Pulse Detail — Threat Intelligence

PULSE NAME

TSEC Honeypot: Exploit Attempt - Week of 2026-05-25

WHITE ladarrellmiller 2026-05-25 Modified: 2026-05-30

2427

IOCs

HIGH VOLUME

Honeypot-observed exploit attempt activity for the week of 2026-05-25. Contains 11 indicators (11 IPv4). Data sourced from TSEC T-Pot honeypot network.

Indicators of Compromise (2427)

All IPv4

TYPE	INDICATOR	DESCRIPTION	CREATED
IPv4	191.101.33.225	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 191.101.33.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	194.36.124.127	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-25
IPv4	159.195.61.130	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-25
IPv4	147.15.15.226	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	159.223.159.88	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.223.159.88 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	43.159.142.163	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack, auth:failed. Attacker IP from Santa Clara, United States (AS132203, Tencent Building, Kejizhongyi Avenue). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 1s; 5 events.	2026-05-25
IPv4	163.44.117.135	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Japan (AS58791, GMO Internet Group, Inc.). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 2s; 5 events.	2026-05-25
IPv4	162.241.177.22	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	5.181.124.17	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from City of London, United Kingdom (AS42831, UK Dedicated Servers Limited) [VPN/hosting provider]. Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 7s; ...	2026-05-25
IPv4	3.144.17.10	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	122.233.149.157	Score: 52/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 122.233.149.157 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	20.100.172.37	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.100.172.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	198.1.93.192	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 198.1.93.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.144.117.12	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 162.144.117.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	51.81.66.171	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 51.81.66.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.241.239.106	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.241.239.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	52.0.45.88	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 52.0.45.88 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-25
IPv4	14.103.114.137	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 14.103.114.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	50.116.99.210	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 50.116.99.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	142.4.19.140	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 142.4.19.140 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	202.5.200.3	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 202.5.200.3 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	46.151.182.73	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 46.151.182.73 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	64.227.165.27	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 64.227.165.27 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	223.123.38.120	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 223.123.38.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	172.214.5.176	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 172.214.5.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-25
IPv4	50.116.103.243	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 50.116.103.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.144.104.125	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.144.104.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	216.104.38.221	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 216.104.38.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.241.50.50	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.241.50.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	54.39.52.141	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 54.39.52.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	45.12.1.49	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 45.12.1.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 command sessions (15 commands). Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	162.241.181.136	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	14.103.95.175	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 14.103.95.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	58.243.47.150	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. P0f: OS: Linux 3.11 and newer, link: generic tunnel or VPN, dist: 24, uptime: 28 days 2 hrs 34 min (modulo 49 days) (last seen 2026-05-25T04:58:47.000Z)	2026-05-25
IPv4	103.36.221.95	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. P0f: OS: Linux 3.11 and newer, link: Ethernet or modem, dist: 20, uptime: 5 days 19 hrs 56 min (modulo 49 days) (last seen 2026-05-25T04:56:21.000Z)	2026-05-25
IPv4	62.171.179.111	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 62.171.179.111 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-05-25
IPv4	84.239.42.8	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 84.239.42.8 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, ddos, ftp-brute).	2026-05-25
IPv4	5.254.85.193	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 5.254.85.193 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	34.76.87.197	Score: 52/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 34.76.87.197 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-25
IPv4	34.140.254.242	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 34.140.254.242 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	42.101.44.37	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 42.101.44.37 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, hacking).	2026-05-25
IPv4	162.241.179.21	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	50.116.103.144	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 50.116.103.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.241.33.220	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 162.241.33.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	54.241.156.57	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 54.241.156.57 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.144.105.39	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.144.105.39 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.241.134.16	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.241.134.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.241.237.30	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.241.237.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	138.197.204.198	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Santa Clara, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 7 unique usernames. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 18m 14s;...	2026-05-25
IPv4	163.176.147.68	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from São Paulo, Brazil (AS31898, Oracle Corporation). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 2s; 5 events.	2026-05-25
IPv4	162.144.249.8	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 162.144.249.8 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 04:19 and 2026-05-25 04:19 UTC.	2026-05-25
IPv4	47.86.199.216	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 47.86.199.216 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched.	2026-05-25
IPv4	198.1.115.76	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 198.1.115.76 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 04:13 and 2026-05-25 04:13 UTC.	2026-05-25
IPv4	3.145.77.57	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 3m 36s; 5 events.	2026-05-25
IPv4	208.84.100.148	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 208.84.100.148 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (iPhone; CPU iPhone OS 18_4 like Mac OS X) Apple...' 2 times when connecting to mdms1 between 2026-05-25 04:06 and 2026-05-25 04:06 UTC.	2026-05-25
IPv4	162.144.78.141	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 162.144.78.141 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 04:04 and 2026-05-25 04:04 UTC.	2026-05-25
IPv4	103.179.172.233	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 103.179.172.233 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 3 times when connecting to db4lamedtech between 2026-05-25 04:03 and 2026-05-25 04:03 UTC.	2026-05-25
IPv4	18.235.110.182	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. Attacker IP 18.235.110.182 observed using TLS client fingerprint 'Unknown TLS Client (9adadc86ac72)' 2 times when connecting to db1lapetro between 2026-05-25 04:01 and 2026-05-25 04:05 UTC.	2026-05-25
IPv4	190.213.180.98	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 190.213.180.98 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 4 times when connecting to db4lamedtech between 2026-05-25 04:02 and 2026-05-25 04:03 UTC.	2026-05-25
IPv4	64.202.116.102	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 64.202.116.102 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 04:00 and 2026-05-25 04:00 UTC.	2026-05-25
IPv4	168.144.82.3	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 168.144.82.3 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to db1lapetro between 2026-05-25 03:58 and 2026-05-25 03:58 UTC.	2026-05-25
IPv4	104.199.25.101	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 104.199.25.101 observed using SSH client fingerprint 'Unknown SSH Client (e788c657d1a2)' 6 times when connecting to db4lamedtech between 2026-05-25 03:57 and 2026-05-25 03:58 UTC.	2026-05-25
IPv4	34.76.19.119	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 34.76.19.119 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	162.144.59.123	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 162.144.59.123 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 03:57 and 2026-05-25 03:57 UTC.	2026-05-25
IPv4	162.144.219.215	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 162.144.219.215 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 03:55 and 2026-05-25 03:55 UTC.	2026-05-25
IPv4	35.187.59.87	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 35.187.59.87 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	47.88.13.237	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported, abuseipdb:port-scan. 47.88.13.237 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-25
IPv4	96.126.101.34	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 96.126.101.34 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	103.149.192.64	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 103.149.192.64 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-25
IPv4	3.90.136.225	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 3.90.136.225 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	50.116.99.145	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 50.116.99.145 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 03:41 and 2026-05-25 03:41 UTC.	2026-05-25
IPv4	190.92.48.158	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 190.92.48.158 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-25
IPv4	47.86.236.172	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 47.86.236.172 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	209.159.154.66	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 209.159.154.66 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 03:27 and 2026-05-25 03:28 UTC.	2026-05-25
IPv4	139.159.247.49	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 139.159.247.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	186.123.162.251	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Córdoba, Argentina (AS11664, Techtel LMDS Comunicaciones Interactivas S.A.). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.	2026-05-25
IPv4	198.199.88.161	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 198.199.88.161 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 03:21 and 2026-05-25 03:21 UTC.	2026-05-25
IPv4	159.203.69.92	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 159.203.69.92 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 03:19 and 2026-05-25 03:19 UTC.	2026-05-25
IPv4	162.240.211.126	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 162.240.211.126 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 03:16 and 2026-05-25 03:16 UTC.	2026-05-25
IPv4	222.176.201.134	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 222.176.201.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-25
IPv4	68.64.34.87	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 68.64.34.87 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 03:13 and 2026-05-25 03:13 UTC.	2026-05-25
IPv4	162.241.179.229	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 162.241.179.229 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 03:12 and 2026-05-25 03:12 UTC.	2026-05-25
IPv4	162.241.129.246	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 162.241.129.246 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 03:10 and 2026-05-25 03:10 UTC.	2026-05-25
IPv4	159.203.2.114	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 159.203.2.114 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	164.92.161.148	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 164.92.161.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.241.132.100	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 162.241.132.100 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 03:02 and 2026-05-25 03:02 UTC.	2026-05-25
IPv4	70.166.63.83	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 70.166.63.83 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 03:00 and 2026-05-25 03:00 UTC.	2026-05-25
IPv4	203.3.112.46	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 203.3.112.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	138.113.22.151	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 138.113.22.151 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (3 commands), 3 malware samples. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-25
IPv4	120.48.13.223	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 120.48.13.223 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (22 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-25
IPv4	104.168.198.241	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 104.168.198.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	3.145.166.47	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via heralding. duration: 10s; 2 events.	2026-05-25
IPv4	212.38.75.196	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 212.38.75.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	185.238.231.144	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 185.238.231.144 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, moderate).	2026-05-25
IPv4	3.138.158.147	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 3m 33s; 4 events.	2026-05-25
IPv4	162.241.132.172	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.241.132.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	142.4.9.16	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 142.4.9.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	159.65.68.128	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 159.65.68.128 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	47.110.59.246	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 47.110.59.246 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	185.201.212.242	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.201.212.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	73.158.135.104	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 73.158.135.104 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	113.187.249.46	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 113.187.249.46 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	113.187.249.34	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 113.187.249.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	113.187.248.100	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 113.187.248.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	193.33.111.225	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 193.33.111.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-25
IPv4	143.198.228.234	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 143.198.228.234 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 2 command sessions (40 commands), 3 credential attempts, 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-25
IPv4	162.144.51.122	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.144.51.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	40.65.222.177	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 40.65.222.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	192.163.249.224	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 192.163.249.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	34.13.5.136	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 34.13.5.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	192.163.226.177	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 192.163.226.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.144.88.224	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.144.88.224 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	149.165.147.159	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 149.165.147.159 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	34.156.238.76	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 34.156.238.76 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	34.156.88.183	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 34.156.88.183 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	137.184.175.54	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 137.184.175.54 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-25
IPv4	162.241.238.132	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 162.241.238.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	108.179.217.83	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-25
IPv4	57.129.41.93	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Frankfurt am Main, Germany (AS16276, OVH SAS) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 6 unique usernames, execution of 3 commands (SSH key persistence), delivery of 3 malware samples. SSH client: SSH-2....	2026-05-25
IPv4	162.240.98.126	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	118.193.57.121	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 118.193.57.121 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	72.255.19.90	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. IP observed in Suricata network metadata	2026-05-25
IPv4	89.248.168.239	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Amsterdam, The Netherlands (AS202425, IP Volume inc). Observed targeting government sector honeypot backup-hp-01 via cowrie. 2 events.	2026-05-25
IPv4	46.149.67.250	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Singapore (AS9123, Jsc timeweb). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 5 unique usernames. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 15m 17s; 30 events.	2026-05-25
IPv4	88.21.21.125	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 88.21.21.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	162.144.106.1	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	96.125.170.174	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-25
IPv4	151.242.191.232	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	117.34.85.168	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP from China (AS134768, CHINANET SHAANXI province Cloud Base network) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. 1 events.	2026-05-25
IPv4	45.148.10.218	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-25
IPv4	50.116.99.9	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	74.207.241.211	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 74.207.241.211 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	159.89.155.166	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.89.155.166 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	162.144.118.177	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 162.144.118.177 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 05:34 and 2026-05-25 05:35 UTC.	2026-05-25
IPv4	198.1.93.90	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 198.1.93.90 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 05:38 and 2026-05-25 05:38 UTC.	2026-05-25
IPv4	201.145.253.114	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	27.102.134.178	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	47.251.37.200	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 47.251.37.200 observed using TLS client fingerprint 'Unknown TLS Client (a1ddd179f982)' 2 times when connecting to offbackup1 between 2026-05-25 05:30 and 2026-05-25 05:30 UTC.	2026-05-25
IPv4	51.79.189.109	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 51.79.189.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.241.36.208	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 162.241.36.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	64.227.8.212	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.	2026-05-25
IPv4	206.189.207.18	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. IP observed in Suricata network metadata	2026-05-25
IPv4	162.243.175.232	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-25
IPv4	162.144.94.148	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.144.94.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.241.235.154	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 162.241.235.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	185.226.160.63	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.226.160.63 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.241.180.228	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.241.180.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	45.88.201.145	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.88.201.145 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.241.128.131	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.241.128.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	107.20.6.60	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 107.20.6.60 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	47.121.115.60	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.121.115.60 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	162.241.132.202	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.241.132.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	54.198.0.237	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 54.198.0.237 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	144.172.65.185	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 144.172.65.185 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	103.196.116.163	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 103.196.116.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).	2026-05-25
IPv4	162.241.128.40	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 162.241.128.40 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	154.211.2.151	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 154.211.2.151 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (12 commands), 4 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	162.241.132.183	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.241.132.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	46.105.39.49	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 46.105.39.49 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.241.239.241	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 162.241.239.241 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	176.65.139.219	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 176.65.139.219 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	176.65.139.3	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 176.65.139.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	109.63.146.109	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 109.63.146.109 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	198.199.56.226	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 198.199.56.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	173.255.192.158	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 173.255.192.158 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	118.194.251.75	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 118.194.251.75 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	216.158.229.220	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 216.158.229.220 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.241.236.63	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 162.241.236.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	54.242.64.206	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 54.242.64.206 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	47.82.10.24	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 47.82.10.24 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-25
IPv4	108.179.210.159	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 108.179.210.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (critical, reported).	2026-05-25
IPv4	162.241.178.147	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 162.241.178.147 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	162.144.58.21	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 162.144.58.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	162.241.183.156	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 162.241.183.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	43.242.225.55	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.242.225.55 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (15 commands), 4 malware samples. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-25
IPv4	162.241.177.171	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 162.241.177.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.241.129.208	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 162.241.129.208 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 04:29 and 2026-05-25 04:29 UTC.	2026-05-25
IPv4	162.144.46.221	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 162.144.46.221 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 04:30 and 2026-05-25 04:30 UTC.	2026-05-25
IPv4	81.17.101.227	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 81.17.101.227 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (6 commands), 3 malware samples. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-25
IPv4	165.227.100.97	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 165.227.100.97 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 04:28 and 2026-05-25 04:28 UTC.	2026-05-25
IPv4	66.55.80.161	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 66.55.80.161 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 04:30 and 2026-05-25 04:30 UTC.	2026-05-25
IPv4	173.254.234.162	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 173.254.234.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	138.113.28.120	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 138.113.28.120 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 6 times when connecting to db4lamedtech between 2026-05-25 04:07 and 2026-05-25 04:36 UTC.	2026-05-25
IPv4	107.172.219.179	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 107.172.219.179 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 8 times when connecting to mdms1 between 2026-05-25 04:04 and 2026-05-25 04:27 UTC.	2026-05-25
IPv4	108.179.220.174	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 108.179.220.174 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 04:24 and 2026-05-25 04:24 UTC.	2026-05-25
IPv4	196.189.51.246	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 196.189.51.246 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 8 times when connecting to offbackup1 between 2026-05-25 04:03 and 2026-05-25 05:04 UTC.	2026-05-25
IPv4	165.154.22.149	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 165.154.22.149 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 25 times when connecting to mdms1 between 2026-05-25 04:23 and 2026-05-25 05:31 UTC.	2026-05-25
IPv4	82.165.91.87	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 82.165.91.87 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 16 times when connecting to db1lapetro between 2026-05-25 04:02 and 2026-05-25 04:54 UTC.	2026-05-25
IPv4	188.225.33.163	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 188.225.33.163 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 10 times when connecting to db4lamedtech between 2026-05-25 04:03 and 2026-05-25 04:36 UTC.	2026-05-25
IPv4	117.80.237.11	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 117.80.237.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	162.240.75.182	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.240.75.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	192.142.2.40	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 192.142.2.40 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	116.99.174.232	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 116.99.174.232 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-25
IPv4	116.99.174.175	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Vietnam (AS24086, Viettel Corporation). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 8s; 5 events.	2026-05-25
IPv4	162.214.159.200	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	45.156.128.119	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.156.128.119 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	34.62.244.129	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 34.62.244.129 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	204.144.128.55	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 204.144.128.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	162.241.176.160	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.241.176.160 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	34.140.63.233	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 34.140.63.233 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	218.78.91.158	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 218.78.91.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	45.92.1.183	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	78.31.250.156	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	50.116.96.120	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	47.245.80.63	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.80.63 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	50.116.102.248	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 50.116.102.248 observed using SSH client fingerprint 'Unknown SSH Client (d27c75dad3e9)' 2 times when connecting to db1lapetro between 2026-05-25 06:41 and 2026-05-25 06:41 UTC.	2026-05-25
IPv4	185.129.61.1	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.129.61.1 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	34.139.1.42	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	120.240.236.178	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 120.240.236.178 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	118.196.104.111	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 118.196.104.111 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, hacking).	2026-05-25
IPv4	134.199.163.66	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 134.199.163.66 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	98.97.77.205	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 98.97.77.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	166.62.41.190	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from United States (AS398101, GoDaddy.com, LLC). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 13m 56s; 16 events.	2026-05-25
IPv4	1.204.166.3	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 1.204.166.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-25
IPv4	207.180.201.35	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	143.198.75.153	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Santa Clara, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 12m 48s; 25 events.	2026-05-25
IPv4	140.246.100.201	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 140.246.100.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	45.196.233.42	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Tokyo, Japan (AS61112, AKILE LTD). Observed targeting healthcare sector honeypot medtech-hp-01 via tanner. 1 events.	2026-05-25
IPv4	185.191.141.115	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 185.191.141.115 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level4); AbuseIPDB (brute-force, hacking, low).	2026-05-25
IPv4	14.103.131.92	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata	2026-05-25
IPv4	165.22.242.254	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 165.22.242.254 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-25
IPv4	115.135.235.126	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Petaling Jaya, Malaysia (AS4788, TM TECHNOLOGY SERVICES SDN. BHD.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 11m 30s; 16 events.	2026-05-25
IPv4	181.237.104.185	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Pereira, Colombia (AS3816, COLOMBIA TELECOMUNICACIONES S.A. ESP BIC). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 1s; 5 events.	2026-05-25
IPv4	44.220.185.216	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-25
IPv4	47.251.51.45	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, app: ???, dist: 19, uptime: 8 days 10 hrs 1 min (modulo 49 days) (last seen 2026-05-25T09:24:59.000Z)	2026-05-25
IPv4	185.110.191.192	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 185.110.191.192 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-25
IPv4	39.58.55.54	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 39.58.55.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, hacking, high).	2026-05-25
IPv4	18.216.196.124	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	3.137.192.223	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-25
IPv4	103.101.207.133	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Hong Kong (AS132139, VECLOUD LIMITED) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 7m 48s; 12 events.	2026-05-25
IPv4	51.75.141.245	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from France (AS16276, OVH SAS) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 11m 22s; 20 events.	2026-05-25
IPv4	44.220.188.43	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 44.220.188.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-05-25
IPv4	54.152.198.76	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 54.152.198.76 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-05-25
IPv4	16.58.227.8	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.	2026-05-25
IPv4	201.244.23.22	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 201.244.23.22 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	68.183.76.144	Score: 51/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 68.183.76.144 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-25
IPv4	138.68.89.128	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Frankfurt am Main, Germany (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 15m 57s; 14 events.	2026-05-25
IPv4	91.231.89.22	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 91.231.89.22 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	178.128.50.121	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 178.128.50.121 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	18.224.252.214	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	40.113.223.68	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 40.113.223.68 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 3 times when connecting to db4lamedtech between 2026-05-25 08:41 and 2026-05-25 08:41 UTC.	2026-05-25
IPv4	59.50.91.137	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 59.50.91.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	20.197.233.156	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 20.197.233.156 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 80 times when connecting to db1lapetro between 2026-05-25 08:38 and 2026-05-25 08:39 UTC.	2026-05-25
IPv4	138.197.223.247	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 138.197.223.247 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	147.182.164.93	Score: 51/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 147.182.164.93 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-25
IPv4	35.240.16.204	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-25
IPv4	185.209.196.235	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. P0f: OS: ???, link: Ethernet or modem, dist: 17, uptime: 15 days 12 hrs 39 min (modulo 49 days) (last seen 2026-05-25T10:20:06.000Z)	2026-05-25
IPv4	47.84.186.205	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. P0f: OS: Linux 2.2.x-3.x (no timestamps), link: Ethernet or modem, dist: 20 (last seen 2026-05-25T10:13:40.000Z)	2026-05-25
