[
  {
    "id": 4176863384,
    "indicator": "171.120.25.138",
    "type": "IPv4",
    "created": "2026-05-01T01:33:49",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:suspicious, sector:energy. 171.120.25.138 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T01:33:46",
    "is_active": 1
  },
  {
    "id": 4174152231,
    "indicator": "101.249.63.106",
    "type": "IPv4",
    "created": "2026-05-01T01:33:49",
    "content": "",
    "title": "",
    "description": "Score: 75/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:firehol_level4, firehol:listed, gti:malicious. 101.249.63.106 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level4).",
    "expiration": "2026-05-31T01:33:46",
    "is_active": 1
  },
  {
    "id": 4021582165,
    "indicator": "182.88.191.239",
    "type": "IPv4",
    "created": "2026-05-01T01:33:49",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, firehol:unlisted, gti:suspicious, sector:energy, shodan:enriched. 182.88.191.239 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean).",
    "expiration": "2026-05-31T01:33:46",
    "is_active": 1
  },
  {
    "id": 2885888995,
    "indicator": "110.177.179.127",
    "type": "IPv4",
    "created": "2026-05-01T01:33:49",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:suspicious, sector:healthcare. 110.177.179.127 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T01:33:46",
    "is_active": 1
  },
  {
    "id": 3634907752,
    "indicator": "80.94.250.83",
    "type": "IPv4",
    "created": "2026-05-01T01:33:49",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, firehol:unlisted, gti:exported, gti:suspicious, sector:healthcare. 80.94.250.83 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean).",
    "expiration": "2026-05-31T01:33:46",
    "is_active": 1
  },
  {
    "id": 4337146676,
    "indicator": "194.169.90.34",
    "type": "IPv4",
    "created": "2026-05-01T02:34:55",
    "content": "",
    "title": "",
    "description": "Score: 55/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 194.169.90.34 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T02:34:55",
    "is_active": 1
  },
  {
    "id": 4335470943,
    "indicator": "45.186.52.224",
    "type": "IPv4",
    "created": "2026-05-01T02:34:55",
    "content": "",
    "title": "",
    "description": "Score: 55/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 45.186.52.224 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T02:34:55",
    "is_active": 1
  },
  {
    "id": 4337146677,
    "indicator": "109.199.104.138",
    "type": "IPv4",
    "created": "2026-05-01T02:34:55",
    "content": "",
    "title": "",
    "description": "Score: 60/100. Labels: abuseipdb:clean, cowrie, firehol:unlisted, gti:exported, gti:suspicious, sector:energy. 109.199.104.138 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean).",
    "expiration": "2026-05-31T02:34:55",
    "is_active": 1
  },
  {
    "id": 4337146678,
    "indicator": "45.162.79.226",
    "type": "IPv4",
    "created": "2026-05-01T02:34:55",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 45.162.79.226 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T02:34:55",
    "is_active": 1
  },
  {
    "id": 3670026984,
    "indicator": "123.160.233.148",
    "type": "IPv4",
    "created": "2026-05-01T02:34:55",
    "content": "",
    "title": "",
    "description": "Score: 55/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 123.160.233.148 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T02:34:55",
    "is_active": 1
  },
  {
    "id": 4053255976,
    "indicator": "1.193.63.181",
    "type": "IPv4",
    "created": "2026-05-01T02:34:55",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, firehol:unlisted, gti:exported, gti:suspicious, sector:energy. 1.193.63.181 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean).",
    "expiration": "2026-05-31T02:34:55",
    "is_active": 1
  },
  {
    "id": 4029177875,
    "indicator": "124.66.72.42",
    "type": "IPv4",
    "created": "2026-05-01T02:34:55",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, firehol:unlisted, gti:exported, gti:suspicious, sector:healthcare. 124.66.72.42 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean).",
    "expiration": "2026-05-31T02:34:55",
    "is_active": 1
  },
  {
    "id": 4337146679,
    "indicator": "113.164.230.36",
    "type": "IPv4",
    "created": "2026-05-01T02:34:55",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 113.164.230.36 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T02:34:55",
    "is_active": 1
  },
  {
    "id": 4337009224,
    "indicator": "47.237.216.143",
    "type": "IPv4",
    "created": "2026-05-01T03:35:01",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:suspicious, sector:healthcare. 47.237.216.143 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T03:35:00",
    "is_active": 1
  },
  {
    "id": 4225362066,
    "indicator": "176.31.139.22",
    "type": "IPv4",
    "created": "2026-05-01T04:35:06",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:whitelisted, cowrie, firehol:unlisted, gti:exported, gti:suspicious, network:vpn. 176.31.139.22 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (whitelisted).",
    "expiration": "2026-05-31T04:35:04",
    "is_active": 1
  },
  {
    "id": 3288934588,
    "indicator": "205.169.39.208",
    "type": "IPv4",
    "created": "2026-05-01T04:35:06",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:whitelisted, cowrie, fatt, fingerprinting, firehol:unlisted, gti:exported. Attacker IP 205.169.39.208 observed using TLS client fingerprint 'Unknown TLS Client (d64ec57787f7)' 3 times when connecting to db1lapetro between 2026-05-01 03:22 and 2026-05-01 03:22 UTC.",
    "expiration": "2026-05-31T04:35:04",
    "is_active": 1
  },
  {
    "id": 3787066244,
    "indicator": "205.169.39.207",
    "type": "IPv4",
    "created": "2026-05-01T04:35:06",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:whitelisted, cowrie, fatt, fingerprinting, firehol:unlisted, gti:clean. Attacker IP 205.169.39.207 observed using TLS client fingerprint 'Unknown TLS Client (d64ec57787f7)' 3 times when connecting to db1lapetro between 2026-05-01 03:21 and 2026-05-01 03:21 UTC.",
    "expiration": "2026-05-31T04:35:04",
    "is_active": 1
  },
  {
    "id": 4337161097,
    "indicator": "47.236.251.202",
    "type": "IPv4",
    "created": "2026-05-01T04:35:06",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, fatt, fingerprinting, firehol:unlisted. Attacker IP 47.236.251.202 observed using TLS client fingerprint 'Unknown TLS Client (6b7366aa3f4b)' 2 times when connecting to db1lapetro between 2026-05-01 03:13 and 2026-05-01 03:13 UTC.",
