	183.155.60.203	Score: 64/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 183.155.60.203 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-03
IPv4	186.249.135.94	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 186.249.135.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	5.129.252.94	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 5.129.252.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	108.175.0.107	Score: 59/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 108.175.0.107 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	209.234.253.70	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 209.234.253.70 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	67.215.249.253	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 67.215.249.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	213.202.208.191	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 213.202.208.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	104.204.221.16	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 104.204.221.16 observed using TLS client fingerprint 'Unknown TLS Client (44944ceb6923)' 3 times when connecting to db4lamedtech between 2026-05-03 08:01 and 2026-05-03 08:01 UTC.	2026-05-03
IPv4	86.139.23.230	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 86.139.23.230 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 30 times when connecting to db4lamedtech between 2026-05-03 07:10 and 2026-05-03 07:54 UTC.	2026-05-03
IPv4	152.32.171.133	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 152.32.171.133 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 12 times when connecting to db4lamedtech between 2026-05-03 07:10 and 2026-05-03 07:46 UTC.	2026-05-03
IPv4	180.252.199.166	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 180.252.199.166 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 16 times when connecting to mdms1 between 2026-05-03 07:10 and 2026-05-03 08:01 UTC.	2026-05-03
IPv4	95.52.241.94	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 95.52.241.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	206.1.86.229	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 206.1.86.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	103.77.16.178	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 103.77.16.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	190.71.254.210	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 190.71.254.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	159.203.177.190	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 159.203.177.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-03
IPv4	188.165.215.213	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 188.165.215.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	85.184.61.2	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 85.184.61.2 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	162.14.109.170	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 162.14.109.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	34.78.233.205	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 34.78.233.205 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (2 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	20.43.1.132	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 20.43.1.132 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 151 times when connecting to db4lamedtech between 2026-05-03 09:29 and 2026-05-03 09:29 UTC.	2026-05-03
IPv4	186.96.151.198	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 186.96.151.198 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to offbackup1 between 2026-05-03 08:45 and 2026-05-03 09:17 UTC.	2026-05-03
IPv4	176.53.162.229	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 176.53.162.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	104.36.149.175	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 104.36.149.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	195.238.75.22	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 195.238.75.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	179.8.4.95	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 179.8.4.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	8.219.15.68	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 8.219.15.68 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-03
IPv4	105.188.30.248	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 105.188.30.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	178.128.240.104	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 178.128.240.104 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	61.241.176.142	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 61.241.176.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	177.32.32.113	Score: 52/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 177.32.32.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	168.144.97.151	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 168.144.97.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	109.94.209.94	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 109.94.209.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	23.249.28.115	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 23.249.28.115 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to offbackup1 between 2026-05-03 10:08 and 2026-05-03 10:36 UTC.	2026-05-03
IPv4	94.26.106.44	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 94.26.106.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	49.51.161.251	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 49.51.161.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	66.167.166.95	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.167.166.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	38.21.70.189	Score: 91/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 38.21.70.189 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	80.153.144.247	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 80.153.144.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	79.49.29.215	Score: 85/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 79.49.29.215 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, exploited-host, hacking).	2026-05-03
IPv4	2.197.125.226	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 2.197.125.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	149.28.148.58	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 149.28.148.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	102.223.47.171	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 102.223.47.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	177.221.182.133	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 177.221.182.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	47.237.216.174	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.237.216.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-03
IPv4	5.63.146.196	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 5.63.146.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	185.239.86.145	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.239.86.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	99.249.183.228	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 99.249.183.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	186.31.188.8	Score: 75/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 186.31.188.8 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	35.168.200.72	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 35.168.200.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	84.54.72.224	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 84.54.72.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	82.162.63.90	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 82.162.63.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	102.206.92.8	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 102.206.92.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	23.111.74.89	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 23.111.74.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	88.202.185.141	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 88.202.185.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	194.180.49.49	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 194.180.49.49 observed using HTTP client fingerprint 'HTTP Client: Go-http-client/1.1' 325 times when connecting to db1lapetro between 2026-05-03 11:38 and 2026-05-03 11:40 UTC.	2026-05-03
IPv4	5.161.101.51	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, client:libssh. Attacker IP 5.161.101.51 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to offbackup1 between 2026-05-03 11:14 and 2026-05-03 11:42 UTC.	2026-05-03
IPv4	107.150.109.193	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 107.150.109.193 observed using TLS client fingerprint 'Unknown TLS Client (e363f8ac4e65)' 3 times when connecting to db4lamedtech between 2026-05-03 11:26 and 2026-05-03 11:27 UTC.	2026-05-03
IPv4	212.193.4.223	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 212.193.4.223 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to mdms1 between 2026-05-03 10:48 and 2026-05-03 11:12 UTC.	2026-05-03