IPv4	124.29.226.3	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 124.29.226.3 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, hacking, port-scan).	2026-05-25
IPv4	43.156.201.48	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata	2026-05-25
IPv4	152.53.136.163	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	111.230.233.46	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 111.230.233.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	180.76.112.121	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 180.76.112.121 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	198.135.53.77	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	23.224.92.34	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 23.224.92.34 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	141.94.123.106	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata	2026-05-25
IPv4	34.179.137.51	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 34.179.137.51 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	52.150.16.56	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 52.150.16.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	161.35.126.245	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	200.141.47.232	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	159.89.17.56	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 159.89.17.56 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	165.245.247.96	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 165.245.247.96 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	159.223.20.71	Score: 51/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Frankfurt am Main, Germany (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.	2026-05-25
IPv4	134.122.82.176	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 134.122.82.176 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-25
IPv4	185.195.232.131	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 185.195.232.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-25
IPv4	147.45.135.69	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Russia (AS210976, Timeweb, LLP). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames, execution of 3 commands (SSH key persistence), delivery of 3 malware samples. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226d...	2026-05-25
IPv4	185.91.69.38	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.91.69.38 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	109.94.175.145	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Tashkent, Uzbekistan (AS8193, Uzbektelekom Joint Stock Company). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 16m 42s; 24 events.	2026-05-25
IPv4	134.209.50.215	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 134.209.50.215 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	8.211.20.67	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	183.61.119.194	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 183.61.119.194 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	159.89.136.83	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 159.89.136.83 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-25
IPv4	91.99.101.160	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Nuremberg, Germany (AS24940, Hetzner Online GmbH) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 6 failed login attempts, 6 credential pairs tried across 2 unique usernames, execution of 4 commands (SSH key persistence, system reconnaissance), delivery of 4 ma...	2026-05-25
IPv4	46.101.89.39	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 46.101.89.39 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-25
IPv4	154.92.22.13	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 154.92.22.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	138.113.3.133	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 138.113.3.133 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (20 commands), 1 credential attempts, 5 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	193.233.48.169	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.233.48.169 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	192.81.131.191	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 192.81.131.191 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	83.43.27.146	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 83.43.27.146 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	103.181.160.74	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 103.181.160.74 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	49.200.48.130	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 49.200.48.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	3.20.204.47	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 3.20.204.47 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	154.37.218.220	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 154.37.218.220 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (4 commands), 4 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).	2026-05-25
IPv4	138.249.220.22	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 138.249.220.22 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-25
IPv4	134.122.93.157	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 134.122.93.157 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-25
IPv4	64.226.93.31	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 64.226.93.31 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-05-25
IPv4	104.248.22.153	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 104.248.22.153 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	134.209.245.22	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	45.184.158.67	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Salto del Guaira, Paraguay (AS269794, GRUPO SPEED NET SOCIEDAD ANONIMA). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 4 unique usernames, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron ...	2026-05-25
IPv4	171.8.138.156	Score: 70/100. Labels: abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.8.138.156 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, hacking, low).	2026-05-25
IPv4	176.65.149.22	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 176.65.149.22 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-25
IPv4	213.160.77.129	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-25
IPv4	161.97.86.138	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 9m 40s; 12 events.	2026-05-25
IPv4	144.123.76.161	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 144.123.76.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	209.141.43.146	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Las Vegas, United States (AS53667, FranTech Solutions). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 1s; 4 events.	2026-05-25
IPv4	40.77.167.126	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 40.77.167.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	18.225.235.49	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 5m 3s; 5 events.	2026-05-25
IPv4	35.252.112.28	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 35.252.112.28 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-25
IPv4	3.137.141.123	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 3.137.141.123 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	167.172.137.177	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 167.172.137.177 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-25
IPv4	8.221.138.190	Score: 56/100. Labels: abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:firehol_anonymous, firehol:firehol_proxies. Attacker IP from Tokyo, Japan. Observed targeting energy sector honeypot petroleum-hp-01 via h0neytr4p. 1 events.	2026-05-25
IPv4	83.142.209.70	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	62.138.24.205	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 62.138.24.205 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-25
IPv4	157.245.80.247	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	18.116.25.35	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-25
IPv4	129.212.228.131	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-25
IPv4	102.53.12.221	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 102.53.12.221 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-05-25
IPv4	82.156.88.97	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 82.156.88.97 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	45.79.152.168	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.79.152.168 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	18.116.117.142	Score: 52/100. Labels: abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 18.116.117.142 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, iot-targeted, moderate).	2026-05-25
IPv4	62.132.18.53	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	178.20.212.70	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported. 178.20.212.70 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, hacking).	2026-05-25
IPv4	103.176.137.185	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 103.176.137.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	20.114.145.78	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	218.78.63.123	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Shanghai, China (AS4811, China Telecom Group). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. 1 events.	2026-05-25
IPv4	107.161.90.176	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-25
IPv4	117.34.85.169	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata	2026-05-25
IPv4	162.216.18.178	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 162.216.18.178 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	139.255.254.163	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 139.255.254.163 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	47.251.179.136	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.251.179.136 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-25
IPv4	3.140.210.92	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 3.140.210.92 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	167.172.187.11	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 167.172.187.11 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (4 commands), 4 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	176.65.148.199	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 176.65.148.199 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	8.221.138.13	Score: 56/100. Labels: abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:unlisted. 8.221.138.13 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (low, port-scan, reported).	2026-05-25
IPv4	18.218.63.61	Score: 54/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, client:go. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. SSH client: SSH-2.0-Go (HASSH: 084386fa7ae5...); duration: 4m 4s; 7 events.	2026-05-25
IPv4	134.209.89.6	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 134.209.89.6 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	15.204.157.11	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 15.204.157.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-25
IPv4	167.99.39.73	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 167.99.39.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	154.89.153.73	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-25
IPv4	167.172.45.169	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 167.172.45.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	66.228.43.62	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	164.90.193.53	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 164.90.193.53 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	104.248.205.245	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 104.248.205.245 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-25
IPv4	208.115.109.194	Score: 71/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 208.115.109.194 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-25
IPv4	113.206.147.70	Score: 50/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 113.206.147.70 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-25
IPv4	15.204.156.92	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 15.204.156.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-25
IPv4	137.184.155.11	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 137.184.155.11 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-25
IPv4	115.190.215.101	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 115.190.215.101 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	223.166.22.63	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 223.166.22.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-05-25
IPv4	101.79.165.133	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 101.79.165.133 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 3 times when connecting to mdms1 between 2026-05-25 14:43 and 2026-05-25 14:43 UTC.	2026-05-25
IPv4	202.59.10.238	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 202.59.10.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, low).	2026-05-25
IPv4	43.164.190.3	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.164.190.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-25
IPv4	121.11.116.73	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 121.11.116.73 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-25
IPv4	209.38.45.195	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 209.38.45.195 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	163.53.201.45	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	161.118.239.144	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 161.118.239.144 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	96.126.101.66	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 96.126.101.66 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	82.223.104.216	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-25
IPv4	35.207.255.195	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	193.24.123.58	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 193.24.123.58 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (hacking, low, port-scan).	2026-05-25
IPv4	45.76.83.185	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 45.76.83.185 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	104.237.151.163	Score: 81/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	151.240.63.43	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 151.240.63.43 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	38.210.202.16	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP 38.210.202.16 observed using SSH client fingerprint 'Unknown SSH Client (19532158b559)' 3 times when connecting to db4lamedtech between 2026-05-25 15:51 and 2026-05-25 15:53 UTC.	2026-05-25
IPv4	4.246.117.137	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from United States (AS8075, Microsoft Corporation). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 4 unique usernames. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 14m 45s; 25 events.	2026-05-25
IPv4	15.204.157.10	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 15.204.157.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-25
IPv4	115.190.223.207	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 115.190.223.207 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	218.93.197.74	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from China (AS4134, Chinanet). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.	2026-05-25
IPv4	45.224.97.245	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Portoviejo, Ecuador (AS52468, UFINET PANAMA S.A.). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 4 unique usernames. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 11m 53s; 20 events.	2026-05-25
IPv4	176.65.139.98	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 176.65.139.98 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	36.151.144.236	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 36.151.144.236 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, hacking).	2026-05-25
IPv4	157.230.167.26	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 157.230.167.26 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	180.125.215.35	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 180.125.215.35 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	51.68.234.131	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	67.205.173.4	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	114.245.243.154	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 114.245.243.154 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	203.175.74.145	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-25
IPv4	167.172.142.173	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 167.172.142.173 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	77.105.161.120	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-25
IPv4	117.72.10.130	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from China (AS141679, China Telecom Beijing Tianjin Hebei Big Data Industry Park Branch). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 3s; 5 events.	2026-05-25
IPv4	161.35.65.86	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-25
IPv4	141.98.253.169	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 141.98.253.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-25
IPv4	185.247.137.37	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 16, uptime: 31 days 4 hrs 5 min (modulo 49 days) (last seen 2026-05-25T17:03:01.000Z)	2026-05-25
IPv4	195.96.139.37	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 16, uptime: 1 days 18 hrs 43 min (modulo 49 days) (last seen 2026-05-25T17:02:45.000Z)	2026-05-25
IPv4	185.247.137.4	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.4 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (critical, ddos, ftp-brute).	2026-05-25
IPv4	182.78.217.6	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 182.78.217.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-25
IPv4	195.96.139.23	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 195.96.139.23 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-25
IPv4	185.247.137.30	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.30 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	123.204.25.76	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	87.236.176.11	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.11 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	87.236.176.3	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.3 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	195.96.139.6	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 195.96.139.6 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	14.212.36.208	Score: 63/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 14.212.36.208 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-25
IPv4	87.236.176.26	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.26 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	195.96.139.14	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 195.96.139.14 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	146.190.24.42	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 146.190.24.42 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-25
IPv4	195.96.139.4	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 195.96.139.4 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	203.24.77.45	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 203.24.77.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-25
IPv4	68.80.79.3	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 68.80.79.3 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	185.209.199.35	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 185.209.199.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-25
IPv4	209.38.106.178	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 209.38.106.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	195.251.223.205	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, cowrie, firehol:firehol_anonymous. 195.251.223.205 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, low).	2026-05-25
IPv4	3.21.240.114	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 3.21.240.114 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-25
IPv4	195.96.139.161	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 195.96.139.161 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	185.24.11.133	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 185.24.11.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	3.139.79.124	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 1m 4s; 4 events.	2026-05-25
IPv4	80.94.95.185	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 80.94.95.185 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	217.234.90.116	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from Senftenberg, Germany (AS3320, Deutsche Telekom AG). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. SSH client: SSH-2.0-libssh_0.11.1 (HASSH: 03a80b21afa8...); duration: 4s; 4 events.	2026-05-25
IPv4	148.230.73.243	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Lithuania (AS47583, Hostinger International Limited) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 1s; 4 events.	2026-05-25
IPv4	161.35.158.167	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 161.35.158.167 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	138.199.15.163	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 138.199.15.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-25
IPv4	149.56.160.180	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 149.56.160.180 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; Dataprovider.com)' 2 times when connecting to db4lamedtech between 2026-05-25 17:22 and 2026-05-25 17:22 UTC.	2026-05-25
IPv4	20.192.21.48	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 20.192.21.48 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (moderate, reported).	2026-05-25
IPv4	192.155.81.220	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.155.81.220 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	3.128.199.45	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 3.128.199.45 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-25
IPv4	197.153.1.106	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Tangier, Morocco. Observed targeting energy sector honeypot petroleum-hp-01 via h0neytr4p. duration: 1s; 2 events.	2026-05-25
IPv4	18.221.177.65	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-25
IPv4	91.224.124.141	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 91.224.124.141 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-25
IPv4	151.240.63.174	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 151.240.63.174 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, moderate, multi-reported).	2026-05-25
IPv4	106.4.161.57	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 106.4.161.57 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-25
IPv4	161.35.89.180	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 161.35.89.180 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	192.142.24.60	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 192.142.24.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	45.153.34.195	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.153.34.195 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	87.236.176.167	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.167 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	195.96.139.166	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 195.96.139.166 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	185.247.137.155	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.247.137.155 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	185.247.137.175	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.175 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	195.96.139.147	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 195.96.139.147 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	87.236.176.154	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	195.96.139.178	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 16, uptime: 39 days 13 hrs 55 min (modulo 49 days) (last seen 2026-05-25T20:14:35.000Z)	2026-05-25
IPv4	195.96.139.179	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 16, uptime: 20 days 1 hrs 52 min (modulo 49 days) (last seen 2026-05-25T20:13:55.000Z)	2026-05-25
IPv4	195.96.139.150	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 195.96.139.150 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-25
IPv4	185.247.137.162	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	115.190.41.148	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 115.190.41.148 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, multi-reported).	2026-05-25
IPv4	162.220.54.133	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 162.220.54.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-25
IPv4	104.248.31.56	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Frankfurt am Main, Germany (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 14m 0s; 10 events.	2026-05-25
IPv4	18.217.32.146	Score: 54/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 1m 18s; 2 events.	2026-05-25
IPv4	60.25.69.155	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 60.25.69.155 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-25
IPv4	43.248.109.88	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 43.248.109.88 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-25
IPv4	98.80.4.10	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-25
IPv4	124.222.39.169	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-25
IPv4	84.54.30.196	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 84.54.30.196 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	50.56.159.185	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 50.56.159.185 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	167.99.240.37	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 167.99.240.37 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	18.188.23.80	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-25
IPv4	176.65.139.217	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-25
IPv4	164.90.151.212	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Santa Clara, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 17m 41s; 272 events.	2026-05-25
IPv4	101.96.225.252	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 101.96.225.252 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands). Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-25
IPv4	159.89.228.57	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 17m 52s; 279 events.	2026-05-25
IPv4	195.96.139.16	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 195.96.139.16 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	141.147.36.14	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 141.147.36.14 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	185.12.248.5	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 185.12.248.5 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-25
IPv4	69.12.83.216	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 69.12.83.216 observed using SSH client fingerprint 'Unknown SSH Client (63ae64767f33)' 7 times when connecting to offbackup1 between 2026-05-25 21:57 and 2026-05-25 21:58 UTC.	2026-05-25
IPv4	178.62.249.162	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 178.62.249.162 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-25
IPv4	112.94.189.201	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 112.94.189.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-25
IPv4	182.119.227.240	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.119.227.240 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	217.217.249.249	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 217.217.249.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	123.207.65.62	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 123.207.65.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	222.176.200.166	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	104.236.3.25	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 104.236.3.25 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-25
IPv4	18.215.219.36	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 18.215.219.36 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-25
IPv4	34.71.79.199	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 34.71.79.199 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Linux; Android 12; Redmi Note 11) AppleWebKit/5...' 7 times when connecting to db1lapetro between 2026-05-25 22:56 and 2026-05-25 22:56 UTC.	2026-05-25
IPv4	74.7.227.152	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 74.7.227.152 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-25
IPv4	93.123.109.178	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 93.123.109.178 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-25
IPv4	68.183.0.138	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Amsterdam, The Netherlands (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 1s; 2 events.	2026-05-25
IPv4	34.162.103.8	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:moderate, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 34.162.103.8 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Linux; Android 13; Nokia G42 5G) AppleWebKit/53...' 7 times when connecting to mdms1 between 2026-05-25 22:42 and 2026-05-25 22:42 UTC.	2026-05-25
IPv4	109.199.108.254	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 109.199.108.254 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	5.133.192.140	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 5.133.192.140 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, low).	2026-05-26
IPv4	144.24.19.233	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 144.24.19.233 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, high).	2026-05-26
IPv4	87.106.152.203	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 87.106.152.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	219.143.102.98	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 219.143.102.98 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	39.152.240.15	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 39.152.240.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	81.71.71.228	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 81.71.71.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	116.110.151.56	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 116.110.151.56 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	116.255.155.36	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 116.255.155.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	94.23.168.183	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 94.23.168.183 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	115.190.132.17	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 115.190.132.17 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	171.231.179.246	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Da Nang, Vietnam (AS7552, Viettel Group). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 20s; 4 events.	2026-05-26
IPv4	20.206.67.134	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-26
IPv4	119.8.163.124	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-26
IPv4	137.184.172.215	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. IP observed in Suricata network metadata	2026-05-26
IPv4	171.231.191.246	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Da Nang, Vietnam (AS7552, Viettel Group). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 9m 49s; 16 events.	2026-05-26
IPv4	82.25.93.35	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 82.25.93.35 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-26
IPv4	77.83.39.207	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 77.83.39.207 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	185.91.69.242	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 185.91.69.242 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-26
IPv4	91.92.42.243	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 91.92.42.243 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	89.169.44.88	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 89.169.44.88 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	165.227.84.170	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 165.227.84.170 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	112.242.235.203	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 112.242.235.203 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	64.227.12.52	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 64.227.12.52 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	185.141.119.105	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 185.141.119.105 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	80.85.246.214	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 80.85.246.214 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-26
IPv4	185.220.101.19	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.220.101.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_abusers_30d); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	74.7.243.215	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 74.7.243.215 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	161.35.3.72	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata	2026-05-26
IPv4	3.18.106.28	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-26
IPv4	3.150.129.44	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-26
IPv4	80.69.55.177	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 80.69.55.177 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	47.84.195.4	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.195.4 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	194.36.25.19	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 194.36.25.19 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	34.147.88.45	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 34.147.88.45 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (critical, hacking, port-scan).	2026-05-26
IPv4	38.210.202.125	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 38.210.202.125 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 2 times when connecting to db1lapetro between 2026-05-26 02:43 and 2026-05-26 02:43 UTC.	2026-05-26
IPv4	82.21.109.8	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 82.21.109.8 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-05-26
IPv4	59.36.162.153	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 59.36.162.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	185.254.75.13	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.254.75.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	176.65.139.218	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 176.65.139.218 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 182 times when connecting to mdms1 between 2026-05-26 04:04 and 2026-05-26 04:23 UTC.	2026-05-26
IPv4	35.195.176.138	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 35.195.176.138 observed using SSH client fingerprint 'Unknown SSH Client (e788c657d1a2)' 6 times when connecting to offbackup1 between 2026-05-26 04:02 and 2026-05-26 04:02 UTC.	2026-05-26
IPv4	3.145.11.65	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-26
IPv4	34.22.169.226	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 34.22.169.226 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-26
IPv4	34.62.140.151	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 34.62.140.151 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	45.148.10.42	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.148.10.42 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	118.145.204.182	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.145.204.182 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, hacking, high).	2026-05-26
IPv4	34.140.203.122	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata	2026-05-26
IPv4	34.14.114.202	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 34.14.114.202 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	124.117.192.231	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 124.117.192.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	193.163.125.142	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 193.163.125.142 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	47.84.205.129	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.205.129 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	34.156.7.234	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 34.156.7.234 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	35.222.187.166	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. 35.222.187.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-26
IPv4	47.86.235.145	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 47.86.235.145 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	206.189.189.252	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 206.189.189.252 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	103.215.74.72	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-26
IPv4	199.45.154.178	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 199.45.154.178 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	74.7.243.221	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 74.7.243.221 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-26