    "expiration": "2026-05-31T04:35:04",
    "is_active": 1
  },
  {
    "id": 4337161098,
    "indicator": "43.98.161.96",
    "type": "IPv4",
    "created": "2026-05-01T04:35:06",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, fatt, fingerprinting, firehol:unlisted, gti:clean. Attacker IP 43.98.161.96 observed using TLS client fingerprint 'Unknown TLS Client (6b7366aa3f4b)' 2 times when connecting to db4lamedtech between 2026-05-01 03:10 and 2026-05-01 03:10 UTC.",
    "expiration": "2026-05-31T04:35:04",
    "is_active": 1
  },
  {
    "id": 4307258858,
    "indicator": "41.111.142.198",
    "type": "IPv4",
    "created": "2026-05-01T05:35:11",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, firehol:unlisted, gti:exported, gti:suspicious, sector:healthcare. 41.111.142.198 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean).",
    "expiration": "2026-05-31T05:35:10",
    "is_active": 1
  },
  {
    "id": 3948302580,
    "indicator": "217.23.1.5",
    "type": "IPv4",
    "created": "2026-05-01T05:35:11",
    "content": "",
    "title": "",
    "description": "Score: 95/100. Labels: abuseipdb:clean, cowrie, firehol:firehol_anonymous, firehol:firehol_proxies, firehol:listed, gti:exported. 217.23.1.5 classified as attacker with unclear intent (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T05:35:10",
    "is_active": 1
  },
  {
    "id": 4337171326,
    "indicator": "85.15.123.94",
    "type": "IPv4",
    "created": "2026-05-01T05:35:11",
    "content": "",
    "title": "",
    "description": "Score: 65/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:malicious. 85.15.123.94 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T05:35:10",
    "is_active": 1
  },
  {
    "id": 4337204626,
    "indicator": "137.184.59.230",
    "type": "IPv4",
    "created": "2026-05-01T06:35:17",
    "content": "",
    "title": "",
    "description": "Score: 55/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:suspicious, network:vpn. 137.184.59.230 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T06:35:16",
    "is_active": 1
  },
  {
    "id": 4337204627,
    "indicator": "64.235.40.106",
    "type": "IPv4",
    "created": "2026-05-01T06:35:17",
    "content": "",
    "title": "",
    "description": "Score: 55/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 64.235.40.106 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T06:35:16",
    "is_active": 1
  },
  {
    "id": 4176722448,
    "indicator": "123.14.122.71",
    "type": "IPv4",
    "created": "2026-05-01T06:35:17",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, firehol:unlisted, gti:exported, gti:suspicious, sector:healthcare. 123.14.122.71 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean).",
    "expiration": "2026-05-31T06:35:16",
    "is_active": 1
  },
  {
    "id": 4087088570,
    "indicator": "118.81.85.207",
    "type": "IPv4",
    "created": "2026-05-01T06:35:17",
    "content": "",
    "title": "",
    "description": "Score: 55/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 118.81.85.207 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T06:35:16",
    "is_active": 1
  },
  {
    "id": 4337216170,
    "indicator": "161.97.173.220",
    "type": "IPv4",
    "created": "2026-05-01T07:35:24",
    "content": "",
    "title": "",
    "description": "Score: 55/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 161.97.173.220 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T07:35:22",
    "is_active": 1
  },
  {
    "id": 2656222535,
    "indicator": "180.95.238.43",
    "type": "IPv4",
    "created": "2026-05-01T07:35:24",
    "content": "",
    "title": "",
    "description": "Score: 60/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 180.95.238.43 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T07:35:22",
    "is_active": 1
  },
  {
    "id": 432635329,
    "indicator": "123.163.114.133",
    "type": "IPv4",
    "created": "2026-05-01T07:35:24",
    "content": "",
    "title": "",
    "description": "Score: 55/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 123.163.114.133 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T07:35:22",
    "is_active": 1
  },
  {
    "id": 4337216171,
    "indicator": "103.139.59.224",
    "type": "IPv4",
    "created": "2026-05-01T07:35:24",
    "content": "",
    "title": "",
    "description": "Score: 55/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 103.139.59.224 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T07:35:22",
    "is_active": 1
  },
  {
    "id": 4337216172,
    "indicator": "31.186.175.50",
    "type": "IPv4",
    "created": "2026-05-01T07:35:24",
    "content": "",
    "title": "",
    "description": "Score: 55/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 31.186.175.50 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T07:35:22",
    "is_active": 1
  },
  {
    "id": 4337259302,
    "indicator": "119.18.62.198",
    "type": "IPv4",
    "created": "2026-05-01T08:35:29",
    "content": "",
    "title": "",
    "description": "Score: 55/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:suspicious, sector:healthcare. 119.18.62.198 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T08:35:28",
    "is_active": 1
  },
  {
    "id": 3474706348,
    "indicator": "45.225.92.92",
    "type": "IPv4",
    "created": "2026-05-01T08:35:29",
    "content": "",
    "title": "",
    "description": "Score: 65/100. Labels: abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported. 45.225.92.92 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, port-scan, reported).",
    "expiration": "2026-05-31T08:35:28",
    "is_active": 1
  },
  {
    "id": 4337259303,
    "indicator": "157.7.223.24",
    "type": "IPv4",
    "created": "2026-05-01T08:35:29",
    "content": "",
    "title": "",
    "description": "Score: 55/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 157.7.223.24 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T08:35:28",
    "is_active": 1
  },
  {
    "id": 3161204429,
    "indicator": "1.85.218.92",
    "type": "IPv4",
    "created": "2026-05-01T08:35:29",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 1.85.218.92 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T08:35:28",
    "is_active": 1
  },
  {
    "id": 4172753076,
    "indicator": "120.48.88.69",
    "type": "IPv4",
    "created": "2026-05-01T08:35:29",
    "content": "",
    "title": "",
    "description": "Score: 55/100. Labels: abuseipdb:clean, cowrie, firehol:unlisted, gti:exported, gti:suspicious, sector:healthcare. 120.48.88.69 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean).",
    "expiration": "2026-05-31T08:35:28",
    "is_active": 1