IPv4	193.163.125.185	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.163.125.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	113.161.249.72	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 113.161.249.72 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (20 commands), 4 malware samples. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	32.193.59.0	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 32.193.59.0 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	98.182.70.22	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 98.182.70.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	185.247.137.115	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	184.105.139.100	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 184.105.139.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	193.32.249.132	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 193.32.249.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	223.123.73.102	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 223.123.73.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	94.72.160.10	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 94.72.160.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	194.187.179.240	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	62.113.25.207	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 62.113.25.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-03
IPv4	206.189.84.228	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 206.189.84.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	154.12.24.196	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 154.12.24.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	172.173.121.85	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 172.173.121.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	143.198.41.24	Score: 52/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 143.198.41.24 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-03
IPv4	47.237.213.22	Score: 63/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.237.213.22 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-03
IPv4	35.197.231.67	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 35.197.231.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	116.178.128.163	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.128.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	157.230.211.197	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 157.230.211.197 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	117.134.199.19	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 117.134.199.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	178.18.251.89	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 178.18.251.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	141.98.11.57	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 141.98.11.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	38.49.169.59	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 38.49.169.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	190.83.85.163	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 190.83.85.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, moderate).	2026-05-03
IPv4	146.190.216.206	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 146.190.216.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-03
IPv4	106.222.218.55	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 106.222.218.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	107.181.228.82	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. 107.181.228.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-03
IPv4	115.220.151.111	Score: 61/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 115.220.151.111 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-05-03
IPv4	44.220.188.90	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 44.220.188.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	174.138.104.143	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 174.138.104.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	170.150.255.26	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 170.150.255.26 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	131.72.31.59	Score: 58/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 131.72.31.59 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	223.108.24.234	Score: 70/100. Labels: abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, cowrie. 223.108.24.234 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, high, multi-reported).	2026-05-03
IPv4	86.120.107.100	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 86.120.107.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	38.250.161.26	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 38.250.161.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	115.214.202.17	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 115.214.202.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	207.154.199.172	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 207.154.199.172 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-05-03
IPv4	85.208.21.212	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 85.208.21.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	128.254.146.236	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 128.254.146.236 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to mdms1 between 2026-05-03 12:12 and 2026-05-03 13:03 UTC.	2026-05-03
IPv4	112.46.212.122	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 112.46.212.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	103.75.71.17	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 103.75.71.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	187.133.44.99	Score: 72/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 187.133.44.99 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-03
IPv4	181.104.87.32	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 181.104.87.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	102.212.17.100	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 102.212.17.100 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	159.192.146.114	Score: 53/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 159.192.146.114 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	184.154.157.176	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 184.154.157.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	179.125.155.214	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 179.125.155.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	8.153.72.27	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 8.153.72.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	38.250.116.34	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 38.250.116.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	192.250.227.24	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, client:libssh. 192.250.227.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, low).	2026-05-03
IPv4	20.104.96.81	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 20.104.96.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	20.29.71.103	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 20.29.71.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	185.255.100.244	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 185.255.100.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	104.243.250.11	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 104.243.250.11 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-05-03
IPv4	66.167.169.172	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.167.169.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	200.54.47.12	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 200.54.47.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	8.229.205.72	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, fatt. Attacker IP 8.229.205.72 observed using TLS client fingerprint 'Unknown TLS Client (7465186b1421)' 2 times when connecting to offbackup1 between 2026-05-03 14:57 and 2026-05-03 14:57 UTC.	2026-05-03
IPv4	195.178.110.31	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 195.178.110.31 observed using TLS client fingerprint 'Unknown TLS Client (5af2ac29e141)' 2 times when connecting to db1lapetro between 2026-05-03 14:18 and 2026-05-03 14:18 UTC.	2026-05-03
IPv4	171.244.185.149	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 171.244.185.149 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 16 times when connecting to offbackup1 between 2026-05-03 13:13 and 2026-05-03 14:38 UTC.	2026-05-03
IPv4	122.241.188.101	Score: 67/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 122.241.188.101 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-03
IPv4	103.176.90.41	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 103.176.90.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	157.245.151.206	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:web-attack. 157.245.151.206 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-03
IPv4	68.183.75.179	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 68.183.75.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-03
IPv4	216.86.96.155	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 216.86.96.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	74.48.165.72	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 74.48.165.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	139.59.30.74	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 139.59.30.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	109.7.242.128	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 109.7.242.128 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	187.120.19.92	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 187.120.19.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	103.83.148.55	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 103.83.148.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	159.223.144.77	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 159.223.144.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, high).	2026-05-03