IPv4	34.139.199.172	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported. 34.139.199.172 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	185.248.85.34	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 185.248.85.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	35.231.238.44	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 35.231.238.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-26
IPv4	123.178.210.38	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 123.178.210.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-26
IPv4	175.30.48.232	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 175.30.48.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	146.88.241.21	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 146.88.241.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	139.135.46.32	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 139.135.46.32 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	47.83.202.52	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 47.83.202.52 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	72.56.1.142	Score: 54/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 72.56.1.142 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	221.225.23.1	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 221.225.23.1 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	43.248.109.252	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 43.248.109.252 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	179.43.146.227	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 179.43.146.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	103.72.56.192	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 103.72.56.192 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	87.236.176.228	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 87.236.176.228 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	74.7.242.14	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 74.7.242.14 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-26
IPv4	168.144.31.232	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-26
IPv4	146.190.117.163	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-26
IPv4	128.90.145.4	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 128.90.145.4 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	98.226.211.251	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 98.226.211.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	91.215.85.40	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 91.215.85.40 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, hacking, low).	2026-05-26
IPv4	223.85.102.135	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-26
IPv4	167.172.183.169	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-26
IPv4	167.99.156.236	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-26
IPv4	24.164.61.216	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 24.164.61.216 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	106.75.15.4	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-26
IPv4	161.35.78.117	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 161.35.78.117 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, high).	2026-05-26
IPv4	174.168.101.87	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 174.168.101.87 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, hacking, low).	2026-05-26
IPv4	98.53.80.182	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 98.53.80.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	160.30.113.14	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Vietnam (AS135918, VIET DIGITAL TECHNOLOGY LIABILITY COMPANY). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-26
IPv4	176.65.149.111	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 176.65.149.111 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	220.148.3.95	Score: 58/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 220.148.3.95 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-26
IPv4	34.22.171.107	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 34.22.171.107 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-26
IPv4	34.76.81.217	Score: 61/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 34.76.81.217 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, port-scan).	2026-05-26
IPv4	195.96.139.58	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 195.96.139.58 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	34.139.32.93	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 34.139.32.93 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-26
IPv4	64.226.119.110	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 64.226.119.110 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	34.76.49.72	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 34.76.49.72 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	34.76.56.152	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 34.76.56.152 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-26
IPv4	74.7.227.148	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 74.7.227.148 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	217.154.93.126	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 217.154.93.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	45.149.173.195	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 45.149.173.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	138.68.158.224	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 138.68.158.224 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-26
IPv4	209.99.185.239	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 209.99.185.239 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	113.87.90.99	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 113.87.90.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	146.190.70.199	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. IP observed in Suricata network metadata	2026-05-26
IPv4	121.58.218.73	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 121.58.218.73 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-26
IPv4	117.40.114.144	Score: 51/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.40.114.144 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-05-26
IPv4	47.237.214.78	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export, cowrie. 47.237.214.78 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-26
IPv4	76.139.71.98	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 76.139.71.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	71.234.114.178	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:reported-export, abuseipdb:ssh. Attacker IP 71.234.114.178 observed using SSH client fingerprint 'Unknown SSH Client (05a21521f542)' 2 times when connecting to mdms1 between 2026-05-26 08:12 and 2026-05-26 08:12 UTC.	2026-05-26
IPv4	76.18.216.43	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 76.18.216.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, hacking, high).	2026-05-26
IPv4	98.246.188.41	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 98.246.188.41 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	76.105.131.239	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 76.105.131.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	98.45.90.214	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-26
IPv4	98.55.193.198	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 98.55.193.198 observed using SSH client fingerprint 'Unknown SSH Client (05a21521f542)' 2 times when connecting to mdms1 between 2026-05-26 08:10 and 2026-05-26 08:12 UTC.	2026-05-26
IPv4	185.213.154.239	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 185.213.154.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-26
IPv4	117.131.7.66	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 117.131.7.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	83.217.209.195	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 83.217.209.195 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	196.119.67.174	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:reported, abuseipdb:ssh. 196.119.67.174 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	3.142.134.216	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 2m 28s; 4 events.	2026-05-26
IPv4	20.150.193.53	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 20.150.193.53 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	3.142.134.96	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 3m 17s; 5 events.	2026-05-26
IPv4	65.49.20.113	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 65.49.20.113 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	152.42.215.16	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 152.42.215.16 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	185.209.196.130	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.209.196.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	109.207.174.234	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 109.207.174.234 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	124.43.79.65	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 124.43.79.65 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	47.86.190.58	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 47.86.190.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	185.215.166.25	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting technology sector honeypot msp-rmm-hp-01 via heralding. duration: 17s; 81 events.	2026-05-26
IPv4	180.76.176.49	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 180.76.176.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-26
IPv4	64.226.119.127	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-26
IPv4	193.32.127.201	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 193.32.127.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-26
IPv4	101.53.233.96	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-26
IPv4	138.199.6.234	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 138.199.6.234 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-26
IPv4	74.82.47.31	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 74.82.47.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	47.237.212.245	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 47.237.212.245 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	20.227.140.176	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 20.227.140.176 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-26
IPv4	198.12.65.213	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Buffalo, United States (AS36352, HostPapa). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-26
IPv4	87.236.176.25	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.25 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	112.28.234.157	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 112.28.234.157 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	221.1.66.220	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 221.1.66.220 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands). Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	3.15.212.8	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 3.15.212.8 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	76.18.202.175	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 76.18.202.175 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	84.199.12.218	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 84.199.12.218 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-26
IPv4	114.97.190.103	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 114.97.190.103 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	139.59.94.102	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 139.59.94.102 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-26
IPv4	74.7.241.7	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 74.7.241.7 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	74.7.227.175	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 74.7.227.175 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	155.138.135.166	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 155.138.135.166 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	178.128.139.210	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 178.128.139.210 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	47.84.182.64	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.182.64 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	98.43.246.84	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 98.43.246.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-26
IPv4	98.242.202.80	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 98.242.202.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	64.62.156.204	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 64.62.156.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	122.163.178.105	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 122.163.178.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	39.64.109.171	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 39.64.109.171 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	207.90.244.14	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 207.90.244.14 observed using TLS client fingerprint 'Unknown TLS Client (5103125acceb)' 2 times when connecting to mdms1 between 2026-05-26 12:15 and 2026-05-26 12:15 UTC.	2026-05-26
IPv4	31.58.144.20	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 31.58.144.20 observed using TLS client fingerprint 'Unknown TLS Client (60877a328763)' 23 times when connecting to db4lamedtech between 2026-05-26 12:17 and 2026-05-26 12:17 UTC.	2026-05-26
IPv4	91.224.92.13	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 91.224.92.13 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	74.7.242.7	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 74.7.242.7 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, ddos, hacking).	2026-05-26
IPv4	15.235.159.111	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Singapore (AS16276, OVH SAS) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-26
IPv4	43.242.227.51	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 43.242.227.51 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	173.239.221.21	Score: 93/100. Labels: abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 173.239.221.21 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (hacking, high, multi-reported).	2026-05-26
IPv4	45.82.78.110	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 45.82.78.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	8.222.225.182	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 8.222.225.182 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, low).	2026-05-26
IPv4	98.39.109.116	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 98.39.109.116 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-26
IPv4	74.7.227.149	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 74.7.227.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-26
IPv4	23.95.117.253	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 23.95.117.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-26
IPv4	156.225.28.14	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 156.225.28.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	98.37.72.230	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata	2026-05-26
IPv4	98.80.4.120	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 98.80.4.120 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-26
IPv4	159.203.179.240	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 159.203.179.240 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	81.17.28.68	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Zurich, Switzerland (AS51852, Private Layer INC). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-26
IPv4	159.223.196.68	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata	2026-05-26
IPv4	183.212.244.31	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 183.212.244.31 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, iot-targeted, low).	2026-05-26
IPv4	142.93.220.184	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 142.93.220.184 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	103.176.16.200	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 103.176.16.200 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-05-26
IPv4	192.109.200.175	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Bulgaria (AS51396, Pfcloud UG (haftungsbeschrankt)) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.	2026-05-26
IPv4	45.141.233.117	Score: 51/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 45.141.233.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-26
IPv4	220.158.232.160	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 220.158.232.160 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	20.12.190.196	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Des Moines, United States. Observed targeting energy sector honeypot petroleum-hp-01 via h0neytr4p. duration: 22s; 192 events.	2026-05-26
IPv4	176.65.149.23	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. P0f: OS: ???, link: Ethernet or modem, dist: 17, uptime: 12 days 16 hrs 23 min (modulo 49 days) (last seen 2026-05-26T16:23:39.000Z)	2026-05-26
IPv4	167.71.248.134	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 167.71.248.134 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-26
IPv4	211.37.177.87	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 211.37.177.87 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	152.32.202.244	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 152.32.202.244 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	18.188.197.255	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 18.188.197.255 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	185.247.137.191	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.191 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	31.56.209.8	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 31.56.209.8 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	3.17.173.53	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-26
IPv4	27.72.248.213	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 27.72.248.213 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	144.31.192.110	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. Attacker IP from Frankfurt am Main, Germany (AS213877, U1 Digital Services Ltd). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-26
IPv4	3.237.65.43	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 3.237.65.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	18.97.26.125	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-26
IPv4	18.218.198.203	Score: 52/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. IP observed in Suricata network metadata	2026-05-26
IPv4	149.102.231.231	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 149.102.231.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	104.248.158.232	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:reported. 104.248.158.232 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	47.254.244.233	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.254.244.233 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	176.65.139.222	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Luxembourg (AS214472, Offshore LC). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 190 failed login attempts, 190 credential pairs tried across 125 unique usernames. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 19m 9s; 954 events.	2026-05-26
IPv4	171.37.191.212	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 171.37.191.212 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	13.58.143.67	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-26
IPv4	18.191.149.24	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 18.191.149.24 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-26
IPv4	171.243.148.154	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 171.243.148.154 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	171.243.149.78	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 171.243.149.78 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-26
IPv4	13.58.198.185	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 13.58.198.185 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, ftp-brute).	2026-05-26
IPv4	165.22.228.16	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. IP observed in Suricata network metadata	2026-05-26
IPv4	143.244.160.250	Score: 54/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. IP observed in Suricata network metadata	2026-05-26
IPv4	198.211.103.64	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-26
IPv4	89.110.103.94	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 89.110.103.94 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-26
IPv4	87.236.176.94	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.94 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	185.247.137.102	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.247.137.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	185.247.137.99	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.99 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	195.96.139.91	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 195.96.139.91 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	195.96.139.78	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 195.96.139.78 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	87.236.176.91	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.91 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-26
IPv4	185.247.137.94	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.94 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	36.136.13.69	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. IP observed in Suricata network metadata	2026-05-26
IPv4	36.136.13.72	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.136.13.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-26
IPv4	44.243.252.58	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 44.243.252.58 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	16.148.33.198	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 16.148.33.198 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	3.22.224.222	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Columbus, United States. Observed targeting government sector honeypot backup-hp-01 via h0neytr4p. 1 events.	2026-05-26
IPv4	113.101.246.251	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 113.101.246.251 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-26
IPv4	18.221.122.32	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 18.221.122.32 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	8.215.88.36	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 8.215.88.36 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 2 times when connecting to db1lapetro between 2026-05-26 17:18 and 2026-05-26 17:18 UTC.	2026-05-26
IPv4	194.163.180.128	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported. Attacker IP 194.163.180.128 observed using TLS client fingerprint 'Unknown TLS Client (5dfe0f5f4cc2)' 2 times when connecting to db4lamedtech between 2026-05-26 17:15 and 2026-05-26 17:15 UTC.	2026-05-26
IPv4	3.139.237.219	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 3.139.237.219 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	18.217.105.232	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 18.217.105.232 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	52.6.85.146	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 52.6.85.146 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	192.232.240.28	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 192.232.240.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	104.28.235.58	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Seattle, United States (AS13335, Cloudflare, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 2m 12s; 8 events.	2026-05-26
IPv4	200.75.136.149	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-26
IPv4	104.28.203.58	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Seattle, United States (AS13335, Cloudflare, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 1m 8s; 4 events.	2026-05-26
IPv4	115.190.203.239	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 115.190.203.239 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	181.28.101.14	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-26
IPv4	157.230.18.133	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-26
IPv4	160.30.113.59	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-26
IPv4	107.175.156.154	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-26
IPv4	31.56.233.141	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-26
IPv4	18.218.10.204	Score: 51/100. Labels: abuseipdb:brute-force, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 5m 43s; 6 events.	2026-05-26
IPv4	3.16.151.171	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 3.16.151.171 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	171.243.149.73	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Da Nang, Vietnam (AS7552, Viettel Group). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 3s; 4 events.	2026-05-26
IPv4	67.205.143.145	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-26
IPv4	152.236.14.13	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 152.236.14.13 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	66.228.38.64	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.228.38.64 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	181.214.231.135	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Frankfurt am Main, Germany (AS211301, Unesty Company). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-26
IPv4	35.94.5.112	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 35.94.5.112 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	49.0.207.15	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 49.0.207.15 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-26
IPv4	38.244.38.246	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 38.244.38.246 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	103.211.195.42	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 103.211.195.42 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-26
IPv4	188.166.182.83	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:reported, abuseipdb:ssh. 188.166.182.83 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	108.176.102.58	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 108.176.102.58 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	157.245.175.135	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 157.245.175.135 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	103.149.192.161	Score: 54/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 103.149.192.161 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-26
IPv4	173.255.221.151	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 173.255.221.151 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	3.142.52.209	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-26
IPv4	185.65.135.245	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. P0f: OS: ???, link: Ethernet or modem, dist: 17, uptime: 37 days 1 hrs 42 min (modulo 49 days) (last seen 2026-05-26T19:53:33.000Z)	2026-05-26
IPv4	171.120.30.8	Score: 94/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 171.120.30.8 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-26
IPv4	18.223.241.122	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-26
IPv4	147.182.189.92	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 147.182.189.92 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	34.222.179.162	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 34.222.179.162 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-26
IPv4	5.153.251.80	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 5.153.251.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	142.4.19.101	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 142.4.19.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	192.227.213.228	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-26
IPv4	111.113.89.84	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 111.113.89.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	18.219.79.109	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 18.219.79.109 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-26
IPv4	192.232.192.221	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.232.192.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	93.94.141.115	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 93.94.141.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	58.221.60.25	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 58.221.60.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	18.224.32.195	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 18.224.32.195 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	208.84.101.224	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from North Kansas City, United States. Observed targeting energy sector honeypot petroleum-hp-01 via h0neytr4p. duration: 2m 15s; 79 events.	2026-05-26
IPv4	13.72.110.24	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 13.72.110.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	60.163.139.198	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-26
IPv4	162.241.237.225	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.241.237.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	67.220.64.66	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 67.220.64.66 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4).	2026-05-26
IPv4	191.96.165.181	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 191.96.165.181 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (critical, reported).	2026-05-26
IPv4	104.45.192.52	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 104.45.192.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	89.37.63.73	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 89.37.63.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	118.107.208.153	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 118.107.208.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	35.187.86.228	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 35.187.86.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	114.31.74.23	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 114.31.74.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	74.91.200.217	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 74.91.200.217 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	162.144.110.151	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.144.110.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	150.109.247.111	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 150.109.247.111 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	47.84.185.225	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.84.185.225 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	45.84.120.3	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.84.120.3 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	159.253.120.224	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.253.120.224 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	20.226.60.108	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-26
IPv4	46.101.90.201	Score: 66/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, cowrie. IP observed in Suricata network metadata	2026-05-26
IPv4	209.145.63.138	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 209.145.63.138 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	139.212.71.103	Score: 62/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 139.212.71.103 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-26
IPv4	114.97.190.74	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 114.97.190.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-26
IPv4	4.204.219.172	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-26
IPv4	157.230.9.65	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-26
IPv4	143.244.173.245	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 143.244.173.245 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	44.249.172.174	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 44.249.172.174 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-26
IPv4	77.85.197.6	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-26
IPv4	167.172.223.244	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 167.172.223.244 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	18.216.20.179	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 18.216.20.179 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	77.105.130.18	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-26
IPv4	69.6.234.27	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-26
IPv4	138.113.28.122	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-26
IPv4	31.70.75.36	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 31.70.75.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-26
IPv4	118.196.86.94	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 24, uptime: 12 days 18 hrs 18 min (modulo 49 days) (last seen 2026-05-26T21:59:46.000Z)	2026-05-26
IPv4	43.248.109.251	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. P0f: OS: Linux 3.11 and newer, link: generic tunnel or VPN, dist: 24, uptime: 9 days 1 hrs 16 min (modulo 49 days) (last seen 2026-05-26T21:31:50.000Z)	2026-05-26
IPv4	122.96.28.81	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 122.96.28.81 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-26
IPv4	18.223.237.159	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 4m 25s; 4 events.	2026-05-26
IPv4	69.10.49.209	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 69.10.49.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	8.229.156.86	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 8.229.156.86 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Linux; Android 14; RMX3842) AppleWebKit/537.36 ...' 7 times when connecting to mdms1 between 2026-05-26 21:22 and 2026-05-26 21:22 UTC.	2026-05-26
IPv4	96.126.126.40	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 96.126.126.40 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	16.112.58.39	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 16.112.58.39 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-26
IPv4	40.77.167.79	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 40.77.167.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-26
IPv4	167.172.142.171	Score: 54/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 167.172.142.171 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	157.230.187.0	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 157.230.187.0 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	100.25.25.148	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 100.25.25.148 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-26
IPv4	182.54.23.17	Score: 52/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 182.54.23.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	31.220.89.60	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 31.220.89.60 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-26
IPv4	198.211.117.198	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 198.211.117.198 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-26
IPv4	221.11.5.56	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 221.11.5.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	77.164.165.131	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 77.164.165.131 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-26
IPv4	176.117.184.152	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 176.117.184.152 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-26
IPv4	202.83.16.183	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-26
IPv4	87.106.29.220	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from France (AS8560, IONOS SE). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 1m 37s; 8 events.	2026-05-26
IPv4	64.226.88.70	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 64.226.88.70 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-27
IPv4	147.182.181.230	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 147.182.181.230 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	1.117.59.217	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	45.156.87.147	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	162.243.175.148	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.243.175.148 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	101.79.165.128	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	107.197.183.81	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-27
IPv4	138.113.0.131	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	68.183.22.91	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 68.183.22.91 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	159.223.180.158	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 159.223.180.158 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, high).	2026-05-27
IPv4	139.224.209.153	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 139.224.209.153 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	155.2.192.208	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 155.2.192.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	134.209.208.57	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 134.209.208.57 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-27