  },
  {
    "id": 4337259304,
    "indicator": "47.237.214.134",
    "type": "IPv4",
    "created": "2026-05-01T08:35:29",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported. 47.237.214.134 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, port-scan, reported).",
    "expiration": "2026-05-31T08:35:28",
    "is_active": 1
  },
  {
    "id": 3896685178,
    "indicator": "185.156.46.163",
    "type": "IPv4",
    "created": "2026-05-01T09:35:35",
    "content": "",
    "title": "",
    "description": "Score: 75/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:firehol_abusers_30d, firehol:listed, gti:suspicious. 185.156.46.163 classified as attacker with unclear intent (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T09:35:34",
    "is_active": 1
  },
  {
    "id": 4091650495,
    "indicator": "23.234.93.207",
    "type": "IPv4",
    "created": "2026-05-01T09:35:35",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:suspicious, sector:healthcare. 23.234.93.207 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T09:35:34",
    "is_active": 1
  },
  {
    "id": 4174029922,
    "indicator": "51.159.210.196",
    "type": "IPv4",
    "created": "2026-05-01T09:35:35",
    "content": "",
    "title": "",
    "description": "Score: 55/100. Labels: abuseipdb:clean, cowrie, firehol:unlisted, gti:exported, gti:suspicious, sector:energy. 51.159.210.196 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean).",
    "expiration": "2026-05-31T09:35:34",
    "is_active": 1
  },
  {
    "id": 4062001162,
    "indicator": "179.124.138.128",
    "type": "IPv4",
    "created": "2026-05-01T09:35:35",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 179.124.138.128 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T09:35:34",
    "is_active": 1
  },
  {
    "id": 4335671040,
    "indicator": "128.199.216.54",
    "type": "IPv4",
    "created": "2026-05-01T10:36:47",
    "content": "",
    "title": "",
    "description": "Score: 75/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 128.199.216.54 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T10:35:39",
    "is_active": 1
  },
  {
    "id": 4335671040,
    "indicator": "128.199.216.54",
    "type": "IPv4",
    "created": "2026-05-01T10:37:17",
    "content": "",
    "title": "",
    "description": "Score: 75/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 128.199.216.54 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T10:35:39",
    "is_active": 1
  },
  {
    "id": 4337232112,
    "indicator": "47.237.193.32",
    "type": "IPv4",
    "created": "2026-05-01T11:36:52",
    "content": "",
    "title": "",
    "description": "Score: 52/100. Labels: abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported. 47.237.193.32 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, port-scan, reported).",
    "expiration": "2026-05-31T11:36:51",
    "is_active": 1
  },
  {
    "id": 4167702668,
    "indicator": "91.92.243.76",
    "type": "IPv4",
    "created": "2026-05-01T11:36:52",
    "content": "",
    "title": "",
    "description": "Score: 79/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:firehol_level1, firehol:listed, firehol:spamhaus_drop. 91.92.243.76 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T11:36:51",
    "is_active": 1
  },
  {
    "id": 4072895802,
    "indicator": "159.203.169.213",
    "type": "IPv4",
    "created": "2026-05-01T13:37:03",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, abuseipdb:well-known, cowrie, fatt, fingerprinting. Attacker IP 159.203.169.213 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to db4lamedtech between 2026-05-01 12:32 and 2026-05-01 12:32 UTC.",
    "expiration": "2026-05-31T13:37:02",
    "is_active": 1
  },
  {
    "id": 4337421479,
    "indicator": "164.92.76.98",
    "type": "IPv4",
    "created": "2026-05-01T13:37:03",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, fatt, fingerprinting, firehol:unlisted. Attacker IP 164.92.76.98 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to mdms1 between 2026-05-01 12:35 and 2026-05-01 12:35 UTC.",
    "expiration": "2026-05-31T13:37:02",
    "is_active": 1
  },
  {
    "id": 4029178813,
    "indicator": "149.154.161.200",
    "type": "IPv4",
    "created": "2026-05-01T15:37:13",
    "content": "",
    "title": "",
    "description": "Score: 62/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:malicious. 149.154.161.200 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T15:37:12",
    "is_active": 1
  },
  {
    "id": 4007959508,
    "indicator": "43.225.189.144",
    "type": "IPv4",
    "created": "2026-05-01T16:37:19",
    "content": "",
    "title": "",
    "description": "Score: 66/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:malicious. 43.225.189.144 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T16:37:18",
    "is_active": 1
  },
  {
    "id": 4338653627,
    "indicator": "8.229.148.36",
    "type": "IPv4",
    "created": "2026-05-01T17:37:26",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, fatt, fingerprinting, firehol:unlisted. Attacker IP 8.229.148.36 observed using TLS client fingerprint 'Unknown TLS Client (7465186b1421)' 2 times when connecting to offbackup1 between 2026-05-01 16:52 and 2026-05-01 16:52 UTC.",
    "expiration": "2026-05-31T17:37:25",
    "is_active": 1
  },
  {
    "id": 4227249071,
    "indicator": "159.203.28.196",
    "type": "IPv4",
    "created": "2026-05-01T17:37:26",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, fatt, fingerprinting, firehol:unlisted. Attacker IP 159.203.28.196 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to db4lamedtech between 2026-05-01 16:38 and 2026-05-01 16:38 UTC.",
    "expiration": "2026-05-31T17:37:25",
    "is_active": 1
  },
  {
    "id": 3783457379,
    "indicator": "79.106.230.43",
    "type": "IPv4",
    "created": "2026-05-01T18:37:32",
    "content": "",
    "title": "",
    "description": "Score: 62/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:suspicious. 79.106.230.43 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T18:37:31",
    "is_active": 1
  },
  {
    "id": 4130444500,
    "indicator": "212.32.49.5",
    "type": "IPv4",
    "created": "2026-05-01T18:37:32",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, fatt, fingerprinting, firehol:unlisted, gti:suspicious. Attacker IP 212.32.49.5 observed using TLS client fingerprint 'Unknown TLS Client (58b434b96f2d)' 2 times when connecting to db1lapetro between 2026-05-01 18:22 and 2026-05-01 18:33 UTC.",
    "expiration": "2026-05-31T18:37:31",
    "is_active": 1
  },
  {
    "id": 4338667147,
    "indicator": "212.8.242.38",
    "type": "IPv4",