IPv4	185.241.149.172	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 185.241.149.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	42.225.202.11	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 42.225.202.11 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-05-03
IPv4	178.128.235.198	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 178.128.235.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	178.63.85.110	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 178.63.85.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	89.124.115.149	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 89.124.115.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	160.250.51.11	Score: 58/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 160.250.51.11 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	222.190.105.98	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.190.105.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	18.222.255.237	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 18.222.255.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	46.32.254.24	Score: 64/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 46.32.254.24 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	102.129.186.87	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 102.129.186.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	141.95.34.214	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 141.95.34.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	93.185.162.142	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 93.185.162.142 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, l...' 2 times when connecting to mdms1 between 2026-05-03 15:30 and 2026-05-03 15:30 UTC.	2026-05-03
IPv4	201.42.24.110	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 201.42.24.110 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 36 times when connecting to offbackup1 between 2026-05-03 14:58 and 2026-05-03 16:06 UTC.	2026-05-03
IPv4	31.57.216.33	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 31.57.216.33 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	38.117.74.138	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 38.117.74.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	211.226.243.108	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 211.226.243.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	185.247.137.16	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.247.137.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	124.117.192.22	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.117.192.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	36.24.34.228	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 36.24.34.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	209.90.232.26	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 209.90.232.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	148.113.221.114	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 148.113.221.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	200.73.209.17	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 200.73.209.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-03
IPv4	64.67.11.49	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 64.67.11.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	177.66.86.234	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 177.66.86.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	5.189.182.19	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 5.189.182.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	31.42.176.142	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 31.42.176.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	118.196.84.13	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 118.196.84.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	121.142.70.6	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 121.142.70.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	171.15.52.251	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 171.15.52.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	47.237.206.23	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.237.206.23 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	47.237.209.78	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.209.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	47.245.93.176	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.245.93.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-03
IPv4	182.99.110.38	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.99.110.38 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	46.62.239.90	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported. 46.62.239.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	5.189.132.21	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 5.189.132.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	147.135.212.200	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 147.135.212.200 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 24 times when connecting to mdms1 between 2026-05-03 16:29 and 2026-05-03 16:30 UTC.	2026-05-03
IPv4	198.20.104.207	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 198.20.104.207 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-03
IPv4	101.68.126.233	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 101.68.126.233 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	194.61.52.242	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 194.61.52.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	174.138.183.30	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 174.138.183.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	27.150.61.74	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.150.61.74 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-05-03
IPv4	184.154.95.137	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 184.154.95.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	47.237.210.224	Score: 63/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 47.237.210.224 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-03
IPv4	47.237.210.53	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.237.210.53 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-03
IPv4	47.237.208.196	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.237.208.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-03
IPv4	191.101.33.115	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 191.101.33.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	122.233.211.88	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 122.233.211.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	68.235.62.179	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 68.235.62.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	199.231.212.75	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 199.231.212.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	89.45.12.110	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 89.45.12.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	89.38.96.216	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 89.38.96.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-03
IPv4	179.246.198.26	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 179.246.198.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	37.27.96.153	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. 37.27.96.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-03
IPv4	221.10.21.25	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 221.10.21.25 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 2 times when connecting to offbackup1 between 2026-05-03 17:51 and 2026-05-03 17:52 UTC.	2026-05-03
IPv4	62.84.185.60	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. Attacker IP 62.84.185.60 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 3 times when connecting to db1lapetro between 2026-05-03 17:28 and 2026-05-03 17:28 UTC.	2026-05-03
IPv4	142.93.155.36	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 142.93.155.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	115.204.176.163	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 115.204.176.163 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	72.167.37.165	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 72.167.37.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	198.20.127.155	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 198.20.127.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	167.99.247.178	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 167.99.247.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-03