IPv4	64.177.112.161	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 64.177.112.161 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	50.3.85.42	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 50.3.85.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	147.182.188.149	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 147.182.188.149 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	195.96.139.49	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 195.96.139.49 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	47.254.15.24	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 47.254.15.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-27
IPv4	51.68.111.239	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 51.68.111.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	170.9.16.186	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-27
IPv4	103.126.4.59	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	137.184.25.41	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 137.184.25.41 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	47.88.20.191	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	92.118.39.194	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 92.118.39.194 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	45.78.235.121	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Singapore, Singapore (AS150436, Byteplus Pte. Ltd.). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 6m 26s; 15 events.	2026-05-27
IPv4	192.241.149.187	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 192.241.149.187 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	101.96.200.79	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-27
IPv4	69.73.187.130	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from United States (AS11042, NETWORK TRANSIT HOLDINGS LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 1s; 5 events.	2026-05-27
IPv4	173.255.226.194	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 173.255.226.194 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	38.207.170.249	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 38.207.170.249 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Observed activity: 2 malware samples. Listed on: AbuseIPDB (brute-force, critical, multi-reported).	2026-05-27
IPv4	111.113.88.23	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 111.113.88.23 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	159.89.232.156	Score: 80/100. Labels: abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 159.89.232.156 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, high, multi-reported).	2026-05-27
IPv4	34.52.246.233	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 34.52.246.233 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	143.20.185.242	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 143.20.185.242 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	34.62.148.171	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 34.62.148.171 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-27
IPv4	34.156.165.169	Score: 51/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata	2026-05-27
IPv4	137.184.157.97	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 137.184.157.97 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	89.248.173.213	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 89.248.173.213 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	104.145.210.101	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 104.145.210.101 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	61.136.144.70	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 61.136.144.70 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands). Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	202.44.227.202	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 202.44.227.202 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-27
IPv4	159.223.141.59	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	192.253.248.173	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	198.211.112.218	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 198.211.112.218 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	209.15.117.12	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 209.15.117.12 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	18.225.72.60	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.	2026-05-27
IPv4	103.252.127.250	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bangladesh (AS133605, Bright Technologies Limited). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. SSH client: SSH-2.0-Go (HASSH: 01ca35584ad5...); duration: 10m 53s; 846 events.	2026-05-27
IPv4	113.192.60.129	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 113.192.60.129 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-27
IPv4	3.142.132.205	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	43.135.179.223	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 43.135.179.223 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	159.223.136.136	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 159.223.136.136 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	175.6.54.250	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 175.6.54.250 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	222.108.147.76	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-27
IPv4	35.190.210.118	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 35.190.210.118 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	58.253.179.204	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 58.253.179.204 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	118.145.238.60	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 118.145.238.60 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	165.154.6.130	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	220.185.64.7	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 220.185.64.7 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	195.178.110.28	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 195.178.110.28 observed using TLS client fingerprint 'Unknown TLS Client (bdc6223028d3)' 2 times when connecting to mdms1 between 2026-05-27 02:34 and 2026-05-27 02:34 UTC.	2026-05-27
IPv4	49.232.104.223	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. IP observed in Suricata network metadata	2026-05-27
IPv4	192.241.158.138	Score: 65/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, cowrie. 192.241.158.138 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, multi-reported).	2026-05-27
IPv4	167.172.143.61	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 167.172.143.61 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	198.58.122.23	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-27
IPv4	121.121.60.201	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 121.121.60.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	207.175.66.18	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 207.175.66.18 observed using SSH client fingerprint 'Unknown SSH Client (e788c657d1a2)' 6 times when connecting to mdms1 between 2026-05-27 03:28 and 2026-05-27 03:28 UTC.	2026-05-27
IPv4	198.199.66.46	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 198.199.66.46 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-27
IPv4	176.29.154.32	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 176.29.154.32 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	3.15.227.56	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	167.172.26.201	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 167.172.26.201 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	165.22.87.155	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 165.22.87.155 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, moderate, port-scan).	2026-05-27
IPv4	101.96.212.80	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	117.50.130.92	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 117.50.130.92 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	192.3.145.26	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 192.3.145.26 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	84.22.62.247	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Pristina, Kosovo (AS33983, Artmotion Sh.p.k.). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. duration: 3s; 3 events.	2026-05-27
IPv4	34.78.70.3	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 34.78.70.3 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-27
IPv4	195.96.139.167	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 195.96.139.167 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	106.12.7.70	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from China (AS38365, Beijing Baidu Netcom Science and Technology Co., Ltd.). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 98ddc5604ef6...); duration: 3m 16s; 10 events.	2026-05-27
IPv4	1.36.205.29	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 1.36.205.29 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	67.205.159.220	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 67.205.159.220 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	87.236.176.158	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	173.255.238.109	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 173.255.238.109 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	202.52.252.13	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Singapore (AS150436, Byteplus Pte. Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 2 unique usernames, execution of 3 commands (SSH key persistence), delivery of 3 malware samples. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f...	2026-05-27
IPv4	185.247.137.164	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.247.137.164 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-27
IPv4	195.96.139.157	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 16, uptime: 12 days 13 hrs 50 min (modulo 49 days) (last seen 2026-05-27T04:24:12.000Z)	2026-05-27
IPv4	134.209.72.167	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 1 events.	2026-05-27
IPv4	138.113.6.136	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Canada (AS54994, Meteverse Limited.). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 6 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron persistence, process killing, fir...	2026-05-27
IPv4	115.231.236.150	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-27
IPv4	171.111.218.2	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 171.111.218.2 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	185.241.208.27	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.241.208.27 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	45.195.8.231	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 45.195.8.231 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (20 commands), 1 credential attempts, 5 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	107.20.224.184	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 107.20.224.184 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	217.154.229.122	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 217.154.229.122 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (4 commands), 4 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	69.6.207.210	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 69.6.207.210 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (4 commands), 4 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	89.144.214.214	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 89.144.214.214 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (22 commands), 5 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	14.103.115.159	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 14.103.115.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	96.126.101.127	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	49.234.197.186	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 49.234.197.186 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	103.254.33.62	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Ahmedabad, India (AS17625, BlazeNets Network). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 15 failed login attempts, 15 credential pairs tried across 11 unique usernames, execution of 6 commands (SSH key persistence), delivery of 3 malware samples. SSH client: SSH-2.0-libssh_0.9.6 (HASSH...	2026-05-27
IPv4	103.187.146.33	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Indonesia (AS138608, Cloud Host Pte Ltd) [VPN/hosting provider]. Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 10 failed login attempts, 10 credential pairs tried across 7 unique usernames, execution of 4 commands (SSH key persistence, system reconnaissance), delivery of 4 malware sample...	2026-05-27
IPv4	119.148.8.66	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 119.148.8.66 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-27
IPv4	104.237.57.186	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. P0f: OS: Linux 3.11 and newer, link: Ethernet or modem, dist: 16, uptime: 5 days 18 hrs 13 min (modulo 49 days) (last seen 2026-05-27T05:41:17.000Z)	2026-05-27
IPv4	106.13.88.167	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from China (AS38365, Beijing Baidu Netcom Science and Technology Co., Ltd.). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 14 failed login attempts, 14 credential pairs tried across 9 unique usernames, execution of 4 commands (SSH key persistence, system reconnaissance), delivery of 4 malware...	2026-05-27
IPv4	70.15.241.176	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 70.15.241.176 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	191.84.3.72	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 191.84.3.72 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	77.83.39.130	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 77.83.39.130 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	124.117.193.20	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 124.117.193.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	120.209.33.24	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 120.209.33.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands). Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	172.236.239.55	Score: 54/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 172.236.239.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	34.73.117.61	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. Attacker IP from North Charleston, United States (AS396982, Google LLC). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 1 events.	2026-05-27
IPv4	47.86.191.41	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.86.191.41 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-27
IPv4	8.216.86.20	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 8.216.86.20 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-27
IPv4	8.221.142.235	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 8.221.142.235 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	173.255.225.25	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 173.255.225.25 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	188.248.187.248	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 188.248.187.248 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-27
IPv4	8.216.86.16	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 8.216.86.16 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	163.152.51.222	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	58.229.253.119	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Gwangjin-gu, South Korea (AS9318, SK Broadband Co Ltd). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 11 failed login attempts, 11 credential pairs tried across 5 unique usernames. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 15m 38s; 55 events.	2026-05-27
IPv4	173.255.192.244	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 173.255.192.244 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	165.22.172.165	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 165.22.172.165 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	199.203.206.211	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 199.203.206.211 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	47.84.207.92	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	211.178.247.182	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Gwangmyeong, South Korea (AS9318, SK Broadband Co Ltd). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 4 unique usernames, execution of 3 commands (SSH key persistence), delivery of 3 malware samples. SSH client: SSH-2.0-libssh_0.9.6 ...	2026-05-27
IPv4	103.75.191.220	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Kuala Lumpur, Malaysia (AS55720, Gigabit Hosting Sdn Bhd) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 3 unique usernames. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 3m 14s; 15 events.	2026-05-27
IPv4	74.7.227.188	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 74.7.227.188 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	204.48.23.226	Score: 57/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 204.48.23.226 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	42.180.132.32	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 42.180.132.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level2).	2026-05-27
IPv4	106.117.110.182	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 106.117.110.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	172.235.41.44	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 172.235.41.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	45.79.40.80	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.79.40.80 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	94.183.235.102	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 94.183.235.102 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	138.124.99.219	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-27
IPv4	160.19.156.35	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 160.19.156.35 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	14.241.81.27	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 14.241.81.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	27.19.6.82	Score: 54/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 27.19.6.82 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20...' 10 times when connecting to mdms1 between 2026-05-27 08:31 and 2026-05-27 08:32 UTC.	2026-05-27
IPv4	8.221.136.201	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 8.221.136.201 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	4.205.23.164	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 4.205.23.164 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	23.239.11.64	Score: 51/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 23.239.11.64 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-27
IPv4	198.154.202.222	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 198.154.202.222 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	195.96.139.126	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 195.96.139.126 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	195.96.139.125	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 195.96.139.125 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	59.52.102.247	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 59.52.102.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	43.138.184.44	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.138.184.44 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	87.236.176.137	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	162.214.99.119	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.214.99.119 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	195.96.139.118	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 195.96.139.118 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	198.1.126.196	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 198.1.126.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	185.247.137.122	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.122 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	195.96.139.134	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 195.96.139.134 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	102.204.205.76	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 102.204.205.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-27
IPv4	87.236.176.119	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.119 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	185.247.137.125	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.247.137.125 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	195.96.139.122	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 195.96.139.122 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	162.240.20.137	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.240.20.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	8.219.136.128	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.219.136.128 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	116.55.229.234	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 116.55.229.234 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	81.68.179.56	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 81.68.179.56 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	52.13.142.239	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 15, uptime: 49 days 13 hrs 25 min (modulo 49 days) (last seen 2026-05-27T09:37:59.000Z)	2026-05-27
IPv4	74.207.241.159	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	36.139.228.248	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS9808, China Mobile Communications Group Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 14m 21s; 2107 events.	2026-05-27
IPv4	212.199.105.109	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 212.199.105.109 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 25 times when connecting to db1lapetro between 2026-05-27 09:27 and 2026-05-27 09:51 UTC.	2026-05-27
IPv4	138.124.71.25	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 138.124.71.25 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 25 times when connecting to db1lapetro between 2026-05-27 09:26 and 2026-05-27 09:51 UTC.	2026-05-27
IPv4	117.72.110.172	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	165.154.60.76	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 165.154.60.76 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 21 times when connecting to offbackup1 between 2026-05-27 09:22 and 2026-05-27 09:51 UTC.	2026-05-27
IPv4	5.252.154.55	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 5.252.154.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	65.49.20.115	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 65.49.20.115 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	193.39.208.26	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 193.39.208.26 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 25 times when connecting to offbackup1 between 2026-05-27 09:17 and 2026-05-27 09:44 UTC.	2026-05-27
IPv4	103.146.177.202	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 103.146.177.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	3.19.74.31	Score: 52/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 3.19.74.31 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	116.72.9.17	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 116.72.9.17 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	23.88.2.228	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 23.88.2.228 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	198.57.216.254	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 198.57.216.254 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	140.235.19.20	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 140.235.19.20 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	101.99.94.178	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 101.99.94.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	140.235.17.25	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 140.235.17.25 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	140.235.17.48	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 140.235.17.48 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	140.235.18.168	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 140.235.18.168 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	72.51.56.6	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 72.51.56.6 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	207.174.2.240	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 207.174.2.240 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	72.51.57.7	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 72.51.57.7 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	140.235.17.47	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 140.235.17.47 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	167.71.46.86	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	207.174.3.223	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. P0f: OS: Windows 7 or 8, link: Ethernet or modem, dist: 19 (last seen 2026-05-27T10:50:04.000Z)	2026-05-27
IPv4	140.235.19.18	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 140.235.19.18 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-27
IPv4	207.174.3.225	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 207.174.3.225 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched.	2026-05-27
IPv4	140.235.18.167	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 140.235.18.167 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	140.235.17.46	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 140.235.17.46 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	207.174.3.224	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 207.174.3.224 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	140.235.19.19	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 140.235.19.19 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	116.110.158.146	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	27.79.1.70	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	222.176.200.244	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 222.176.200.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	2.69.46.54	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	85.11.167.160	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 85.11.167.160 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	94.26.106.199	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 94.26.106.199 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	4.228.83.111	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 4.228.83.111 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 154 times when connecting to db4lamedtech between 2026-05-27 10:33 and 2026-05-27 10:33 UTC.	2026-05-27
IPv4	103.163.118.115	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata	2026-05-27
IPv4	103.159.85.123	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 103.159.85.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	166.62.89.133	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 166.62.89.133 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, port-scan).	2026-05-27
IPv4	123.178.210.107	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 123.178.210.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	46.202.195.36	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 46.202.195.36 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	62.77.158.86	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 62.77.158.86 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	170.64.209.25	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. IP observed in Suricata network metadata	2026-05-27
IPv4	68.178.206.62	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 68.178.206.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	162.241.128.145	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 162.241.128.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	80.241.208.124	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 80.241.208.124 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	64.227.51.132	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 64.227.51.132 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	147.93.187.111	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 15, uptime: 32 days 6 hrs 24 min (modulo 49 days) (last seen 2026-05-27T12:05:33.000Z)	2026-05-27
IPv4	208.109.189.235	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 208.109.189.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-27
IPv4	122.14.154.237	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 122.14.154.237 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	198.58.100.172	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 198.58.100.172 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	107.180.79.106	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 107.180.79.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	139.84.152.198	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 139.84.152.198 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	198.20.247.186	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 198.20.247.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	98.86.199.78	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 98.86.199.78 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	113.161.164.20	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 113.161.164.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	18.220.34.106	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	162.241.233.159	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 162.241.233.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	39.78.140.223	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 39.78.140.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	198.57.172.249	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 198.57.172.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	97.74.92.13	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 97.74.92.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-27
IPv4	162.240.153.243	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 162.240.153.243 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	103.72.71.43	Score: 85/100. Labels: abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 103.72.71.43 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, exploited-host, hacking).	2026-05-27
IPv4	188.241.222.89	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Romania (AS5606, GTS Telecom SRL). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 1s; 5 events.	2026-05-27
IPv4	212.102.29.230	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 212.102.29.230 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-27
IPv4	167.71.244.19	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Clifton, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 1s; 5 events.	2026-05-27
IPv4	18.226.58.115	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	66.29.157.13	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from United States (AS22612, Namecheap, Inc.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 1s; 5 events.	2026-05-27
IPv4	27.79.3.76	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 27.79.3.76 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-27
IPv4	40.78.170.209	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 40.78.170.209 observed using HTTP client fingerprint 'HTTP Client (67b3dba8bc67)' 151 times when connecting to db1lapetro between 2026-05-27 11:36 and 2026-05-27 11:37 UTC.	2026-05-27
IPv4	103.149.192.169	Score: 72/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 103.149.192.169 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (low, port-scan, reported).	2026-05-27
IPv4	3.133.157.61	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 5s; 2 events.	2026-05-27
IPv4	3.148.182.104	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.	2026-05-27
IPv4	58.243.46.125	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate. 58.243.46.125 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-27
IPv4	35.90.87.249	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 35.90.87.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	3.14.12.125	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 51s; 2 events.	2026-05-27
IPv4	192.46.237.133	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 192.46.237.133 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	14.103.67.221	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 14.103.67.221 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	199.192.25.149	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 199.192.25.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	192.163.199.135	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 192.163.199.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	198.154.243.123	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 198.154.243.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	192.163.237.142	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 192.163.237.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	124.217.225.143	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 124.217.225.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	192.163.207.50	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 192.163.207.50 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	104.155.154.215	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 104.155.154.215 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	162.241.51.38	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.241.51.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	192.163.247.130	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 192.163.247.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	80.200.114.188	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 80.200.114.188 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-27
IPv4	5.189.150.210	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 5.189.150.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	18.222.178.17	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 18.222.178.17 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-27
IPv4	52.15.193.17	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 52.15.193.17 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	185.238.231.208	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:reported. 185.238.231.208 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	64.227.24.212	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 64.227.24.212 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	174.165.223.208	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 174.165.223.208 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched.	2026-05-27
IPv4	73.78.37.249	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 73.78.37.249 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-27
IPv4	98.195.124.52	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 98.195.124.52 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	161.35.180.229	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 161.35.180.229 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	104.237.145.228	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 104.237.145.228 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	159.65.231.124	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 159.65.231.124 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	132.148.26.32	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 132.148.26.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	198.57.190.159	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 198.57.190.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	139.196.106.220	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 139.196.106.220 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-27
IPv4	20.228.179.34	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 20.228.179.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	168.144.115.96	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 168.144.115.96 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	95.182.81.25	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 95.182.81.25 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	159.223.170.77	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	91.224.92.32	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 91.224.92.32 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	206.189.169.67	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 206.189.169.67 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	176.65.139.44	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 15, uptime: 38 days 22 hrs 52 min (modulo 49 days) (last seen 2026-05-27T12:40:41.000Z)	2026-05-27
IPv4	177.124.88.216	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	212.95.33.176	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 16, uptime: 22 days 0 hrs 53 min (modulo 49 days) (last seen 2026-05-27T12:40:17.000Z)	2026-05-27
IPv4	162.240.51.223	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.240.51.223 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, reported, well-known).	2026-05-27
IPv4	162.241.239.202	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 162.241.239.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	162.241.236.165	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 162.241.236.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-27