    "created": "2026-05-01T18:37:32",
    "content": "",
    "title": "",
    "description": "Score: 53/100. Labels: abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported. 212.8.242.38 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, port-scan, reported).",
    "expiration": "2026-05-31T18:37:31",
    "is_active": 1
  },
  {
    "id": 4338681103,
    "indicator": "45.156.87.202",
    "type": "IPv4",
    "created": "2026-05-01T20:37:44",
    "content": "",
    "title": "",
    "description": "Score: 64/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:firehol_level1, firehol:firehol_level3, firehol:listed. 45.156.87.202 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T20:37:42",
    "is_active": 1
  },
  {
    "id": 4184400389,
    "indicator": "46.151.182.131",
    "type": "IPv4",
    "created": "2026-05-01T20:37:44",
    "content": "",
    "title": "",
    "description": "Score: 73/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:firehol_level1, firehol:listed, firehol:spamhaus_drop. 46.151.182.131 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T20:37:42",
    "is_active": 1
  },
  {
    "id": 4338787937,
    "indicator": "138.197.33.109",
    "type": "IPv4",
    "created": "2026-05-01T21:37:53",
    "content": "",
    "title": "",
    "description": "Score: 51/100. Labels: abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported. 138.197.33.109 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, port-scan, reported).",
    "expiration": "2026-05-31T21:37:47",
    "is_active": 1
  },
  {
    "id": 4156073788,
    "indicator": "177.85.72.78",
    "type": "IPv4",
    "created": "2026-05-01T22:38:03",
    "content": "",
    "title": "",
    "description": "Score: 65/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported, gti:malicious. 177.85.72.78 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-05-31T22:37:58",
    "is_active": 1
  },
  {
    "id": 4338814886,
    "indicator": "166.62.124.255",
    "type": "IPv4",
    "created": "2026-05-01T23:38:16",
    "content": "",
    "title": "",
    "description": "Score: 53/100. Labels: abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted, gti:exported. 166.62.124.255 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, port-scan, reported).",
    "expiration": "2026-05-31T23:38:07",
    "is_active": 1
  },
  {
    "id": 4338973336,
    "indicator": "188.166.53.121",
    "type": "IPv4",
    "created": "2026-05-02T03:38:37",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, fatt, fingerprinting, firehol:unlisted, gti:clean. Attacker IP 188.166.53.121 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to db1lapetro between 2026-05-02 01:24 and 2026-05-02 01:24 UTC.",
    "expiration": "2026-06-01T03:38:35",
    "is_active": 1
  },
  {
    "id": 4338973337,
    "indicator": "102.88.54.96",
    "type": "IPv4",
    "created": "2026-05-02T03:38:37",
    "content": "",
    "title": "",
    "description": "Score: 85/100. Labels: abuseipdb:clean, abuseipdb:reported-export, cowrie, fatt, fingerprinting, firehol:unlisted. Attacker IP 102.88.54.96 observed using HTTP client fingerprint 'HTTP Client: python-requests/2.26.0' 2 times when connecting to db4lamedtech between 2026-05-02 01:04 and 2026-05-02 02:15 UTC.",
    "expiration": "2026-06-01T03:38:35",
    "is_active": 1
  },
  {
    "id": 4338976910,
    "indicator": "147.182.140.96",
    "type": "IPv4",
    "created": "2026-05-02T04:38:42",
    "content": "",
    "title": "",
    "description": "Score: 53/100. Labels: abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted, gti:suspicious. 147.182.140.96 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (low, port-scan, reported).",
    "expiration": "2026-06-01T04:38:41",
    "is_active": 1
  },
  {
    "id": 3428005024,
    "indicator": "49.36.233.49",
    "type": "IPv4",
    "created": "2026-05-02T04:38:42",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, firehol:unlisted, gti:clean, sector:healthcare, shodan:enriched. 49.36.233.49 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean).",
    "expiration": "2026-06-01T04:38:41",
    "is_active": 1
  },
  {
    "id": 4338979619,
    "indicator": "42.85.198.121",
    "type": "IPv4",
    "created": "2026-05-02T05:38:50",
    "content": "",
    "title": "",
    "description": "Score: 60/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:malicious, sector:healthcare. 42.85.198.121 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-06-01T05:38:49",
    "is_active": 1
  },
  {
    "id": 4338979620,
    "indicator": "216.26.242.95",
    "type": "IPv4",
    "created": "2026-05-02T05:38:50",
    "content": "",
    "title": "",
    "description": "Score: 85/100. Labels: abuseipdb:minimal, abuseipdb:reported, abuseipdb:reported-export, cowrie, fatt, fingerprinting. Attacker IP 216.26.242.95 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:136.0) Gecko/20...' 3 times when connecting to mdms1 between 2026-05-02 03:47 and 2026-05-02 03:47 UTC.",
    "expiration": "2026-06-01T05:38:49",
    "is_active": 1
  },
  {
    "id": 4112104898,
    "indicator": "93.190.138.100",
    "type": "IPv4",
    "created": "2026-05-02T06:38:56",
    "content": "",
    "title": "",
    "description": "Score: 84/100. Labels: abuseipdb:clean, cowrie, firehol:firehol_anonymous, firehol:firehol_proxies, firehol:listed, gti:suspicious. 93.190.138.100 classified as attacker with unclear intent (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (clean).",
    "expiration": "2026-06-01T06:38:54",
    "is_active": 1
  },
  {
    "id": 4339024645,
    "indicator": "47.236.98.85",
    "type": "IPv4",
    "created": "2026-05-02T06:38:56",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, fatt, fingerprinting, firehol:unlisted, gti:clean. Attacker IP 47.236.98.85 observed using TLS client fingerprint 'Unknown TLS Client (6b7366aa3f4b)' 2 times when connecting to db1lapetro between 2026-05-02 04:49 and 2026-05-02 04:49 UTC.",
    "expiration": "2026-06-01T06:38:54",
    "is_active": 1
  },
  {
    "id": 4339024646,
    "indicator": "8.219.106.47",
    "type": "IPv4",
    "created": "2026-05-02T06:38:56",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, fatt, fingerprinting, firehol:unlisted, gti:clean. Attacker IP 8.219.106.47 observed using TLS client fingerprint 'Unknown TLS Client (6b7366aa3f4b)' 2 times when connecting to db4lamedtech between 2026-05-02 04:48 and 2026-05-02 04:48 UTC.",
    "expiration": "2026-06-01T06:38:54",
    "is_active": 1
  },
  {
    "id": 4339024647,
    "indicator": "47.236.242.139",
    "type": "IPv4",