IPv4	201.217.246.157	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 201.217.246.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	23.94.92.98	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 23.94.92.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	38.96.178.220	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 38.96.178.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	72.167.51.251	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 72.167.51.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	125.73.32.153	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 125.73.32.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	45.180.225.158	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 45.180.225.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	69.114.148.160	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 69.114.148.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	94.130.17.197	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 94.130.17.197 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to offbackup1 between 2026-05-03 18:01 and 2026-05-03 18:22 UTC.	2026-05-03
IPv4	64.23.241.205	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 64.23.241.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	87.121.84.86	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.121.84.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	63.143.63.51	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 63.143.63.51 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	102.214.117.90	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 102.214.117.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	87.121.84.61	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 87.121.84.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	159.203.38.155	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 159.203.38.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	110.239.88.219	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Jakarta, Indonesia (AS136907, HUAWEI CLOUDS) [VPN/hosting provider]. Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 10 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron pers...	2026-05-03
IPv4	62.210.207.172	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:reported, abuseipdb:ssh. 62.210.207.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	176.190.211.186	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 176.190.211.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	206.135.171.139	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 206.135.171.139 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	220.184.214.195	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 220.184.214.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-03
IPv4	143.208.148.116	Score: 69/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 143.208.148.116 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-05-03
IPv4	47.237.208.90	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 47.237.208.90 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	178.76.207.98	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 178.76.207.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	85.208.96.204	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 85.208.96.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	51.81.85.130	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 51.81.85.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	212.68.146.38	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 212.68.146.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	49.0.237.214	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 49.0.237.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	52.165.198.204	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 52.165.198.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	35.247.23.49	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 35.247.23.49 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) Apple...' 7 times when connecting to mdms1 between 2026-05-03 19:44 and 2026-05-03 19:44 UTC.	2026-05-03
IPv4	185.213.174.62	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 185.213.174.62 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; GoogleOther; +https://developers.go...' 24 times when connecting to db1lapetro between 2026-05-03 19:37 and 2026-05-03 19:39 UTC.	2026-05-03
IPv4	177.54.62.68	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 177.54.62.68 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 31 times when connecting to db4lamedtech between 2026-05-03 19:07 and 2026-05-03 19:53 UTC.	2026-05-03
IPv4	210.13.84.84	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 210.13.84.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	95.217.88.101	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 95.217.88.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	170.254.10.212	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 170.254.10.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	143.244.163.41	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 143.244.163.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, high).	2026-05-03
IPv4	162.216.142.81	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 162.216.142.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	170.80.38.74	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 170.80.38.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	2.245.154.86	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 2.245.154.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	94.243.12.245	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 94.243.12.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	36.22.113.56	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 36.22.113.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	123.96.145.22	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 123.96.145.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	161.97.152.15	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 161.97.152.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	104.248.83.192	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 104.248.83.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-03
IPv4	38.22.175.222	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 38.22.175.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	66.167.169.151	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 66.167.169.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	14.1.107.9	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 14.1.107.9 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	91.219.62.94	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 91.219.62.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	76.170.207.28	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 76.170.207.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-03
IPv4	85.137.48.160	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 85.137.48.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-03
IPv4	177.10.224.4	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 177.10.224.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	45.116.140.78	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 45.116.140.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-03
IPv4	194.233.95.5	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 194.233.95.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	116.207.112.153	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 116.207.112.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	123.233.232.162	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.233.232.162 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	125.25.224.193	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 125.25.224.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	187.102.237.46	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 187.102.237.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	181.46.57.182	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 181.46.57.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	182.242.168.109	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	60.179.236.207	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 60.179.236.207 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	186.22.238.249	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 186.22.238.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	195.170.186.101	Score: 64/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 195.170.186.101 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	138.121.114.91	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 138.121.114.91 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-03
IPv4	138.0.44.190	Score: 54/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 138.0.44.190 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-03
IPv4	194.187.179.250	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	206.85.11.101	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 206.85.11.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-03
IPv4	190.89.31.28	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 190.89.31.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-03
IPv4	116.99.171.134	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 116.99.171.134 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 3 times when connecting to db4lamedtech between 2026-05-03 21:32 and 2026-05-03 21:40 UTC.	2026-05-03
IPv4	124.251.110.186	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 124.251.110.186 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 32 times when connecting to db4lamedtech between 2026-05-03 21:16 and 2026-05-03 21:37 UTC.	2026-05-03
IPv4	27.79.2.88	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 27.79.2.88 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 7 times when connecting to mdms1 between 2026-05-03 21:03 and 2026-05-03 21:30 UTC.	2026-05-03