IPv4	162.215.8.190	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 162.215.8.190 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	139.226.10.151	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 139.226.10.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-27
IPv4	147.135.40.2	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 147.135.40.2 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	162.240.172.16	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 162.240.172.16 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	192.163.244.125	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 192.163.244.125 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	148.163.66.101	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export, abuseipdb:ssh. 148.163.66.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, port-scan).	2026-05-27
IPv4	162.240.58.185	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 162.240.58.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	198.20.228.102	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 198.20.228.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	162.144.195.114	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 162.144.195.114 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	97.74.6.204	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 97.74.6.204 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	142.4.23.76	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 142.4.23.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	108.179.221.129	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 108.179.221.129 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	159.89.118.200	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.89.118.200 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	60.214.128.238	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-27
IPv4	101.126.14.37	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 101.126.14.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	172.239.64.86	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 172.239.64.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-27
IPv4	3.17.206.73	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 3.17.206.73 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	190.5.200.98	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 190.5.200.98 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	64.202.186.161	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 64.202.186.161 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	72.249.68.239	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 72.249.68.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	162.144.33.243	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.144.33.243 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (2 commands), 2 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	202.165.249.187	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 202.165.249.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	104.28.156.250	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 104.28.156.250 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	92.205.107.87	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 92.205.107.87 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	45.127.5.35	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.127.5.35 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-27
IPv4	93.113.63.28	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 93.113.63.28 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	3.147.84.9	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. IP observed in Suricata network metadata	2026-05-27
IPv4	162.214.22.158	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 162.214.22.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	162.144.66.251	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.144.66.251 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	23.254.226.10	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 23.254.226.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	13.58.27.25	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	108.179.220.151	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 108.179.220.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	3.16.143.37	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	70.32.81.179	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 70.32.81.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	165.154.51.27	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 165.154.51.27 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	162.241.192.24	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 162.241.192.24 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	103.232.213.138	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 103.232.213.138 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	118.219.47.102	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	106.12.90.186	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 106.12.90.186 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 3 times when connecting to db1lapetro between 2026-05-27 13:44 and 2026-05-27 13:44 UTC.	2026-05-27
IPv4	103.157.218.125	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 103.157.218.125 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	162.144.116.225	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 162.144.116.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	163.176.214.184	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 163.176.214.184 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	162.144.46.185	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 162.144.46.185 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	46.101.110.51	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	198.57.229.120	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 198.57.229.120 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	117.36.154.162	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 117.36.154.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	208.109.9.180	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 208.109.9.180 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	142.54.180.100	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 142.54.180.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	153.80.240.216	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Russia (AS215540, Global Connectivity Solutions Llp). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh2_1.11.1 (HASSH: 19532158b559...); duration: 1s; 5 events.	2026-05-27
IPv4	162.215.128.59	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 162.215.128.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	162.241.33.130	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 162.241.33.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	121.52.147.5	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Faisalabad, Pakistan (AS45773, PERN AS Content Servie Provider, Islamabad, Pakistan). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 2s; 5 events.	2026-05-27
IPv4	151.80.77.244	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 151.80.77.244 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	142.4.15.137	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 142.4.15.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	194.180.48.149	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 194.180.48.149 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	190.60.4.95	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 190.60.4.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	132.148.26.66	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 132.148.26.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	66.56.85.13	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 66.56.85.13 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level3); AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	88.201.1.71	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 88.201.1.71 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	208.109.247.246	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 208.109.247.246 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	103.73.188.214	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.73.188.214 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	162.214.8.63	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.214.8.63 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	173.249.10.164	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 18, uptime: 48 days 23 hrs 23 min (modulo 49 days) (last seen 2026-05-27T14:57:54.000Z)	2026-05-27
IPv4	178.214.77.71	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 178.214.77.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	20.220.11.54	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 20.220.11.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	162.144.237.58	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.144.237.58 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	162.214.24.232	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.214.24.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	76.231.26.138	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 76.231.26.138 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	162.0.211.4	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 162.0.211.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	132.148.142.226	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 132.148.142.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	52.15.113.239	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 52.15.113.239 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	198.74.56.66	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	144.91.107.8	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 144.91.107.8 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	108.179.217.182	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 108.179.217.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	134.209.159.135	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 134.209.159.135 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	162.241.180.117	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.241.180.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	160.153.177.211	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 160.153.177.211 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	220.176.1.245	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 220.176.1.245 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	124.43.27.106	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 124.43.27.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	180.255.97.210	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 180.255.97.210 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	108.179.211.92	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 108.179.211.92 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	151.75.204.225	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 151.75.204.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	51.68.231.247	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 51.68.231.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	159.198.35.151	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 159.198.35.151 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	203.143.90.145	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 203.143.90.145 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	162.144.111.188	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.144.111.188 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	118.196.92.141	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 118.196.92.141 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	162.241.176.157	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.241.176.157 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	161.35.150.111	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan, abuseipdb:reported. 161.35.150.111 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	190.11.247.6	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 190.11.247.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched.	2026-05-27
IPv4	222.94.32.239	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 222.94.32.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	172.235.41.110	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 172.235.41.110 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-27
IPv4	178.104.171.151	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 178.104.171.151 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	128.1.131.218	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 128.1.131.218 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	62.171.176.27	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 62.171.176.27 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	107.170.53.181	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 107.170.53.181 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	178.128.230.19	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 178.128.230.19 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	12.125.34.210	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 12.125.34.210 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Observed activity: 2 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	18.117.136.215	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 18.117.136.215 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	198.57.187.216	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 198.57.187.216 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	162.144.93.143	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.144.93.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	18.221.97.201	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 18.221.97.201 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-05-27
IPv4	143.244.144.178	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	172.239.71.239	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 172.239.71.239 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	18.226.58.178	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Columbus, United States. Observed targeting government sector honeypot backup-hp-01 via h0neytr4p. 1 events.	2026-05-27
IPv4	159.223.185.86	Score: 60/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 159.223.185.86 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, low, port-scan).	2026-05-27
IPv4	117.15.188.194	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.15.188.194 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	86.48.0.75	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 4 unique usernames. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 6m 38s; 24 events.	2026-05-27
IPv4	162.144.100.227	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.144.100.227 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	31.184.253.113	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 31.184.253.113 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	23.190.152.61	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 23.190.152.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	72.60.108.23	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 72.60.108.23 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	89.190.156.61	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from Amsterdam, The Netherlands (AS49870, Alsycon B.V.). Observed targeting healthcare sector honeypot medtech-hp-01 via tanner. 1 events.	2026-05-27
IPv4	3.149.229.102	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Columbus, United States. Observed targeting healthcare sector honeypot medtech-hp-01 via h0neytr4p. duration: 2m 33s; 2 events.	2026-05-27
IPv4	111.160.198.67	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 111.160.198.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands). Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	173.255.233.65	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 173.255.233.65 observed using TLS client fingerprint 'Unknown TLS Client (2a3322ff12fd)' 4 times when connecting to offbackup1 between 2026-05-27 15:27 and 2026-05-27 15:27 UTC.	2026-05-27
IPv4	143.198.23.99	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 143.198.23.99 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	159.89.80.242	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.89.80.242 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	192.169.244.109	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 192.169.244.109 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	157.230.134.252	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 157.230.134.252 observed using TLS client fingerprint 'Unknown TLS Client (2a3322ff12fd)' 2 times when connecting to offbackup1 between 2026-05-27 15:25 and 2026-05-27 15:25 UTC.	2026-05-27
IPv4	134.209.6.73	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 134.209.6.73 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	191.96.11.219	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 191.96.11.219 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	207.180.194.182	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 207.180.194.182 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	185.3.95.98	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 185.3.95.98 observed using TLS client fingerprint 'Unknown TLS Client (2a3322ff12fd)' 3 times when connecting to offbackup1 between 2026-05-27 15:24 and 2026-05-27 15:24 UTC.	2026-05-27
IPv4	72.251.8.119	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 72.251.8.119 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	2.26.49.187	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 2.26.49.187 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	103.100.211.40	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 103.100.211.40 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	167.86.66.42	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 167.86.66.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	32.193.53.179	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 32.193.53.179 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	36.104.150.178	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 36.104.150.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	45.4.107.205	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	3.150.117.35	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 3.150.117.35 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-27
IPv4	13.59.96.172	Score: 81/100. Labels: abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 13.59.96.172 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (critical, ddos, hacking).	2026-05-27
IPv4	43.99.25.8	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 43.99.25.8 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	52.232.227.41	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 52.232.227.41 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	139.167.148.78	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 139.167.148.78 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	194.113.39.2	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bulgaria (AS206378, FOP Dmytro Nedilskyi). Observed targeting technology sector honeypot msp-rmm-hp-01 via heralding. duration: 18m 27s; 110 events.	2026-05-27
IPv4	194.113.39.6	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bulgaria (AS206378, FOP Dmytro Nedilskyi). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 18m 17s; 115 events.	2026-05-27
IPv4	194.113.39.34	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bulgaria (AS206378, FOP Dmytro Nedilskyi). Observed targeting technology sector honeypot msp-rmm-hp-01 via heralding. duration: 18m 19s; 116 events.	2026-05-27
IPv4	194.113.39.38	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bulgaria (AS206378, FOP Dmytro Nedilskyi). Observed targeting technology sector honeypot msp-rmm-hp-01 via heralding. duration: 18m 23s; 117 events.	2026-05-27
IPv4	194.113.39.26	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bulgaria (AS206378, FOP Dmytro Nedilskyi). Observed targeting technology sector honeypot msp-rmm-hp-01 via heralding. duration: 18m 24s; 117 events.	2026-05-27
IPv4	194.113.39.10	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bulgaria (AS206378, FOP Dmytro Nedilskyi). Observed targeting technology sector honeypot msp-rmm-hp-01 via heralding. duration: 18m 19s; 117 events.	2026-05-27
IPv4	194.113.39.22	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bulgaria (AS206378, FOP Dmytro Nedilskyi). Observed targeting technology sector honeypot msp-rmm-hp-01 via heralding. duration: 18m 24s; 117 events.	2026-05-27
IPv4	194.113.39.14	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bulgaria (AS206378, FOP Dmytro Nedilskyi). Observed targeting technology sector honeypot msp-rmm-hp-01 via heralding. duration: 18m 18s; 117 events.	2026-05-27
IPv4	194.113.39.30	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bulgaria (AS206378, FOP Dmytro Nedilskyi). Observed targeting technology sector honeypot msp-rmm-hp-01 via heralding. duration: 18m 20s; 117 events.	2026-05-27
IPv4	194.113.39.18	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bulgaria (AS206378, FOP Dmytro Nedilskyi). Observed targeting technology sector honeypot msp-rmm-hp-01 via heralding. duration: 18m 26s; 118 events.	2026-05-27
IPv4	18.119.10.63	Score: 52/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. IP observed in Suricata network metadata	2026-05-27
IPv4	197.31.52.168	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 197.31.52.168 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	183.61.109.82	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 183.61.109.82 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	87.232.123.89	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	103.219.170.37	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 103.219.170.37 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	47.253.170.71	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported, abuseipdb:port-scan. 47.253.170.71 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	18.226.9.22	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	209.126.77.170	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 209.126.77.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	46.101.186.117	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	183.224.131.83	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 183.224.131.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	80.78.25.205	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 80.78.25.205 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	176.65.148.160	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 176.65.148.160 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	18.191.137.110	Score: 63/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 18.191.137.110 observed using HTTP client fingerprint 'HTTP Client: visionheight.com/scan Mozilla/5.0 (Macintosh; Intel Mac OS X...' 2 times when connecting to mdms1 between 2026-05-27 17:33 and 2026-05-27 17:34 UTC.	2026-05-27
IPv4	103.126.117.76	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 103.126.117.76 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db4lamedtech between 2026-05-27 17:22 and 2026-05-27 17:23 UTC.	2026-05-27
IPv4	46.202.155.161	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 46.202.155.161 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-27
IPv4	45.40.138.235	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.40.138.235 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	203.101.186.243	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 203.101.186.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	217.150.47.21	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 217.150.47.21 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	142.93.19.233	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 142.93.19.233 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	35.226.238.205	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 35.226.238.205 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Observed activity: 2 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	161.35.194.237	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 161.35.194.237 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	68.50.251.149	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 68.50.251.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).	2026-05-27
IPv4	106.117.117.89	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 106.117.117.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	62.171.138.238	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 62.171.138.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	162.144.213.198	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 162.144.213.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	192.104.34.34	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 192.104.34.34 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	80.147.132.92	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Frankfurt am Main, Germany (AS3320, Deutsche Telekom AG). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 3 unique usernames. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 4m 23s; 20 events.	2026-05-27
IPv4	165.154.14.96	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Taipei, Taiwan (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) [VPN/hosting provider]. Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 9 failed login attempts, 9 credential pairs tried across 6 unique usernames, execution of 4 commands (SSH key persistence, system reconnaissance), deli...	2026-05-27
IPv4	34.7.191.35	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:web-attack, canary:bait-refinery. Attacker IP 34.7.191.35 observed using TLS client fingerprint 'Unknown TLS Client (b738cc05b73c)' 376 times when connecting to db1lapetro between 2026-05-27 18:42 and 2026-05-27 18:43 UTC.	2026-05-27
IPv4	101.126.82.218	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from China (AS137718, Beijing Volcano Engine Technology Co., Ltd.). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. 1 events.	2026-05-27
IPv4	165.232.48.48	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 165.232.48.48 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ftp-brute, hacking).	2026-05-27
IPv4	45.58.52.25	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Dallas, United States (AS7489, HostUS). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 3 unique usernames. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 4m 18s; 20 events.	2026-05-27
IPv4	189.169.24.245	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Celaya, Mexico (AS8151, UNINET). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 8 failed login attempts, 8 credential pairs tried across 6 unique usernames, execution of 8 commands (SSH key persistence, system reconnaissance), delivery of 4 malware samples. SSH client: SSH-2.0-libssh_0.9....	2026-05-27
IPv4	165.154.206.118	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 165.154.206.118 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-27
IPv4	165.154.29.158	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 165.154.29.158 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	159.65.185.219	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 159.65.185.219 observed using TLS client fingerprint 'Unknown TLS Client (5103125acceb)' 2 times when connecting to db4lamedtech between 2026-05-27 18:26 and 2026-05-27 18:26 UTC.	2026-05-27
IPv4	104.250.52.152	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. IP observed in Suricata network metadata	2026-05-27
IPv4	165.154.29.157	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	104.247.164.38	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 104.247.164.38 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	45.33.90.118	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 45.33.90.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	60.178.29.66	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	178.32.238.114	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 178.32.238.114 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	182.54.23.225	Score: 51/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.54.23.225 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-27
IPv4	62.132.18.142	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-27
IPv4	177.76.152.193	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	8.221.140.17	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 8.221.140.17 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	60.179.23.42	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	18.221.195.141	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	92.205.183.29	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-27
IPv4	115.217.106.202	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	123.187.57.238	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 123.187.57.238 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	3.21.242.76	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. IP observed in Suricata network metadata	2026-05-27
IPv4	47.237.207.120	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.207.120 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	31.182.57.86	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 31.182.57.86 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	194.187.179.213	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 194.187.179.213 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-05-27
IPv4	176.65.139.216	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	45.142.193.166	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 45.142.193.166 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	185.182.8.9	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 185.182.8.9 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	109.94.172.101	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-27
IPv4	64.23.136.20	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 64.23.136.20 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	8.216.87.214	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 8.216.87.214 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-27
IPv4	8.216.64.121	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 8.216.64.121 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	97.107.136.223	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 97.107.136.223 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	172.239.71.244	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 172.239.71.244 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	147.182.187.65	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 147.182.187.65 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	172.93.101.146	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low. 172.93.101.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	45.230.66.97	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 45.230.66.97 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	49.84.226.110	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 49.84.226.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, hacking, high).	2026-05-27
IPv4	165.22.166.123	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 165.22.166.123 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	38.242.249.163	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 38.242.249.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-27
IPv4	167.71.56.86	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	138.197.101.95	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 138.197.101.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	37.187.137.193	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	8.33.141.59	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 8.33.141.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	41.231.122.89	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	60.49.21.54	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 60.49.21.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	84.240.206.218	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-27
IPv4	3.135.190.68	Score: 51/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, anomaly:burst. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 4m 8s; 3 events.	2026-05-27
IPv4	43.156.111.141	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-27
IPv4	103.99.36.182	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.99.36.182 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	198.177.125.186	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 198.177.125.186 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	134.87.8.85	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 134.87.8.85 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	206.81.16.88	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	118.212.123.22	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 118.212.123.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-27
IPv4	137.184.222.223	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	157.230.129.55	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 157.230.129.55 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	46.8.78.121	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Hong Kong, Hong Kong (AS56971, Cgi Global Limited). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 9s; 5 events.	2026-05-27
IPv4	147.182.180.47	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 147.182.180.47 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	35.252.250.247	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:reported. Attacker IP 35.252.250.247 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, l...' 7 times when connecting to mdms1 between 2026-05-27 21:25 and 2026-05-27 21:25 UTC.	2026-05-27
IPv4	45.79.134.44	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 45.79.134.44 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-27
IPv4	162.243.38.7	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 162.243.38.7 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	165.227.171.102	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 165.227.171.102 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	62.60.252.128	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-27
IPv4	3.15.179.241	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 3.15.179.241 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	64.89.162.42	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 64.89.162.42 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	94.156.152.50	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 94.156.152.50 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	47.253.155.184	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.253.155.184 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-27
IPv4	47.245.94.204	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.245.94.204 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	121.158.196.131	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 121.158.196.131 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	42.83.147.53	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. P0f: OS: Linux 3.11 and newer, link: Ethernet or modem, app: ???, dist: 23, uptime: 45 days 6 hrs 33 min (modulo 49 days) (last seen 2026-05-27T22:45:52.000Z)	2026-05-27
IPv4	188.94.154.46	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP 188.94.154.46 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 22 times when connecting to mdms1 between 2026-05-27 22:45 and 2026-05-27 22:59 UTC.	2026-05-27
IPv4	178.156.243.101	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 17, uptime: 45 days 15 hrs 5 min (modulo 49 days) (last seen 2026-05-27T22:44:40.000Z)	2026-05-27
IPv4	73.206.62.105	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 73.206.62.105 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (moderate, reported).	2026-05-27
IPv4	114.35.59.237	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-27
IPv4	139.59.125.160	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 139.59.125.160 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-27
IPv4	157.230.208.70	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-27
IPv4	66.228.53.163	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 66.228.53.163 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-27
IPv4	35.240.219.241	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP 35.240.219.241 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 39 times when connecting to db4lamedtech between 2026-05-27 22:37 and 2026-05-27 22:38 UTC.	2026-05-27
IPv4	39.130.242.53	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 39.130.242.53 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	167.99.243.234	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 167.99.243.234 observed using TLS client fingerprint 'Unknown TLS Client (b213b642d5cb)' 7 times when connecting to mdms1 between 2026-05-27 22:36 and 2026-05-27 22:36 UTC.	2026-05-27
IPv4	172.235.19.188	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 172.235.19.188 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-27