    "created": "2026-05-02T06:38:56",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, fatt, fingerprinting, firehol:unlisted, gti:clean. Attacker IP 47.236.242.139 observed using TLS client fingerprint 'Unknown TLS Client (6b7366aa3f4b)' 2 times when connecting to mdms1 between 2026-05-02 04:47 and 2026-05-02 04:47 UTC.",
    "expiration": "2026-06-01T06:38:54",
    "is_active": 1
  },
  {
    "id": 4169239672,
    "indicator": "101.249.62.18",
    "type": "IPv4",
    "created": "2026-05-02T09:39:12",
    "content": "",
    "title": "",
    "description": "Score: 65/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:firehol_level4, firehol:listed, gti:malicious. 101.249.62.18 classified as scanning infrastructure conducting network reconnaissance (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (minimal, reported).",
    "expiration": "2026-06-01T09:39:11",
    "is_active": 1
  },
  {
    "id": 4035803710,
    "indicator": "87.120.127.53",
    "type": "IPv4",
    "created": "2026-05-02T09:39:12",
    "content": "",
    "title": "",
    "description": "Score: 70/100. Labels: abuseipdb:clean, cowrie, firehol:unlisted, gti:clean, gti:known-c2, network-intel. 87.120.127.53 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean).",
    "expiration": "2026-06-01T09:39:11",
    "is_active": 1
  },
  {
    "id": 3632996476,
    "indicator": "45.134.142.213",
    "type": "IPv4",
    "created": "2026-05-02T10:39:17",
    "content": "",
    "title": "",
    "description": "Score: 53/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:firehol_abusers_30d, firehol:listed, gti:clean. 45.134.142.213 classified as attacker with unclear intent (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (minimal, reported).",
    "expiration": "2026-06-01T10:39:16",
    "is_active": 1
  },
  {
    "id": 4335399684,
    "indicator": "179.60.66.208",
    "type": "IPv4",
    "created": "2026-05-02T10:39:17",
    "content": "",
    "title": "",
    "description": "Score: 66/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:malicious, sector:energy. 179.60.66.208 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-06-01T10:39:16",
    "is_active": 1
  },
  {
    "id": 4339137038,
    "indicator": "146.70.196.172",
    "type": "IPv4",
    "created": "2026-05-02T14:39:38",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, fatt, fingerprinting, firehol:unlisted. Attacker IP 146.70.196.172 observed using TLS client fingerprint 'Unknown TLS Client (b3802c13664f)' 2 times when connecting to offbackup1 between 2026-05-02 12:42 and 2026-05-02 12:42 UTC.",
    "expiration": "2026-06-01T14:39:36",
    "is_active": 1
  },
  {
    "id": 4339114079,
    "indicator": "213.191.220.125",
    "type": "IPv4",
    "created": "2026-05-02T14:39:38",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, fatt, fingerprinting, firehol:unlisted. Attacker IP 213.191.220.125 observed using TLS client fingerprint 'Unknown TLS Client (e1cd52a33209)' 4 times when connecting to db4lamedtech between 2026-05-02 12:39 and 2026-05-02 13:16 UTC.",
    "expiration": "2026-06-01T14:39:36",
    "is_active": 1
  },
  {
    "id": 4161057394,
    "indicator": "37.237.225.197",
    "type": "IPv4",
    "created": "2026-05-02T15:39:44",
    "content": "",
    "title": "",
    "description": "Score: 52/100. Labels: abuseipdb:minimal, abuseipdb:multi-reported, abuseipdb:reported, cowrie, firehol:unlisted, gti:suspicious. 37.237.225.197 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, multi-reported, reported).",
    "expiration": "2026-06-01T15:39:42",
    "is_active": 1
  },
  {
    "id": 4340399859,
    "indicator": "34.207.98.172",
    "type": "IPv4",
    "created": "2026-05-02T17:39:54",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, fatt, fingerprinting, firehol:unlisted, gti:clean. Attacker IP 34.207.98.172 observed using TLS client fingerprint 'Unknown TLS Client (675b6d451c0b)' 2 times when connecting to mdms1 between 2026-05-02 16:05 and 2026-05-02 16:11 UTC.",
    "expiration": "2026-06-01T17:39:52",
    "is_active": 1
  },
  {
    "id": 4340399860,
    "indicator": "54.236.29.75",
    "type": "IPv4",
    "created": "2026-05-02T17:39:54",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, fatt, fingerprinting, firehol:unlisted, gti:clean. Attacker IP 54.236.29.75 observed using TLS client fingerprint 'Unknown TLS Client (675b6d451c0b)' 2 times when connecting to mdms1 between 2026-05-02 16:01 and 2026-05-02 16:18 UTC.",
    "expiration": "2026-06-01T17:39:52",
    "is_active": 1
  },
  {
    "id": 4340402508,
    "indicator": "107.152.36.33",
    "type": "IPv4",
    "created": "2026-05-02T18:40:00",
    "content": "",
    "title": "",
    "description": "Score: 70/100. Labels: abuseipdb:clean, cowrie, firehol:unlisted, gti:clean, network-intel, sector:government. IP observed in Suricata network metadata",
    "expiration": "2026-06-01T18:39:58",
    "is_active": 1
  },
  {
    "id": 4032983164,
    "indicator": "23.234.68.67",
    "type": "IPv4",
    "created": "2026-05-02T21:57:42",
    "content": "",
    "title": "",
    "description": "Score: 66/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:malicious, network-intel. IP observed in Suricata network metadata",
    "expiration": "2026-06-01T21:57:42",
    "is_active": 1
  },
  {
    "id": 3248592185,
    "indicator": "199.195.249.83",
    "type": "IPv4",
    "created": "2026-05-02T23:57:52",
    "content": "",
    "title": "",
    "description": "Score: 52/100. Labels: abuseipdb:clean, client:libssh, cowrie, firehol:unlisted, gti:dns:botnet-infra, gti:dns:dga-pattern. IP observed in Suricata network metadata",
    "expiration": "2026-06-01T23:57:51",
    "is_active": 1
  },
  {
    "id": 4340522831,
    "indicator": "176.123.1.116",
    "type": "IPv4",
    "created": "2026-05-02T23:57:52",
    "content": "",
    "title": "",
    "description": "Score: 67/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, firehol:unlisted, gti:malicious. IP observed in Suricata network metadata",
    "expiration": "2026-06-01T23:57:51",
    "is_active": 1
  },
  {
    "id": 4340522832,
    "indicator": "103.246.250.145",
    "type": "IPv4",
    "created": "2026-05-02T23:57:52",
    "content": "",
    "title": "",
    "description": "Score: 51/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, firehol:unlisted, gti:suspicious. IP observed in Suricata network metadata",
    "expiration": "2026-06-01T23:57:51",
    "is_active": 1
  },
  {
    "id": 4340522833,
    "indicator": "51.254.17.136",
    "type": "IPv4",
    "created": "2026-05-02T23:57:52",
    "content": "",
    "title": "",
    "description": "Score: 56/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, firehol:unlisted, gti:suspicious. IP observed in Suricata network metadata",
    "expiration": "2026-06-01T23:57:51",
    "is_active": 1
  },
  {
    "id": 3466319002,
    "indicator": "91.208.184.242",
    "type": "IPv4",
    "created": "2026-05-02T23:57:52",
    "content": "",
    "title": "",
    "description": "Score: 58/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, firehol:unlisted, gti:suspicious. IP observed in Suricata network metadata",
    "expiration": "2026-06-01T23:57:51",
    "is_active": 1
  },
  {
    "id": 4340522834,
    "indicator": "51.68.126.146",
    "type": "IPv4",
    "created": "2026-05-02T23:57:52",
    "content": "",
    "title": "",
    "description": "Score: 57/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, firehol:unlisted, gti:suspicious. IP observed in Suricata network metadata",
    "expiration": "2026-06-01T23:57:51",
    "is_active": 1
  },
  {
    "id": 3566129221,
    "indicator": "185.134.49.179",
    "type": "IPv4",
    "created": "2026-05-02T23:57:52",
    "content": "",
    "title": "",
    "description": "Score: 76/100. Labels: abuseipdb:clean, client:libssh, cowrie, firehol:firehol_anonymous, firehol:firehol_level1, firehol:firehol_proxies. 185.134.49.179 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level1); AbuseIPDB (clean).",
    "expiration": "2026-06-01T23:57:51",
    "is_active": 1
  },
  {
    "id": 4338975979,
    "indicator": "159.203.25.138",
    "type": "IPv4",
    "created": "2026-05-02T23:57:52",
    "content": "",
    "title": "",
    "description": "Score: 57/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, firehol:unlisted, gti:dns:dga-pattern. 159.203.25.138 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-06-01T23:57:51",
    "is_active": 1
  },
  {
    "id": 4294924683,
    "indicator": "89.163.145.38",
    "type": "IPv4",
    "created": "2026-05-02T23:57:52",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, firehol:unlisted, gti:suspicious. 89.163.145.38 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-06-01T23:57:51",
    "is_active": 1
  },
  {
    "id": 4340522835,
    "indicator": "15.204.229.113",
    "type": "IPv4",
    "created": "2026-05-02T23:57:52",
    "content": "",
    "title": "",
    "description": "Score: 56/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, firehol:unlisted, gti:suspicious. 15.204.229.113 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-06-01T23:57:51",
    "is_active": 1
  },
  {
    "id": 4340522836,
    "indicator": "39.49.148.31",
    "type": "IPv4",
    "created": "2026-05-02T23:57:52",
    "content": "",
    "title": "",
    "description": "Score: 60/100. Labels: abuseipdb:minimal, abuseipdb:reported, auth:failed, commands:executed, cowrie, firehol:unlisted. Attacker IP from Lahore, Pakistan (AS17557, Pakistan Telecommunication Company Limited). Observed targeting healthcare sector honeypot mdms-hp-01 via cowrie. Session included delivery of 1 malware sample. 2 events.",
    "expiration": "2026-06-01T23:57:51",
    "is_active": 1
  },
  {
    "id": 4340582290,
    "indicator": "185.134.49.60",
    "type": "IPv4",
    "created": "2026-05-03T00:57:59",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, client:libssh, cowrie, fatt, fingerprinting, firehol:firehol_level1. Attacker IP 185.134.49.60 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to mdms1 between 2026-05-02 23:10 and 2026-05-02 23:15 UTC.",
    "expiration": "2026-06-02T00:57:56",
    "is_active": 1
  },
  {
    "id": 3648459945,
    "indicator": "162.144.84.221",
    "type": "IPv4",
    "created": "2026-05-03T00:57:59",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, fatt, fingerprinting. Attacker IP 162.144.84.221 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to mdms1 between 2026-05-02 23:10 and 2026-05-02 23:15 UTC.",
    "expiration": "2026-06-02T00:57:56",
    "is_active": 1
  },
  {
    "id": 4340582291,
    "indicator": "154.12.225.236",
    "type": "IPv4",
    "created": "2026-05-03T00:57:59",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, client:libssh, cowrie, fatt, fingerprinting, firehol:unlisted. Attacker IP 154.12.225.236 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to db4lamedtech between 2026-05-02 23:08 and 2026-05-02 23:17 UTC.",
    "expiration": "2026-06-02T00:57:56",
    "is_active": 1
  },
  {
    "id": 4340582292,
    "indicator": "83.220.173.216",
    "type": "IPv4",
    "created": "2026-05-03T00:57:59",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, fatt, fingerprinting. Attacker IP 83.220.173.216 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to db1lapetro between 2026-05-02 23:05 and 2026-05-02 23:25 UTC.",
    "expiration": "2026-06-02T00:57:56",
    "is_active": 1
  },
  {
    "id": 4340582293,
    "indicator": "31.42.189.159",
    "type": "IPv4",
    "created": "2026-05-03T00:57:59",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, fatt, fingerprinting. Attacker IP 31.42.189.159 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to db1lapetro between 2026-05-02 23:04 and 2026-05-02 23:15 UTC.",
    "expiration": "2026-06-02T00:57:56",
    "is_active": 1
  },
  {
    "id": 4340582294,
    "indicator": "69.175.92.21",
    "type": "IPv4",
    "created": "2026-05-03T00:57:59",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, fatt, fingerprinting. Attacker IP 69.175.92.21 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to db1lapetro between 2026-05-02 23:04 and 2026-05-02 23:09 UTC.",
    "expiration": "2026-06-02T00:57:56",
    "is_active": 1
  },
  {
    "id": 4340582295,
    "indicator": "209.126.2.70",
    "type": "IPv4",
    "created": "2026-05-03T00:57:59",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, fatt, fingerprinting. Attacker IP 209.126.2.70 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to mdms1 between 2026-05-02 23:08 and 2026-05-02 23:13 UTC.",
    "expiration": "2026-06-02T00:57:56",
    "is_active": 1
  },
  {
    "id": 4340582296,
    "indicator": "37.27.7.160",
    "type": "IPv4",
    "created": "2026-05-03T00:57:59",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, fatt, fingerprinting. Attacker IP 37.27.7.160 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to db1lapetro between 2026-05-02 23:10 and 2026-05-02 23:14 UTC.",
    "expiration": "2026-06-02T00:57:56",
    "is_active": 1
  },
  {
    "id": 4340582297,
    "indicator": "99.192.162.179",
    "type": "IPv4",
    "created": "2026-05-03T00:57:59",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, fatt, fingerprinting. Attacker IP 99.192.162.179 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to db1lapetro between 2026-05-02 22:59 and 2026-05-02 23:03 UTC.",