IPv4	98.158.78.44	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 98.158.78.44 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	144.31.4.70	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 144.31.4.70 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	116.211.150.126	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 116.211.150.126 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	68.178.172.54	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	14.29.196.194	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 14.29.196.194 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands). Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-28
IPv4	82.199.197.245	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	45.56.100.216	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	45.79.149.61	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.79.149.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	3.94.241.156	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 3.94.241.156 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	185.177.72.54	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-28
IPv4	165.22.226.144	Score: 63/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. IP observed in Suricata network metadata	2026-05-28
IPv4	93.189.229.93	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 93.189.229.93 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	185.177.72.49	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 185.177.72.49 observed using HTTP client fingerprint 'HTTP Client: curl/8.7.1' 2936 times when connecting to mdms1 between 2026-05-28 00:46 and 2026-05-28 00:53 UTC.	2026-05-28
IPv4	223.166.22.55	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 223.166.22.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	192.141.150.2	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 192.141.150.2 observed using SSH client fingerprint 'Unknown SSH Client (ec7378c1a92f)' 2 times when connecting to db1lapetro between 2026-05-28 00:29 and 2026-05-28 00:29 UTC.	2026-05-28
IPv4	68.183.122.119	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export, abuseipdb:web-attack. 68.183.122.119 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-28
IPv4	45.148.10.200	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 45.148.10.200 observed using TLS client fingerprint 'Unknown TLS Client (f705a791346f)' 7 times when connecting to offbackup1 between 2026-05-28 00:44 and 2026-05-28 00:45 UTC.	2026-05-28
IPv4	134.122.56.153	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP 134.122.56.153 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to db1lapetro between 2026-05-28 00:19 and 2026-05-28 00:19 UTC.	2026-05-28
IPv4	82.199.197.245	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	45.56.100.216	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	45.79.149.61	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.79.149.61 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	3.94.241.156	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 3.94.241.156 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	185.177.72.54	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-28
IPv4	165.22.226.144	Score: 63/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. IP observed in Suricata network metadata	2026-05-28
IPv4	93.189.229.93	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 93.189.229.93 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	185.177.72.49	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 185.177.72.49 observed using HTTP client fingerprint 'HTTP Client: curl/8.7.1' 2936 times when connecting to mdms1 between 2026-05-28 00:46 and 2026-05-28 00:53 UTC.	2026-05-28
IPv4	223.166.22.55	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 223.166.22.55 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	192.141.150.2	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 192.141.150.2 observed using SSH client fingerprint 'Unknown SSH Client (ec7378c1a92f)' 2 times when connecting to db1lapetro between 2026-05-28 00:29 and 2026-05-28 00:29 UTC.	2026-05-28
IPv4	68.183.122.119	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export, abuseipdb:web-attack. 68.183.122.119 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-28
IPv4	45.148.10.200	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP 45.148.10.200 observed using TLS client fingerprint 'Unknown TLS Client (f705a791346f)' 7 times when connecting to offbackup1 between 2026-05-28 00:44 and 2026-05-28 00:45 UTC.	2026-05-28
IPv4	134.122.56.153	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP 134.122.56.153 observed using TLS client fingerprint 'Unknown TLS Client (8e3145abdb9e)' 2 times when connecting to db1lapetro between 2026-05-28 00:19 and 2026-05-28 00:19 UTC.	2026-05-28
IPv4	47.251.42.165	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.251.42.165 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	35.233.31.34	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	44.220.185.177	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	91.156.233.254	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 91.156.233.254 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	104.155.94.32	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh, auth:failed. IP observed in Suricata network metadata	2026-05-28
IPv4	57.129.99.188	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 57.129.99.188 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	52.15.79.216	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. IP observed in Suricata network metadata	2026-05-28
IPv4	34.156.144.164	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 34.156.144.164 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	124.227.31.4	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 124.227.31.4 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-28
IPv4	118.212.122.117	Score: 75/100. Labels: abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 118.212.122.117 classified as commodity attacker using automated exploitation tooling (medium confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, iot-targeted, low).	2026-05-28
IPv4	164.92.212.88	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	101.96.224.136	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 101.96.224.136 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	89.190.156.8	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Amsterdam, The Netherlands (AS49870, Alsycon B.V.). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 13 failed login attempts, 13 credential pairs tried across 9 unique usernames, execution of 3 commands (SSH key persistence), delivery of 3 malware samples. SSH client: SSH-2.0-libssh_0.9.6 ...	2026-05-28
IPv4	180.184.52.206	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 180.184.52.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	146.88.241.22	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 146.88.241.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	165.227.134.2	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. IP observed in Suricata network metadata	2026-05-28
IPv4	104.128.144.207	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 104.128.144.207 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	5.83.143.40	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Amsterdam, The Netherlands (AS200912, Joel Krause). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 16m 0s; 44 events.	2026-05-28
IPv4	176.65.139.203	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 176.65.139.203 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 17 times when connecting to mdms1 between 2026-05-28 02:49 and 2026-05-28 02:51 UTC.	2026-05-28
IPv4	192.121.136.190	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 192.121.136.190 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, hacking).	2026-05-28
IPv4	192.121.135.97	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 192.121.135.97 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-28
IPv4	16.59.123.195	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	104.248.133.110	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 104.248.133.110 observed using HTTP client fingerprint 'HTTP Client (d41d8cd98f00)' 3 times when connecting to db1lapetro between 2026-05-28 02:35 and 2026-05-28 02:35 UTC.	2026-05-28
IPv4	66.228.40.100	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Cedar Knolls, United States (AS63949, Akamai Connected Cloud) [VPN/hosting provider]. Observed targeting technology sector honeypot msp-rmm-hp-01 via tanner. 1 events.	2026-05-28
IPv4	3.150.129.97	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 4m 14s; 4 events.	2026-05-28
IPv4	18.224.182.169	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 2m 36s; 2 events.	2026-05-28
IPv4	45.79.207.109	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	134.122.42.76	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 134.122.42.76 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	34.100.177.31	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 34.100.177.31 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	186.246.14.196	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 186.246.14.196 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	114.80.32.225	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 114.80.32.225 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	115.190.52.153	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 115.190.52.153 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	84.75.220.231	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 84.75.220.231 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	223.100.120.84	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 223.100.120.84 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	178.128.149.204	Score: 57/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 178.128.149.204 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-28
IPv4	34.62.233.30	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 34.62.233.30 observed using SSH client fingerprint 'Unknown SSH Client (e788c657d1a2)' 6 times when connecting to db4lamedtech between 2026-05-28 03:17 and 2026-05-28 03:17 UTC.	2026-05-28
IPv4	39.129.1.237	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 39.129.1.237 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	36.213.113.246	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 36.213.113.246 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	171.231.196.145	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Da Nang, Vietnam (AS7552, Viettel Group). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 4m 27s; 8 events.	2026-05-28
IPv4	198.154.207.145	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 198.154.207.145 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	185.61.216.94	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 185.61.216.94 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, low, port-scan).	2026-05-28
IPv4	43.133.140.5	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Jakarta, Indonesia (AS132203, Tencent Building, Kejizhongyi Avenue). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 3 unique usernames, execution of 20 commands (SSH key persistence, password changes, system reconnaissance, cron pers...	2026-05-28
IPv4	82.165.129.229	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 82.165.129.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	130.12.180.18	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 130.12.180.18 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	59.92.115.251	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. P0f: OS: Windows NT kernel 5.x, link: Ethernet or modem, dist: 21 (last seen 2026-05-28T06:26:39.000Z)	2026-05-28
IPv4	116.198.41.73	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 116.198.41.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	220.250.52.89	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 220.250.52.89 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	164.92.145.134	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 164.92.145.134 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	3.145.89.31	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported, abuseipdb:port-scan. 3.145.89.31 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	34.156.138.239	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 34.156.138.239 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	104.128.144.216	Score: 69/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 104.128.144.216 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-28
IPv4	176.65.139.214	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 176.65.139.214 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	64.227.83.210	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 64.227.83.210 observed triggering 2 Suricata alerts (medium severity, Potentially Bad Traffic) targeting db1lapetro. Signatures detected: ET REMOTE_ACCESS Inbound RDP Connection with Minimal Security Protocol Requested. This IP exhibited malicious behavior consistent with Potentially Bad Traffic patterns.	2026-05-28
IPv4	189.167.205.217	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 189.167.205.217 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	165.227.134.206	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 165.227.134.206 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	18.219.89.239	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.	2026-05-28
IPv4	195.96.139.74	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 195.96.139.74 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	87.236.176.75	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 87.236.176.75 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	195.96.139.88	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 195.96.139.88 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	117.72.63.21	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 117.72.63.21 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	195.96.139.99	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 195.96.139.99 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	185.247.137.90	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.247.137.90 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	91.227.114.186	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Berlin, Germany (AS210006, Shereverov Marat Ahmedovich). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. 2 events.	2026-05-28
IPv4	195.96.139.77	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 195.96.139.77 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	213.170.135.11	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 213.170.135.11 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	116.99.172.203	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 116.99.172.203 observed using SSH client fingerprint 'Unknown SSH Client (fda360b1b4f4)' 13 times when connecting to db4lamedtech between 2026-05-28 05:21 and 2026-05-28 06:05 UTC.	2026-05-28
IPv4	118.253.182.123	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 118.253.182.123 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	45.11.3.161	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 45.11.3.161 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, low).	2026-05-28
IPv4	201.144.122.243	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 201.144.122.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	89.117.172.52	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 89.117.172.52 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	128.199.228.252	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 128.199.228.252 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-28
IPv4	180.76.147.77	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 180.76.147.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	150.5.131.119	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	23.95.132.61	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata	2026-05-28
IPv4	104.243.42.167	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-28
IPv4	89.116.31.97	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 89.116.31.97 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 4 times when connecting to db1lapetro between 2026-05-28 06:49 and 2026-05-28 07:02 UTC.	2026-05-28
IPv4	210.212.136.3	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	34.22.210.205	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 34.22.210.205 observed using SSH client fingerprint 'Unknown SSH Client (e788c657d1a2)' 6 times when connecting to mdms1 between 2026-05-28 06:44 and 2026-05-28 06:44 UTC.	2026-05-28
IPv4	146.190.246.198	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 146.190.246.198 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	112.242.209.98	Score: 60/100. Labels: abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS4837, CHINA UNICOM China169 Backbone). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 5m 55s; 5 events.	2026-05-28
IPv4	18.218.247.184	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	84.200.16.99	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 84.200.16.99 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 3 times when connecting to db1lapetro between 2026-05-28 06:42 and 2026-05-28 06:42 UTC.	2026-05-28
IPv4	54.86.115.253	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 54.86.115.253 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-28
IPv4	73.97.254.192	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 73.97.254.192 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	194.187.179.181	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 194.187.179.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	194.187.179.94	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.94 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	194.187.179.14	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.14 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	139.198.19.38	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 139.198.19.38 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	157.230.8.207	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 157.230.8.207 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	107.170.3.85	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 107.170.3.85 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	103.182.235.156	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 103.182.235.156 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 4 times when connecting to db4lamedtech between 2026-05-28 07:57 and 2026-05-28 07:57 UTC.	2026-05-28
IPv4	111.48.160.201	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Wuhan, China (AS9808, China Mobile Communications Group Co., Ltd.). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. duration: 47s; 2 events.	2026-05-28
IPv4	137.184.239.50	Score: 52/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. IP observed in Suricata network metadata	2026-05-28
IPv4	34.131.91.126	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 34.131.91.126 observed using TLS client fingerprint 'Unknown TLS Client (082f07b3f5bc)' 5 times when connecting to offbackup1 between 2026-05-28 07:39 and 2026-05-28 07:39 UTC.	2026-05-28
IPv4	43.134.58.184	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.134.58.184 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-28
IPv4	64.227.133.94	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 64.227.133.94 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	107.189.23.48	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 107.189.23.48 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 15 times when connecting to mdms1 between 2026-05-28 07:29 and 2026-05-28 07:46 UTC.	2026-05-28
IPv4	85.206.68.80	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Kaunas, Lithuania (AS8764, Telia Lietuva, AB). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username, execution of 22 commands (SSH key persistence, password changes, system reconnaissance, cron persistence), delivery ...	2026-05-28
IPv4	173.255.246.157	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	168.144.95.87	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 168.144.95.87 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	8.208.9.215	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 8.208.9.215 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	176.9.123.221	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 176.9.123.221 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	185.142.99.76	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 185.142.99.76 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	159.203.188.163	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 159.203.188.163 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	193.29.13.247	Score: 54/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 193.29.13.247 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-28
IPv4	107.180.101.177	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 107.180.101.177 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	159.203.33.199	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	115.191.9.67	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 115.191.9.67 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-05-28
IPv4	113.160.82.122	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Hanoi, Vietnam (AS45899, VNPT Corp). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 1m 57s; 15 events.	2026-05-28
IPv4	147.15.20.173	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from São Paulo, Brazil (AS31898, Oracle Corporation). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 2 unique usernames, execution of 3 commands (SSH key persistence), delivery of 3 malware samples. SSH client: SSH-2.0-libssh_0.9.6 (...	2026-05-28
IPv4	143.244.54.15	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 143.244.54.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	101.96.198.153	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	14.248.82.157	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Hanoi, Vietnam (AS45899, VNPT Corp). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username, execution of 3 commands (SSH key persistence), delivery of 3 malware samples. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...);...	2026-05-28
IPv4	147.124.195.71	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. IP observed in Suricata network metadata	2026-05-28
IPv4	34.186.241.251	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 34.186.241.251 observed using TLS client fingerprint 'Unknown TLS Client (082f07b3f5bc)' 5 times when connecting to db1lapetro between 2026-05-28 08:34 and 2026-05-28 08:34 UTC.	2026-05-28
IPv4	222.94.32.134	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 222.94.32.134 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	110.177.178.232	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 110.177.178.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, low).	2026-05-28
IPv4	47.83.165.237	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.83.165.237 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	89.116.167.143	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 89.116.167.143 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	192.210.228.134	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 192.210.228.134 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-28
IPv4	183.81.86.112	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 183.81.86.112 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	173.255.225.15	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 173.255.225.15 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	148.222.199.82	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 148.222.199.82 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	77.83.39.119	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 77.83.39.119 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	165.227.112.177	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 165.227.112.177 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	198.50.202.93	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 198.50.202.93 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	98.41.156.214	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported. 98.41.156.214 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	142.44.149.52	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 142.44.149.52 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	116.233.54.190	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 116.233.54.190 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	20.244.90.19	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 20.244.90.19 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	161.35.232.102	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 161.35.232.102 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-28
IPv4	78.40.37.143	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 78.40.37.143 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-28
IPv4	157.245.123.211	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 157.245.123.211 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	200.35.157.98	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 200.35.157.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	45.153.34.181	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Eygelshoven, The Netherlands (AS51396, Pfcloud UG (haftungsbeschrankt)) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 192 failed login attempts, 192 credential pairs tried across 95 unique usernames, execution of 5 commands (system reconnaissance), delivery o...	2026-05-28
IPv4	108.179.208.121	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 108.179.208.121 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	41.76.110.73	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 41.76.110.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	108.179.211.49	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 108.179.211.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-28
IPv4	123.245.84.79	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 123.245.84.79 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-28
IPv4	116.178.128.14	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 116.178.128.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-28
IPv4	52.171.143.10	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 52.171.143.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	182.173.227.87	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 182.173.227.87 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	109.166.213.10	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 109.166.213.10 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	195.96.139.13	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 195.96.139.13 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	31.170.22.196	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 31.170.22.196 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	162.241.134.101	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 162.241.134.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	178.128.185.29	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 178.128.185.29 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	182.44.116.87	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 182.44.116.87 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (22 commands), 5 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	3.18.186.238	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 3.18.186.238 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	181.214.135.124	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 181.214.135.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 2 malware samples. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	103.247.13.142	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	202.145.0.112	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 21, uptime: 31 days 16 hrs 25 min (modulo 49 days) (last seen 2026-05-28T11:52:00.000Z)	2026-05-28
IPv4	198.23.141.130	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 198.23.141.130 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 2 times when connecting to db1lapetro between 2026-05-28 11:42 and 2026-05-28 11:55 UTC.	2026-05-28
IPv4	52.2.226.16	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 52.2.226.16 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	67.227.108.80	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 67.227.108.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	50.116.99.150	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 50.116.99.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	58.220.17.109	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 58.220.17.109 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	207.180.243.49	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 207.180.243.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	14.224.238.73	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 14.224.238.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	195.190.10.120	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Croatia (AS47107, Megatrend Poslovna Rjesenja d.o.o.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username, execution of 2 commands (system reconnaissance), delivery of 2 malware samples. SSH client: SSH-2.0-Go (HASSH: 1...	2026-05-28
IPv4	47.253.158.104	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 47.253.158.104 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	87.236.176.89	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 87.236.176.89 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	87.236.176.100	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.100 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	195.96.139.89	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 195.96.139.89 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	195.96.139.97	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 195.96.139.97 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	165.22.184.88	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 165.22.184.88 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 2 times when connecting to db1lapetro between 2026-05-28 11:22 and 2026-05-28 12:00 UTC.	2026-05-28
IPv4	87.236.176.77	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 87.236.176.77 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	20.157.117.15	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.157.117.15 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (3 commands), 3 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	18.118.30.149	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	76.157.219.158	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 76.157.219.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	103.214.69.210	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.214.69.210 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	209.50.173.22	Score: 87/100. Labels: abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:firehol_level1, firehol:listed. 209.50.173.22 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (low, reported, web-attack).	2026-05-28
IPv4	104.207.60.174	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 104.207.60.174 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	104.207.55.149	Score: 52/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 104.207.55.149 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	216.26.252.210	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 216.26.252.210 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, ddos, hacking).	2026-05-28
IPv4	45.3.44.73	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 45.3.44.73 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	104.207.59.212	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:unlisted. 104.207.59.212 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, reported).	2026-05-28
IPv4	216.26.237.196	Score: 94/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 216.26.237.196 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (clean).	2026-05-28
IPv4	65.111.29.226	Score: 61/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 65.111.29.226 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-28
IPv4	216.26.243.111	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 216.26.243.111 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	216.26.247.200	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 216.26.247.200 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	209.50.162.158	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 209.50.162.158 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, ddos, hacking).	2026-05-28
IPv4	209.50.189.143	Score: 75/100. Labels: abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 209.50.189.143 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (ddos, hacking, low).	2026-05-28
IPv4	104.207.35.236	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported. 104.207.35.236 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-28
IPv4	216.26.228.162	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 216.26.228.162 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	216.26.255.55	Score: 75/100. Labels: abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 216.26.255.55 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (ddos, hacking, low).	2026-05-28
IPv4	104.207.45.81	Score: 72/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 104.207.45.81 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-05-28
IPv4	209.50.172.46	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 209.50.172.46 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).	2026-05-28
IPv4	104.207.36.46	Score: 69/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 104.207.36.46 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (exploited-host, hacking, low).	2026-05-28
IPv4	45.3.43.240	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 45.3.43.240 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	209.50.169.100	Score: 92/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:firehol_abusers_30d. 209.50.169.100 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level1).	2026-05-28
IPv4	65.111.0.154	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh. 65.111.0.154 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, hacking).	2026-05-28
IPv4	209.50.173.239	Score: 90/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:firehol_level1. 209.50.173.239 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (hacking, low, reported).	2026-05-28
IPv4	65.111.0.42	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 65.111.0.42 classified as attacker with unclear intent (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (minimal, reported).	2026-05-28
IPv4	217.181.92.207	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 217.181.92.207 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-28
IPv4	216.26.237.4	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 216.26.237.4 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, hacking, moderate).	2026-05-28
IPv4	84.22.156.200	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 84.22.156.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	18.223.0.198	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 15, uptime: 38 days 3 hrs 33 min (modulo 49 days) (last seen 2026-05-28T12:54:40.000Z)	2026-05-28
IPv4	45.3.50.93	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 45.3.50.93 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	18.222.219.142	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-28
IPv4	51.38.226.110	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 51.38.226.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	13.59.131.1	Score: 57/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 13.59.131.1 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-28
IPv4	181.215.60.5	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-28
IPv4	172.239.64.84	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 172.239.64.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	195.96.139.243	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 195.96.139.243 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	20.157.117.15	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 20.157.117.15 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (3 commands), 3 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	18.118.30.149	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	76.157.219.158	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 76.157.219.158 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	103.214.69.210	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 103.214.69.210 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	209.50.173.22	Score: 87/100. Labels: abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:firehol_level1, firehol:listed. 209.50.173.22 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (low, reported, web-attack).	2026-05-28
IPv4	104.207.60.174	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 104.207.60.174 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	104.207.55.149	Score: 52/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 104.207.55.149 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	216.26.252.210	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 216.26.252.210 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, ddos, hacking).	2026-05-28
IPv4	45.3.44.73	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 45.3.44.73 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	104.207.59.212	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:unlisted. 104.207.59.212 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, reported).	2026-05-28