    "expiration": "2026-06-02T00:57:56",
    "is_active": 1
  },
  {
    "id": 4340582298,
    "indicator": "23.133.64.107",
    "type": "IPv4",
    "created": "2026-05-03T00:57:59",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, fatt, fingerprinting. Attacker IP 23.133.64.107 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to db1lapetro between 2026-05-02 22:59 and 2026-05-02 23:11 UTC.",
    "expiration": "2026-06-02T00:57:56",
    "is_active": 1
  },
  {
    "id": 4340582299,
    "indicator": "198.20.127.158",
    "type": "IPv4",
    "created": "2026-05-03T00:57:59",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, fatt, fingerprinting. Attacker IP 198.20.127.158 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to mdms1 between 2026-05-02 22:58 and 2026-05-02 23:02 UTC.",
    "expiration": "2026-06-02T00:57:56",
    "is_active": 1
  },
  {
    "id": 4340582300,
    "indicator": "185.134.49.2",
    "type": "IPv4",
    "created": "2026-05-03T00:57:59",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, client:libssh, cowrie, fatt, fingerprinting, firehol:firehol_level1. Attacker IP 185.134.49.2 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to db1lapetro between 2026-05-02 22:58 and 2026-05-02 23:01 UTC.",
    "expiration": "2026-06-02T00:57:56",
    "is_active": 1
  },
  {
    "id": 4340582301,
    "indicator": "78.111.67.246",
    "type": "IPv4",
    "created": "2026-05-03T00:57:59",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, client:libssh, cowrie, fatt, fingerprinting, firehol:unlisted. Attacker IP 78.111.67.246 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to mdms1 between 2026-05-02 22:58 and 2026-05-02 23:01 UTC.",
    "expiration": "2026-06-02T00:57:56",
    "is_active": 1
  },
  {
    "id": 20071698,
    "indicator": "198.98.60.130",
    "type": "IPv4",
    "created": "2026-05-03T00:57:59",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, client:libssh, cowrie, fatt, fingerprinting, firehol:unlisted. Attacker IP 198.98.60.130 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to mdms1 between 2026-05-02 22:55 and 2026-05-02 23:02 UTC.",
    "expiration": "2026-06-02T00:57:56",
    "is_active": 1
  },
  {
    "id": 4340582302,
    "indicator": "45.43.45.254",
    "type": "IPv4",
    "created": "2026-05-03T00:57:59",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, fatt, fingerprinting. Attacker IP 45.43.45.254 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to mdms1 between 2026-05-02 22:57 and 2026-05-02 23:04 UTC.",
    "expiration": "2026-06-02T00:57:56",
    "is_active": 1
  },
  {
    "id": 4339083055,
    "indicator": "23.94.23.226",
    "type": "IPv4",
    "created": "2026-05-03T00:57:59",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, client:libssh, cowrie, fatt, fingerprinting. Attacker IP 23.94.23.226 observed using SSH client fingerprint 'Unknown SSH Client (14b2ddda386a)' 2 times when connecting to db4lamedtech between 2026-05-02 22:50 and 2026-05-02 22:56 UTC.",
    "expiration": "2026-06-02T00:57:56",
    "is_active": 1
  },
  {
    "id": 4340587192,
    "indicator": "47.237.125.164",
    "type": "IPv4",
    "created": "2026-05-03T02:58:12",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, fatt, fingerprinting, firehol:unlisted, gti:suspicious. Attacker IP 47.237.125.164 observed using TLS client fingerprint 'Unknown TLS Client (6b7366aa3f4b)' 2 times when connecting to db1lapetro between 2026-05-03 01:45 and 2026-05-03 01:46 UTC.",
    "expiration": "2026-06-02T02:58:10",
    "is_active": 1
  },
  {
    "id": 4340587193,
    "indicator": "47.236.96.228",
    "type": "IPv4",
    "created": "2026-05-03T02:58:12",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, fatt, fingerprinting, firehol:unlisted, gti:clean. Attacker IP 47.236.96.228 observed using TLS client fingerprint 'Unknown TLS Client (6b7366aa3f4b)' 2 times when connecting to db4lamedtech between 2026-05-03 01:44 and 2026-05-03 01:44 UTC.",
    "expiration": "2026-06-02T02:58:10",
    "is_active": 1
  },
  {
    "id": 4340587194,
    "indicator": "8.219.207.42",
    "type": "IPv4",
    "created": "2026-05-03T02:58:12",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:clean, cowrie, fatt, fingerprinting, firehol:unlisted, gti:clean. Attacker IP 8.219.207.42 observed using TLS client fingerprint 'Unknown TLS Client (6b7366aa3f4b)' 2 times when connecting to mdms1 between 2026-05-03 01:44 and 2026-05-03 01:44 UTC.",
    "expiration": "2026-06-02T02:58:10",
    "is_active": 1
  },
  {
    "id": 4340587195,
    "indicator": "138.197.177.173",
    "type": "IPv4",
    "created": "2026-05-03T02:58:12",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, fatt, fingerprinting, firehol:unlisted. Attacker IP 138.197.177.173 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to db1lapetro between 2026-05-03 01:10 and 2026-05-03 01:10 UTC.",
    "expiration": "2026-06-02T02:58:10",
    "is_active": 1
  },
  {
    "id": 4340667394,
    "indicator": "216.26.243.173",
    "type": "IPv4",
    "created": "2026-05-03T06:59:04",
    "content": "",
    "title": "",
    "description": "Score: 68/100. Labels: abuseipdb:clean, cowrie, firehol:firehol_level1, firehol:listed, firehol:spamhaus_drop, gti:suspicious. 216.26.243.173 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (clean).",
    "expiration": "2026-06-02T06:58:33",
    "is_active": 1
  },
  {
    "id": 4059993163,
    "indicator": "68.168.222.65",
    "type": "IPv4",
    "created": "2026-05-03T06:59:04",
    "content": "",
    "title": "",
    "description": "Score: 85/100. Labels: abuseipdb:clean, cowrie, fatt, fingerprinting, firehol:unlisted, gti:clean. Attacker IP 68.168.222.65 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, l...' 4 times when connecting to db4lamedtech between 2026-05-03 05:32 and 2026-05-03 05:32 UTC.",
    "expiration": "2026-06-02T06:58:33",
    "is_active": 1
  },
  {
    "id": 4340709780,
    "indicator": "186.71.196.147",
    "type": "IPv4",
    "created": "2026-05-03T07:59:09",
    "content": "",
    "title": "",
    "description": "Score: 56/100. Labels: abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 186.71.196.147 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (iot-targeted, moderate, port-scan).",
    "expiration": "2026-06-02T07:59:08",
    "is_active": 1
  },
  {
    "id": 3361493470,
    "indicator": "64.227.165.137",
    "type": "IPv4",
    "created": "2026-05-03T08:59:14",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, fatt, fingerprinting, firehol:unlisted. Attacker IP 64.227.165.137 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to mdms1 between 2026-05-03 07:33 and 2026-05-03 07:33 UTC.",
    "expiration": "2026-06-02T08:59:13",
    "is_active": 1
  },
  {
    "id": 4340732038,
    "indicator": "64.226.124.169",
    "type": "IPv4",
    "created": "2026-05-03T08:59:14",
    "content": "",
    "title": "",
    "description": "Score: 60/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, fatt, fingerprinting, firehol:unlisted. Attacker IP 64.226.124.169 observed using TLS client fingerprint 'Unknown TLS Client (b213b642d5cb)' 21 times when connecting to db1lapetro between 2026-05-03 07:26 and 2026-05-03 07:27 UTC.",
    "expiration": "2026-06-02T08:59:13",
    "is_active": 1
  },
  {
    "id": 3579441344,
    "indicator": "177.105.246.51",
    "type": "IPv4",
    "created": "2026-05-03T09:59:20",
    "content": "",
    "title": "",
    "description": "Score: 60/100. Labels: abuseipdb:clean, cowrie, firehol:unlisted, gti:suspicious, sector:healthcare, shodan:enriched. 177.105.246.51 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean).",
    "expiration": "2026-06-02T09:59:19",
    "is_active": 1
  },
  {
    "id": 3573958509,
    "indicator": "157.245.216.203",
    "type": "IPv4",
    "created": "2026-05-03T10:59:26",
    "content": "",
    "title": "",
    "description": "Score: 66/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:firehol_anonymous, firehol:firehol_proxies, firehol:listed. 157.245.216.203 classified as attacker with unclear intent (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (minimal, reported).",
    "expiration": "2026-06-02T10:59:24",
    "is_active": 1
  },
  {
    "id": 4340776948,
    "indicator": "94.26.106.19",
    "type": "IPv4",
    "created": "2026-05-03T11:59:38",
    "content": "",
    "title": "",
    "description": "Score: 70/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:firehol_level1, firehol:listed, firehol:spamhaus_drop. 94.26.106.19 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (minimal, reported).",
    "expiration": "2026-06-02T11:59:29",
    "is_active": 1
  },
  {
    "id": 4340778663,
    "indicator": "167.71.239.248",
    "type": "IPv4",
    "created": "2026-05-03T12:59:45",
    "content": "",
    "title": "",
    "description": "Score: 80/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:unlisted, gti:suspicious, network:vpn. 167.71.239.248 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).",
    "expiration": "2026-06-02T12:59:43",
    "is_active": 1
  },
  {
    "id": 4046830530,
    "indicator": "167.99.54.21",
    "type": "IPv4",
    "created": "2026-05-03T14:00:32",
    "content": "",
    "title": "",
    "description": "Score: 57/100. Labels: abuseipdb:minimal, abuseipdb:reported, abuseipdb:widely-reported, cowrie, firehol:unlisted, gti:suspicious. 167.99.54.21 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported, widely-reported).",
    "expiration": "2026-06-02T13:59:50",
    "is_active": 1
  },
  {
    "id": 4105735738,
    "indicator": "64.225.72.98",
    "type": "IPv4",
    "created": "2026-05-03T16:00:41",
    "content": "",
    "title": "",
    "description": "Score: 51/100. Labels: abuseipdb:clean, cowrie, firehol:firehol_anonymous, firehol:firehol_level4, firehol:firehol_proxies, firehol:listed. 64.225.72.98 classified as scanning infrastructure conducting network reconnaissance (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level4); AbuseIPDB (clean).",
    "expiration": "2026-06-02T16:00:40",
    "is_active": 1
  },
  {
    "id": 4222191573,
    "indicator": "125.26.230.133",
    "type": "IPv4",
    "created": "2026-05-03T18:00:52",
    "content": "",
    "title": "",
    "description": "Score: 61/100. Labels: abuseipdb:clean, cowrie, firehol:unlisted, gti:malicious, sector:healthcare, shodan:enriched. 125.26.230.133 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean).",
    "expiration": "2026-06-02T18:00:50",
    "is_active": 1
  },
  {
    "id": 4342066883,
    "indicator": "3.125.212.24",
    "type": "IPv4",
    "created": "2026-05-03T20:01:03",
    "content": "",
    "title": "",
    "description": "Score: 90/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, fatt, fingerprinting, firehol:unlisted. Attacker IP 3.125.212.24 observed using HTTP client fingerprint 'HTTP Client: python-requests/2.32.5' 6 times when connecting to db1lapetro between 2026-05-03 18:18 and 2026-05-03 18:54 UTC.",
    "expiration": "2026-06-02T20:01:02",
    "is_active": 1
  },
  {
    "id": 4043365964,
    "indicator": "192.141.14.162",
    "type": "IPv4",
    "created": "2026-05-03T21:01:10",
    "content": "",
    "title": "",
    "description": "Score: 63/100. Labels: abuseipdb:clean, cowrie, firehol:unlisted, gti:suspicious, sector:healthcare, shodan:enriched. 192.141.14.162 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean).",
    "expiration": "2026-06-02T21:01:07",
    "is_active": 1
  },
  {
    "id": 4342126231,
    "indicator": "178.33.33.135",
    "type": "IPv4",
    "created": "2026-05-03T22:01:45",
    "content": "",
    "title": "",
    "description": "Score: 70/100. Labels: abuseipdb:clean, cowrie, firehol:unlisted, gti:clean, network-intel, network:vpn. IP observed in Suricata network metadata",
    "expiration": "2026-06-02T22:01:41",
    "is_active": 1
  },
  {
    "id": 4190695780,
    "indicator": "138.68.82.87",
    "type": "IPv4",
    "created": "2026-05-03T22:01:45",
    "content": "",
    "title": "",
    "description": "Score: 66/100. Labels: abuseipdb:minimal, abuseipdb:multi-reported, abuseipdb:reported, cowrie, firehol:unlisted, gti:malicious. 138.68.82.87 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, multi-reported, reported).",
    "expiration": "2026-06-02T22:01:41",
    "is_active": 1
  },
  {
    "id": 4342168691,
    "indicator": "17.22.253.7",
    "type": "IPv4",
    "created": "2026-05-03T23:01:57",
    "content": "",
    "title": "",
    "description": "Score: 85/100. Labels: abuseipdb:whitelisted, cowrie, fatt, fingerprinting, firehol:unlisted, gti:clean. Attacker IP 17.22.253.7 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/...' 2 times when connecting to mdms1 between 2026-05-03 21:57 and 2026-05-03 21:57 UTC.",
    "expiration": "2026-06-02T23:01:50",
    "is_active": 1
  },
  {
    "id": 4342168692,
    "indicator": "104.236.50.250",
    "type": "IPv4",
    "created": "2026-05-03T23:01:57",
    "content": "",
    "title": "",
    "description": "Score: 50/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, fatt, fingerprinting, firehol:unlisted. Attacker IP 104.236.50.250 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to offbackup1 between 2026-05-03 21:41 and 2026-05-03 21:41 UTC.",
    "expiration": "2026-06-02T23:01:50",
    "is_active": 1
  }
]