IPv4	216.26.237.196	Score: 94/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 216.26.237.196 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (clean).	2026-05-28
IPv4	65.111.29.226	Score: 61/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 65.111.29.226 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-28
IPv4	216.26.243.111	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 216.26.243.111 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	216.26.247.200	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 216.26.247.200 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	209.50.162.158	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 209.50.162.158 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, ddos, hacking).	2026-05-28
IPv4	209.50.189.143	Score: 75/100. Labels: abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 209.50.189.143 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (ddos, hacking, low).	2026-05-28
IPv4	104.207.35.236	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported. 104.207.35.236 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-28
IPv4	216.26.228.162	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 216.26.228.162 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	216.26.255.55	Score: 75/100. Labels: abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 216.26.255.55 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (ddos, hacking, low).	2026-05-28
IPv4	104.207.45.81	Score: 72/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 104.207.45.81 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-05-28
IPv4	209.50.172.46	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 209.50.172.46 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).	2026-05-28
IPv4	104.207.36.46	Score: 69/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 104.207.36.46 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (exploited-host, hacking, low).	2026-05-28
IPv4	45.3.43.240	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 45.3.43.240 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	209.50.169.100	Score: 92/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:firehol_abusers_30d. 209.50.169.100 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level1).	2026-05-28
IPv4	65.111.0.154	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:ssh. 65.111.0.154 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, hacking).	2026-05-28
IPv4	209.50.173.239	Score: 90/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, firehol:firehol_level1. 209.50.173.239 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (hacking, low, reported).	2026-05-28
IPv4	65.111.0.42	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 65.111.0.42 classified as attacker with unclear intent (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (minimal, reported).	2026-05-28
IPv4	217.181.92.207	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 217.181.92.207 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-28
IPv4	216.26.237.4	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 216.26.237.4 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, hacking, moderate).	2026-05-28
IPv4	84.22.156.200	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 84.22.156.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	18.223.0.198	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 15, uptime: 38 days 3 hrs 33 min (modulo 49 days) (last seen 2026-05-28T12:54:40.000Z)	2026-05-28
IPv4	45.3.50.93	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 45.3.50.93 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	18.222.219.142	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-28
IPv4	51.38.226.110	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 51.38.226.110 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	13.59.131.1	Score: 57/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 13.59.131.1 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-28
IPv4	181.215.60.5	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-28
IPv4	172.239.64.84	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 172.239.64.84 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	195.96.139.243	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 195.96.139.243 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	193.169.194.47	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 193.169.194.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, hacking, moderate).	2026-05-28
IPv4	116.178.131.250	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	171.36.7.20	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 171.36.7.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	144.123.76.242	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 144.123.76.242 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-28
IPv4	85.133.193.72	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 85.133.193.72 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-28
IPv4	119.187.149.238	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 119.187.149.238 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	219.131.193.226	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 219.131.193.226 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	122.177.246.112	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	64.227.105.251	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata	2026-05-28
IPv4	42.51.44.199	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 42.51.44.199 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	209.38.135.189	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 209.38.135.189 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	5.255.126.29	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Dronten, The Netherlands (AS60404, The Infrastructure Group B.V.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 3 unique usernames. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 15m 12s; 39 events.	2026-05-28
IPv4	114.244.232.184	Score: 96/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	185.156.174.178	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 185.156.174.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-28
IPv4	115.190.173.110	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 115.190.173.110 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	185.209.31.121	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 185.209.31.121 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	193.32.248.182	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Berlin, Germany (AS39351, 31173 Services AB). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.	2026-05-28
IPv4	108.179.219.150	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 108.179.219.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	194.176.114.36	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 194.176.114.36 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 20 times when connecting to mdms1 between 2026-05-28 13:37 and 2026-05-28 13:48 UTC.	2026-05-28
IPv4	198.1.66.233	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 198.1.66.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	193.169.194.47	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 193.169.194.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, hacking, moderate).	2026-05-28
IPv4	116.178.131.250	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 116.178.131.250 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	171.36.7.20	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 171.36.7.20 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	144.123.76.242	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 144.123.76.242 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-28
IPv4	85.133.193.72	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 85.133.193.72 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-28
IPv4	119.187.149.238	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 119.187.149.238 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	219.131.193.226	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 219.131.193.226 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	122.177.246.112	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	64.227.105.251	Score: 60/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata	2026-05-28
IPv4	42.51.44.199	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 42.51.44.199 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	209.38.135.189	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 209.38.135.189 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	5.255.126.29	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Dronten, The Netherlands (AS60404, The Infrastructure Group B.V.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 3 unique usernames. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 15m 12s; 39 events.	2026-05-28
IPv4	114.244.232.184	Score: 96/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	185.156.174.178	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 185.156.174.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-28
IPv4	115.190.173.110	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 115.190.173.110 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	185.209.31.121	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 185.209.31.121 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	193.32.248.182	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Berlin, Germany (AS39351, 31173 Services AB). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.	2026-05-28
IPv4	108.179.219.150	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 108.179.219.150 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	194.176.114.36	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 194.176.114.36 observed using SSH client fingerprint 'Unknown SSH Client (03a80b21afa8)' 20 times when connecting to mdms1 between 2026-05-28 13:37 and 2026-05-28 13:48 UTC.	2026-05-28
IPv4	198.1.66.233	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 198.1.66.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	134.122.79.108	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 134.122.79.108 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	64.227.82.25	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 64.227.82.25 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	206.135.182.161	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 206.135.182.161 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	84.252.157.151	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 84.252.157.151 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	183.224.226.40	Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 183.224.226.40 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-05-28
IPv4	3.15.137.109	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 2m 28s; 2 events.	2026-05-28
IPv4	18.220.203.55	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 18.220.203.55 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-28
IPv4	167.71.89.20	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. IP observed in Suricata network metadata	2026-05-28
IPv4	45.154.244.164	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 45.154.244.164 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-28
IPv4	161.35.35.18	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 161.35.35.18 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	183.94.135.138	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. P0f: OS: Linux 3.11 and newer, link: ???, dist: 21, uptime: 0 days 20 hrs 18 min (modulo 49 days) (last seen 2026-05-28T14:35:32.000Z)	2026-05-28
IPv4	103.109.139.77	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 103.109.139.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	24.199.90.178	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. IP observed in Suricata network metadata	2026-05-28
IPv4	168.144.158.183	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 168.144.158.183 observed using SSH client fingerprint 'Unknown SSH Client (16443846184e)' 5 times when connecting to db1lapetro between 2026-05-28 14:32 and 2026-05-28 14:48 UTC.	2026-05-28
IPv4	143.110.161.209	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 143.110.161.209 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	8.159.149.123	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.159.149.123 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-28
IPv4	63.27.16.88	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 63.27.16.88 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	164.90.224.166	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 164.90.224.166 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-28
IPv4	167.71.106.241	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	152.136.23.159	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 152.136.23.159 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	125.122.36.17	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 125.122.36.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	61.76.38.54	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-28
IPv4	51.210.96.166	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	18.118.145.93	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 18.118.145.93 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	207.90.244.28	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 207.90.244.28 observed using TLS client fingerprint 'Unknown TLS Client (da049029c0c5)' 4 times when connecting to mdms1 between 2026-05-28 15:58 and 2026-05-28 15:59 UTC.	2026-05-28
IPv4	208.84.100.145	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 208.84.100.145 observed using TLS client fingerprint 'Unknown TLS Client (c023668399b5)' 2 times when connecting to db4lamedtech between 2026-05-28 15:59 and 2026-05-28 16:00 UTC.	2026-05-28
IPv4	202.88.244.2	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 202.88.244.2 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (critical, reported).	2026-05-28
IPv4	61.169.106.246	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 61.169.106.246 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	101.249.60.175	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 101.249.60.175 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level4).	2026-05-28
IPv4	165.22.186.217	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 165.22.186.217 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-28
IPv4	179.181.11.10	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 179.181.11.10 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	194.163.160.229	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 194.163.160.229 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	117.35.158.142	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 117.35.158.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	68.66.251.43	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-28
IPv4	47.251.44.0	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 47.251.44.0 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	190.86.199.171	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 190.86.199.171 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	41.86.7.228	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP 41.86.7.228 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 4 times when connecting to mdms1 between 2026-05-28 16:39 and 2026-05-28 16:40 UTC.	2026-05-28
IPv4	123.178.210.36	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 123.178.210.36 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-28
IPv4	167.99.101.214	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	117.33.236.100	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 117.33.236.100 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	165.22.136.42	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. IP observed in Suricata network metadata	2026-05-28
IPv4	43.156.244.128	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 43.156.244.128 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	141.94.123.107	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from France (AS16276, OVH SAS) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via sentrypeer. duration: 16m 48s; 45 events.	2026-05-28
IPv4	223.85.251.61	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. Attacker IP from Chengdu, China (AS9808, China Mobile Communications Group Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. 1 events.	2026-05-28
IPv4	91.227.114.143	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 91.227.114.143 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-28
IPv4	50.6.228.111	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-28
IPv4	18.188.225.83	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 18.188.225.83 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-28
IPv4	18.224.20.232	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 18.224.20.232 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	3.144.157.249	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 3.144.157.249 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-28
IPv4	115.190.211.57	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from China (AS137718, Beijing Volcano Engine Technology Co., Ltd.). Observed targeting government sector honeypot backup-hp-01 via cowrie. 1 events.	2026-05-28
IPv4	16.59.23.60	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	18.188.54.132	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	3.12.74.239	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	18.118.200.52	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. IP observed in Suricata network metadata	2026-05-28
IPv4	87.236.176.250	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 87.236.176.250 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	137.184.3.178	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 137.184.3.178 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	160.155.68.8	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-28
IPv4	191.96.150.7	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 191.96.150.7 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, ddos, hacking).	2026-05-28
IPv4	3.19.75.227	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	157.245.245.228	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 157.245.245.228 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	18.216.24.22	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 18.216.24.22 observed using HTTP client fingerprint 'HTTP Client: visionheight.com/scan Mozilla/5.0 (Macintosh; Intel Mac OS X...' 2 times when connecting to offbackup1 between 2026-05-28 18:43 and 2026-05-28 18:43 UTC.	2026-05-28
IPv4	37.32.7.103	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 37.32.7.103 observed using SSH client fingerprint 'Unknown SSH Client (98ddc5604ef6)' 5 times when connecting to offbackup1 between 2026-05-28 18:39 and 2026-05-28 18:40 UTC.	2026-05-28
IPv4	18.217.115.195	Score: 53/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 18.217.115.195 observed using HTTP client fingerprint 'HTTP Client: visionheight.com/scan Mozilla/5.0 (Macintosh; Intel Mac OS X...' 2 times when connecting to mdms1 between 2026-05-28 18:34 and 2026-05-28 18:35 UTC.	2026-05-28
IPv4	176.65.139.23	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 176.65.139.23 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	182.119.229.166	Score: 79/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 182.119.229.166 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-28
IPv4	103.149.192.153	Score: 54/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 103.149.192.153 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-28
IPv4	74.249.189.101	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. 74.249.189.101 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	3.145.92.195	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 1m 44s; 2 events.	2026-05-28
IPv4	69.164.214.173	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 69.164.214.173 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	122.233.21.9	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 122.233.21.9 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-28
IPv4	18.222.136.5	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	159.89.101.20	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-28
IPv4	18.191.117.174	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-28
IPv4	182.54.23.193	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 182.54.23.193 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-28
IPv4	3.12.153.39	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	172.233.149.131	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 172.233.149.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, moderate, port-scan).	2026-05-28
IPv4	182.119.225.158	Score: 69/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 182.119.225.158 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-28
IPv4	37.60.249.153	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 37.60.249.153 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 2 times when connecting to db1lapetro between 2026-05-28 19:43 and 2026-05-28 19:43 UTC.	2026-05-28
IPv4	101.109.131.83	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 101.109.131.83 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	3.137.220.1	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 3.137.220.1 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	52.91.2.81	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 52.91.2.81 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	100.24.34.153	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 100.24.34.153 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-28
IPv4	95.182.82.132	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 95.182.82.132 observed using SSH client fingerprint 'Unknown SSH Client (63ae64767f33)' 4 times when connecting to offbackup1 between 2026-05-28 19:36 and 2026-05-28 19:36 UTC.	2026-05-28
IPv4	149.56.97.184	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 149.56.97.184 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	103.173.7.233	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 103.173.7.233 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	43.112.68.201	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.112.68.201 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-28
IPv4	206.189.187.163	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 206.189.187.163 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	222.137.145.22	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 222.137.145.22 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	18.219.30.206	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 18.219.30.206 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-28
IPv4	3.15.146.201	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 3.15.146.201 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	165.227.85.141	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	200.23.126.13	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	172.235.41.203	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 172.235.41.203 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	159.89.135.205	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 159.89.135.205 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	36.151.148.243	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 36.151.148.243 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 2 times when connecting to mdms1 between 2026-05-28 21:06 and 2026-05-28 21:06 UTC.	2026-05-28
IPv4	176.65.139.250	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Luxembourg (AS214472, Offshore LC). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 149 failed login attempts, 149 credential pairs tried across 82 unique usernames, execution of 3 commands (system reconnaissance), delivery of 1 malware sample. SSH client: SSH-2.0-Go (HASSH: 16443846184e...)...	2026-05-28
IPv4	47.237.216.97	Score: 52/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. IP observed in Suricata network metadata	2026-05-28
IPv4	47.237.196.190	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.237.196.190 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	179.49.173.137	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 179.49.173.137 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-28
IPv4	182.54.23.95	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 182.54.23.95 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	106.75.227.248	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	158.247.194.44	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 158.247.194.44 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	34.186.252.233	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:moderate, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 34.186.252.233 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (Linux; Android 14; OnePlus 12) AppleWebKit/537....' 7 times when connecting to mdms1 between 2026-05-28 20:33 and 2026-05-28 20:33 UTC.	2026-05-28
IPv4	170.79.127.98	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 170.79.127.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	109.244.96.105	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 109.244.96.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	206.189.226.69	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 206.189.226.69 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-28
IPv4	207.175.0.21	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 207.175.0.21 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	54.173.210.253	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 16, uptime: 4 days 5 hrs 25 min (modulo 49 days) (last seen 2026-05-28T22:23:44.000Z)	2026-05-28
IPv4	13.218.137.58	Score: 52/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 16, uptime: 8 days 2 hrs 18 min (modulo 49 days) (last seen 2026-05-28T22:23:42.000Z)	2026-05-28
IPv4	203.161.47.180	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. P0f: OS: Linux 2.2.x-3.x, link: generic tunnel or VPN, dist: 21, uptime: 17 days 6 hrs 0 min (modulo 49 days) (last seen 2026-05-28T22:37:47.000Z)	2026-05-28
IPv4	95.217.209.212	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 20, uptime: 29 days 3 hrs 25 min (modulo 49 days) (last seen 2026-05-28T22:38:18.000Z)	2026-05-28
IPv4	91.84.111.146	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. P0f: OS: Windows NT kernel, link: Ethernet or modem, app: ???, dist: 19 (last seen 2026-05-28T22:22:05.000Z)	2026-05-28
IPv4	13.220.97.2	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 15, uptime: 28 days 22 hrs 21 min (modulo 49 days) (last seen 2026-05-28T22:21:49.000Z)	2026-05-28
IPv4	35.171.6.251	Score: 56/100. Labels: abuseipdb:exploited-host, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 16, uptime: 15 days 17 hrs 5 min (modulo 49 days) (last seen 2026-05-28T22:21:48.000Z)	2026-05-28
IPv4	54.87.136.130	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 54.87.136.130 classified as scanning infrastructure conducting network reconnaissance (low confidence). Origin: enriched.	2026-05-28
IPv4	209.182.218.187	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 209.182.218.187 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (reported).	2026-05-28
IPv4	34.237.242.60	Score: 57/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 34.237.242.60 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-28
IPv4	54.158.28.114	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 54.158.28.114 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-28
IPv4	18.212.68.99	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 18.212.68.99 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).	2026-05-28
IPv4	54.159.122.66	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 54.159.122.66 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	54.146.189.124	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 54.146.189.124 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-28
IPv4	3.87.215.58	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 3.87.215.58 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	106.13.95.100	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 106.13.95.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands). Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-28
IPv4	32.199.170.134	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 32.199.170.134 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-05-28
IPv4	54.152.98.106	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 54.152.98.106 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, low).	2026-05-28
IPv4	98.80.74.129	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 98.80.74.129 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	54.87.22.59	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 54.87.22.59 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	54.208.18.165	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 54.208.18.165 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	176.65.139.186	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 176.65.139.186 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	117.72.216.111	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 117.72.216.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	177.92.22.178	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 177.92.22.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-28
IPv4	42.48.38.100	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 42.48.38.100 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-28
IPv4	106.117.109.6	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 106.117.109.6 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-28
IPv4	165.227.210.122	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 165.227.210.122 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	18.226.72.228	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	3.15.230.165	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata	2026-05-28
IPv4	103.187.26.126	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 103.187.26.126 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 13 times when connecting to offbackup1 between 2026-05-28 21:52 and 2026-05-28 22:12 UTC.	2026-05-28
IPv4	8.231.33.219	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. IP observed in Suricata network metadata	2026-05-28
IPv4	130.131.220.95	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-28
IPv4	58.241.4.50	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 58.241.4.50 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-28
IPv4	35.234.243.15	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 35.234.243.15 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-28
IPv4	18.220.94.142	Score: 52/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 18.220.94.142 observed using HTTP client fingerprint 'HTTP Client: visionheight.com/scan Mozilla/5.0 (Macintosh; Intel Mac OS X...' 2 times when connecting to db1lapetro between 2026-05-28 21:54 and 2026-05-28 21:55 UTC.	2026-05-28
IPv4	117.80.232.39	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-28
IPv4	36.134.211.170	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 36.134.211.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	155.94.145.131	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 155.94.145.131 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-28
IPv4	65.108.249.33	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 65.108.249.33 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	47.111.165.126	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 47.111.165.126 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-28
IPv4	89.144.209.122	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. IP observed in Suricata network metadata	2026-05-28
IPv4	117.240.31.26	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.240.31.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-28
IPv4	192.236.240.231	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 192.236.240.231 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 16 times when connecting to db1lapetro between 2026-05-28 22:46 and 2026-05-28 23:03 UTC.	2026-05-28
IPv4	78.153.155.152	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 78.153.155.152 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 22 times when connecting to db1lapetro between 2026-05-28 22:46 and 2026-05-28 23:08 UTC.	2026-05-28
IPv4	187.51.145.202	Score: 52/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 187.51.145.202 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	106.92.145.174	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 106.92.145.174 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-29
IPv4	101.126.54.66	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 101.126.54.66 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	152.32.220.188	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 152.32.220.188 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (3 commands), 3 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	58.144.196.164	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 58.144.196.164 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	20.2.83.149	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Hong Kong, Hong Kong (AS8075, Microsoft Corporation). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 3 failed login attempts, 3 credential pairs tried across 3 unique usernames, execution of 3 commands (SSH key persistence), delivery of 3 malware samples. SSH client: SSH-2.0-libssh_0.9.6 (...	2026-05-29
IPv4	212.192.28.198	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. 212.192.28.198 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level4).	2026-05-29
IPv4	181.51.189.171	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Pereira, Colombia (AS10620, Telmex Colombia S.A.). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 14 failed login attempts, 14 credential pairs tried across 5 unique usernames, execution of 6 commands (SSH key persistence), delivery of 3 malware samples. SSH client: SSH-2.0-libssh_0....	2026-05-29
IPv4	94.156.115.179	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Frankfurt am Main, Germany (AS215439, Play2go International Limited). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 9 failed login attempts, 9 credential pairs tried across 6 unique usernames, execution of 3 commands (SSH key persistence), delivery of 3 malware samples. SSH client: SSH-2...	2026-05-29
IPv4	195.178.110.101	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 195.178.110.101 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	49.7.214.148	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Beijing, China (AS23724, IDC, China Telecommunications Corporation). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 9m 34s; 27 events.	2026-05-29
IPv4	198.199.80.112	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 198.199.80.112 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	111.9.42.57	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 111.9.42.57 observed using HTTP client fingerprint 'HTTP Client: libredtail-http' 2 times when connecting to db1lapetro between 2026-05-28 23:49 and 2026-05-28 23:49 UTC.	2026-05-29
IPv4	171.231.180.190	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Da Nang, Vietnam (AS7552, Viettel Group). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 3s; 5 events.	2026-05-29
IPv4	207.154.208.244	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 207.154.208.244 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	109.123.246.181	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 109.123.246.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, hacking).	2026-05-29
IPv4	89.124.105.30	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 89.124.105.30 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	106.117.110.95	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 106.117.110.95 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-29
IPv4	27.79.46.25	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Da Nang, Vietnam (AS7552, Viettel Group). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 2s; 7 events.	2026-05-29
IPv4	152.53.0.56	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 152.53.0.56 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (3 commands), 3 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	209.74.86.219	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 209.74.86.219 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).	2026-05-29
IPv4	203.101.186.67	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 203.101.186.67 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	35.221.194.19	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, anomaly:burst. 35.221.194.19 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, low).	2026-05-29
IPv4	27.47.26.201	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 27.47.26.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	173.255.233.47	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-29
IPv4	18.204.37.100	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 18.204.37.100 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	175.30.48.12	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 175.30.48.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	221.0.170.18	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 221.0.170.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	18.220.79.30	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-29
IPv4	20.205.18.79	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-29
IPv4	209.182.233.12	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 209.182.233.12 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	85.239.249.147	Score: 57/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 85.239.249.147 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-29
IPv4	18.116.67.235	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-29
IPv4	66.228.35.180	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-29
IPv4	64.227.82.187	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 64.227.82.187 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	52.14.243.165	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 1m 4s; 2 events.	2026-05-29
IPv4	217.149.31.128	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 217.149.31.128 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 2 times when connecting to mdms1 between 2026-05-29 01:55 and 2026-05-29 02:02 UTC.	2026-05-29
IPv4	18.226.90.140	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-29
IPv4	60.189.88.72	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 60.189.88.72 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-29
IPv4	37.19.203.77	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-29
IPv4	111.113.88.131	Score: 63/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 111.113.88.131 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-29
IPv4	202.131.234.26	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 202.131.234.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	219.134.115.145	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 219.134.115.145 observed using SSH client fingerprint 'Unknown SSH Client (af8223ac9914)' 4 times when connecting to db4lamedtech between 2026-05-29 01:47 and 2026-05-29 01:49 UTC.	2026-05-29
IPv4	118.193.56.229	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 118.193.56.229 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	171.22.181.189	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 171.22.181.189 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	189.152.66.94	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 189.152.66.94 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-29
IPv4	82.165.92.194	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 82.165.92.194 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	18.117.242.24	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 18.117.242.24 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	44.197.205.132	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 44.197.205.132 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	121.165.187.77	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Seocho-gu, South Korea (AS4766, Korea Telecom). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. 1 events.	2026-05-29
IPv4	3.14.13.153	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. IP observed in Suricata network metadata	2026-05-29
IPv4	18.217.216.53	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. IP observed in Suricata network metadata	2026-05-29
IPv4	142.93.104.190	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 142.93.104.190 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	36.213.113.248	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 36.213.113.248 observed using SSH client fingerprint 'Unknown SSH Client (98f63c4d9c87)' 3 times when connecting to db1lapetro between 2026-05-29 03:10 and 2026-05-29 03:10 UTC.	2026-05-29
IPv4	18.220.7.93	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 4m 47s; 4 events.	2026-05-29
IPv4	142.93.198.105	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 142.93.198.105 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	121.224.226.49	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 121.224.226.49 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	179.43.168.58	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 179.43.168.58 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	3.21.158.43	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via heralding. duration: 1m 34s; 2 events.	2026-05-29
IPv4	147.135.213.38	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP 147.135.213.38 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/...' 2 times when connecting to db4lamedtech between 2026-05-29 02:43 and 2026-05-29 02:44 UTC.	2026-05-29
IPv4	57.128.74.124	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. Attacker IP 57.128.74.124 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, l...' 4 times when connecting to db1lapetro between 2026-05-29 02:41 and 2026-05-29 02:41 UTC.	2026-05-29
IPv4	176.65.139.249	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-29
IPv4	120.48.165.75	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 120.48.165.75 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	3.238.51.214	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Ashburn, United States (AS14618, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.	2026-05-29
IPv4	3.143.230.157	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 3.143.230.157 observed using HTTP client fingerprint 'HTTP Client: visionheight.com/scan Mozilla/5.0 (Macintosh; Intel Mac OS X...' 2 times when connecting to db1lapetro between 2026-05-29 02:34 and 2026-05-29 02:37 UTC.	2026-05-29
IPv4	110.40.156.247	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 110.40.156.247 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	195.96.139.52	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 195.96.139.52 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	122.51.143.218	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 122.51.143.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	172.86.123.105	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 172.86.123.105 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-29
IPv4	103.149.192.218	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 103.149.192.218 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	177.185.141.93	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 177.185.141.93 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	81.71.17.217	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 81.71.17.217 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	44.200.146.164	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-29
IPv4	68.183.22.17	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 68.183.22.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	104.199.107.194	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 104.199.107.194 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	167.88.165.54	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 167.88.165.54 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	65.109.186.67	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 65.109.186.67 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	103.70.40.36	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-29
IPv4	172.104.215.178	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 172.104.215.178 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-29
IPv4	104.248.8.74	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 104.248.8.74 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-29
IPv4	156.239.253.250	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 156.239.253.250 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (3 commands), 2 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-29
IPv4	147.182.199.159	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 147.182.199.159 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	136.119.52.185	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, app: ???, dist: 16, uptime: 14 days 0 hrs 18 min (modulo 45 days) (last seen 2026-05-29T04:13:19.000Z)	2026-05-29
IPv4	3.128.184.241	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via ipphoney. duration: 5m 0s; 3 events.	2026-05-29
IPv4	139.199.228.233	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. P0f: OS: Linux 2.2.x-3.x, link: ???, dist: 23, uptime: 45 days 20 hrs 34 min (modulo 49 days) (last seen 2026-05-29T04:06:37.000Z)	2026-05-29
IPv4	34.53.175.197	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. P0f: OS: Linux 2.2.x-3.x, link: generic tunnel or VPN, dist: 13, uptime: 6 days 15 hrs 55 min (modulo 49 days) (last seen 2026-05-29T04:04:41.000Z)	2026-05-29
IPv4	8.209.114.71	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, app: ???, dist: 21, uptime: 3 days 22 hrs 0 min (modulo 49 days) (last seen 2026-05-29T04:03:06.000Z)	2026-05-29
IPv4	111.113.89.21	Score: 72/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 111.113.89.21 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-05-29
IPv4	35.195.121.214	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Brussels, Belgium (AS396982, Google LLC). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Fingerprintx-SSH2 (HASSH: dde267e50f82...); duration: 3s; 9 events.	2026-05-29
IPv4	133.242.172.237	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Japan (AS7684, SAKURA Internet Inc.). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 2s; 5 events.	2026-05-29
IPv4	157.230.234.136	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 157.230.234.136 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	34.16.190.213	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, anomaly:burst. 34.16.190.213 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, low).	2026-05-29
IPv4	18.221.244.246	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 18.221.244.246 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-29
IPv4	222.176.200.193	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 222.176.200.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	58.212.237.77	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 58.212.237.77 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	167.88.166.96	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan. 167.88.166.96 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	223.30.56.197	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 223.30.56.197 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).	2026-05-29
IPv4	207.175.47.169	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 207.175.47.169 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	172.86.121.13	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 172.86.121.13 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	159.223.137.13	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-29
IPv4	104.192.2.46	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 104.192.2.46 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	172.86.113.127	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-29
IPv4	91.107.163.59	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 91.107.163.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	180.93.43.225	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Vietnam (AS7602, Sai gon Postel Corporation). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 2s; 5 events.	2026-05-29
IPv4	193.163.125.131	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.163.125.131 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	207.180.19.91	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Jakarta, Indonesia (AS141968, PT Industri Kreatif Digital). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 1m 35s; 10 events.	2026-05-29
IPv4	194.187.179.133	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 194.187.179.133 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-05-29
IPv4	45.12.3.130	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 45.12.3.130 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-29
IPv4	3.144.25.143	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 4m 25s; 3 events.	2026-05-29
IPv4	87.236.176.252	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 87.236.176.252 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	47.86.235.178	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 47.86.235.178 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	153.117.6.36	Score: 61/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 153.117.6.36 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-29
IPv4	3.142.46.249	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 3.142.46.249 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-29
IPv4	142.93.253.46	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 142.93.253.46 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	167.99.164.231	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 167.99.164.231 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	34.76.2.52	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 34.76.2.52 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	34.14.81.197	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-29
IPv4	3.19.30.98	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 4m 48s; 4 events.	2026-05-29
IPv4	68.183.120.23	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 68.183.120.23 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	45.79.192.34	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.79.192.34 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	143.198.188.61	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 143.198.188.61 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-29
IPv4	3.137.178.105	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 4m 10s; 12 events.	2026-05-29
IPv4	60.13.6.196	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 60.13.6.196 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	47.238.89.15	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.238.89.15 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-29
IPv4	172.236.254.181	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 172.236.254.181 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-29
IPv4	119.45.38.38	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 119.45.38.38 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	154.241.55.43	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 154.241.55.43 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-29
IPv4	124.222.226.22	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 124.222.226.22 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	86.101.156.169	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 86.101.156.169 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	39.130.240.253	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 39.130.240.253 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	2.27.63.106	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 2.27.63.106 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (3 commands), 3 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	66.228.53.207	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 66.228.53.207 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	118.145.104.37	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 118.145.104.37 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	111.40.50.149	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. 111.40.50.149 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	167.88.165.252	Score: 64/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 167.88.165.252 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	3.141.26.222	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 4m 41s; 13 events.	2026-05-29
IPv4	45.198.224.41	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.198.224.41 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	137.184.215.243	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 137.184.215.243 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	167.99.168.90	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 167.99.168.90 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	96.126.117.204	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. P0f: OS: Linux 2.2.x-3.x (no timestamps), link: Ethernet or modem, dist: 15 (last seen 2026-05-29T07:42:59.000Z)	2026-05-29
IPv4	206.189.71.46	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 206.189.71.46 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	138.68.11.226	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 138.68.11.226 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	98.80.4.84	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-29
IPv4	42.48.38.106	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 42.48.38.106 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	182.54.23.111	Score: 53/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.54.23.111 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	144.31.152.113	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 144.31.152.113 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	156.239.41.77	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 156.239.41.77 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-29
IPv4	3.137.157.218	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 2m 4s; 3 events.	2026-05-29
IPv4	195.96.139.82	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 195.96.139.82 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	117.50.175.237	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 117.50.175.237 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	45.41.104.159	Score: 66/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 45.41.104.159 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-29
IPv4	138.68.146.236	Score: 67/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 138.68.146.236 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, port-scan).	2026-05-29
IPv4	139.59.145.13	Score: 72/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 139.59.145.13 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, port-scan).	2026-05-29
IPv4	182.242.168.253	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 182.242.168.253 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	171.120.156.22	Score: 62/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 171.120.156.22 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-29
IPv4	194.187.179.203	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.203 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	3.149.242.166	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. IP observed in Suricata network metadata	2026-05-29
IPv4	8.208.12.237	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 8.208.12.237 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	8.208.34.35	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 8.208.34.35 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	47.95.228.117	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 47.95.228.117 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	42.194.137.127	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 42.194.137.127 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (critical, reported).	2026-05-29
IPv4	177.30.64.65	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Goiânia, Brazil (AS26615, TIM SA). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 1s; 5 events.	2026-05-29
IPv4	195.96.139.80	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 195.96.139.80 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	147.182.219.152	Score: 58/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 147.182.219.152 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-29
IPv4	195.96.139.84	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 195.96.139.84 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	195.96.139.109	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 195.96.139.109 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	194.233.64.228	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 194.233.64.228 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	89.187.187.82	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 89.187.187.82 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	49.207.247.201	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. Attacker IP from Bengaluru, India (AS24309, Atria Convergence Technologies Pvt. Ltd. Broadband Internet Service Provider INDIA). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 7 failed login attempts, 7 credential pairs tried across 6 unique usernames, execution of 3 commands (SSH key persistence), deliv...	2026-05-29
IPv4	96.126.102.165	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 96.126.102.165 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	49.233.74.168	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-29
IPv4	203.161.39.233	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-29
IPv4	149.202.61.80	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 149.202.61.80 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-05-29
IPv4	149.202.60.231	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 149.202.60.231 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, hacking, moderate).	2026-05-29
IPv4	196.189.237.172	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-29
IPv4	103.7.11.134	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-29
IPv4	36.106.167.120	Score: 80/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. 36.106.167.120 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-29
IPv4	217.149.188.102	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 217.149.188.102 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	157.15.28.49	Score: 53/100. Labels: abuseipdb:exploited-host, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 157.15.28.49 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (exploited-host, low, port-scan).	2026-05-29
IPv4	34.53.140.252	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported. 34.53.140.252 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-29
IPv4	46.8.78.131	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. P0f: OS: Linux 2.2.x-3.x, link: generic tunnel or VPN, dist: 14, uptime: 40 days 2 hrs 51 min (modulo 49 days) (last seen 2026-05-29T12:10:30.000Z)	2026-05-29
IPv4	13.59.94.94	Score: 51/100. Labels: abuseipdb:brute-force, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 13.59.94.94 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, iot-targeted, moderate).	2026-05-29
IPv4	3.138.85.251	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 3.138.85.251 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-29
IPv4	4.240.39.198	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 4.240.39.198 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	45.205.1.240	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.205.1.240 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	3.143.116.91	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-29
IPv4	45.205.1.244	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 45.205.1.244 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	3.137.171.4	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-29
IPv4	209.74.86.129	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-29
IPv4	45.205.1.247	Score: 100/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 45.205.1.247 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (exploited-host, hacking, moderate).	2026-05-29
IPv4	18.218.54.5	Score: 52/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 18.218.54.5 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-29
IPv4	149.202.215.239	Score: 51/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 149.202.215.239 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-29
IPv4	176.65.148.201	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 176.65.148.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	210.191.89.156	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 210.191.89.156 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	121.229.205.119	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 121.229.205.119 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	45.205.1.243	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.205.1.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	223.185.56.106	Score: 66/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 223.185.56.106 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-05-29
IPv4	66.116.205.19	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Mumbai, India (AS31898, Oracle Corporation). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 12 failed login attempts, 12 credential pairs tried across 8 unique usernames, execution of 3 commands (SSH key persistence), delivery of 3 malware samples. SSH client: SSH-2.0-libssh_0.9.6 (HASSH:...	2026-05-29
IPv4	103.171.69.89	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 103.171.69.89 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	103.166.182.155	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Vietnam (AS135905, VIETNAM POSTS AND TELECOMMUNICATIONS GROUP). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 5 failed login attempts, 5 credential pairs tried across 2 unique usernames, execution of 3 commands (SSH key persistence), delivery of 3 malware samples. SSH client: SSH-2.0-lib...	2026-05-29
IPv4	103.171.69.76	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 103.171.69.76 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-29
IPv4	103.171.69.75	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 103.171.69.75 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-29
IPv4	223.199.161.54	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 223.199.161.54 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (minimal, reported).	2026-05-29
IPv4	89.169.108.21	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 89.169.108.21 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	103.42.197.226	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 103.42.197.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-29
IPv4	103.171.69.84	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.171.69.84 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	59.36.166.105	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 59.36.166.105 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-29
IPv4	103.171.69.80	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 103.171.69.80 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-29
IPv4	103.166.10.244	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-29
IPv4	111.77.115.242	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 111.77.115.242 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, hacking).	2026-05-29
IPv4	103.43.8.71	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Hong Kong (AS35876, VOLTNET-01 -03 - VoltNet inc). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 4 failed login attempts, 4 credential pairs tried across 3 unique usernames, execution of 3 commands (SSH key persistence), delivery of 3 malware samples. SSH client: SSH-2.0-libssh_0.9.6 (HAS...	2026-05-29
IPv4	195.242.178.144	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from United States (AS7488, CNServer LLC). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 2 failed login attempts, 2 credential pairs tried across 2 unique usernames. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 2m 34s; 10 events.	2026-05-29
IPv4	184.105.247.218	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 184.105.247.218 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	18.219.164.52	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 18.219.164.52 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	117.40.114.94	Score: 54/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 117.40.114.94 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	111.59.16.7	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 111.59.16.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	175.30.48.251	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:port-scan. P0f: OS: Linux 3.11 and newer, link: Ethernet or modem, app: nginx 1.x, dist: 24, uptime: 25 days 16 hrs 44 min (modulo 49 days) (last seen 2026-05-29T13:57:56.000Z)	2026-05-29
IPv4	37.139.53.148	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 37.139.53.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_abusers_30d); AbuseIPDB (brute-force, critical, hacking).	2026-05-29
IPv4	47.105.80.59	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.105.80.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	157.230.228.1	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 157.230.228.1 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	111.228.7.67	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-29
IPv4	117.90.100.7	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 117.90.100.7 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	5.61.209.224	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-29
IPv4	45.205.1.241	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from United States (AS215925, Vpsvault.host Ltd) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.	2026-05-29
IPv4	185.141.119.49	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. IP observed in Suricata network metadata	2026-05-29
IPv4	34.73.171.15	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-29
IPv4	45.148.10.160	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-29
IPv4	45.205.1.246	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.205.1.246 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	58.243.47.49	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 58.243.47.49 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	182.54.23.76	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 182.54.23.76 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	185.243.5.189	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 185.243.5.189 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	3.23.59.18	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 3.23.59.18 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	159.89.91.190	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 159.89.91.190 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-29
IPv4	118.212.120.8	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.120.8 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	182.54.23.200	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 182.54.23.200 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	114.55.166.158	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 114.55.166.158 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	154.83.197.176	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-29
IPv4	14.103.48.24	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 14.103.48.24 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	217.216.92.40	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 217.216.92.40 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	43.167.11.167	Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 43.167.11.167 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).	2026-05-29
IPv4	191.5.31.61	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-29
IPv4	135.125.237.99	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-29
IPv4	157.180.59.32	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 157.180.59.32 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	130.185.119.80	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 130.185.119.80 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	18.219.133.102	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-29
IPv4	43.248.109.137	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 43.248.109.137 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	194.165.16.16	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie. Attacker IP from Monaco, Monaco (AS48721, Flyservers S.A.). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 3m 29s; 4 events.	2026-05-29
IPv4	18.189.32.107	Score: 57/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-29
IPv4	8.222.169.202	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-29
IPv4	43.98.174.215	Score: 51/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, anomaly:burst, anomaly:burst:high-z. IP observed in Suricata network metadata	2026-05-29
IPv4	89.124.64.110	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:web-attack. IP observed in Suricata network metadata	2026-05-29
IPv4	163.245.192.20	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 163.245.192.20 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	122.54.201.138	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Manila, Philippines (AS9299, Philippine Long Distance Telephone Company). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.	2026-05-29
IPv4	45.173.103.113	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Recife, Brazil (AS268809, EDILEUZA EVARISTO BARRETO). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 1s; 5 events.	2026-05-29
IPv4	193.32.248.131	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Berlin, Germany (AS39351, 31173 Services AB). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.	2026-05-29
IPv4	173.199.92.33	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Elk Grove Village, United States (AS20473, The Constant Company, LLC). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 1 events.	2026-05-29
IPv4	8.221.137.203	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-29
IPv4	121.14.17.55	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 121.14.17.55 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	123.103.12.4	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 123.103.12.4 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	102.129.75.7	Score: 51/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-29
IPv4	3.22.57.22	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-29
IPv4	196.189.236.162	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-29
IPv4	47.237.195.232	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.237.195.232 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	3.83.12.163	Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 3.83.12.163 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-29
IPv4	196.196.150.99	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-29
IPv4	177.19.189.75	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-29
IPv4	8.216.84.91	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. Attacker IP 8.216.84.91 observed using TLS client fingerprint 'Unknown TLS Client (13f3ea360af9)' 2 times when connecting to db4lamedtech between 2026-05-29 15:12 and 2026-05-29 15:12 UTC.	2026-05-29
IPv4	116.178.130.206	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 116.178.130.206 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	66.132.186.213	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 66.132.186.213 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	38.210.202.117	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 38.210.202.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	171.243.148.101	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh, abuseipdb:web-attack. 171.243.148.101 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, port-scan).	2026-05-29
IPv4	45.153.34.235	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.153.34.235 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	113.108.99.178	Score: 61/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 113.108.99.178 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	23.234.72.246	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Los Angeles, United States. Observed targeting energy sector honeypot petroleum-hp-01 via h0neytr4p. 1 events.	2026-05-29
IPv4	18.188.231.23	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 3m 8s; 4 events.	2026-05-29
IPv4	27.79.0.124	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Da Nang, Vietnam (AS7552, Viettel Group). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 20s; 5 events.	2026-05-29
IPv4	27.79.1.226	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Da Nang, Vietnam (AS7552, Viettel Group). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-AsyncSSH_2.1.0 (HASSH: fda360b1b4f4...); duration: 2m 0s; 5 events.	2026-05-29
IPv4	85.5.148.125	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Münchenbuchsee, Switzerland (AS3303, Bluewin). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 4s; 5 events.	2026-05-29
IPv4	18.119.126.100	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-29
IPv4	167.71.47.6	Score: 90/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-29
IPv4	185.243.5.205	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 185.243.5.205 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	111.38.16.47	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 111.38.16.47 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	18.216.72.146	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 18.216.72.146 observed using HTTP client fingerprint 'HTTP Client: visionheight.com/scan Mozilla/5.0 (Macintosh; Intel Mac OS X...' 2 times when connecting to db4lamedtech between 2026-05-29 16:08 and 2026-05-29 16:08 UTC.	2026-05-29
IPv4	3.22.74.118	Score: 54/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 3.22.74.118 observed using HTTP client fingerprint 'HTTP Client: visionheight.com/scan Mozilla/5.0 (Macintosh; Intel Mac OS X...' 2 times when connecting to offbackup1 between 2026-05-29 15:38 and 2026-05-29 15:39 UTC.	2026-05-29
IPv4	61.81.171.113	Score: 51/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP 61.81.171.113 observed using TLS client fingerprint 'Unknown TLS Client (f30ab16b9637)' 40 times when connecting to db1lapetro between 2026-05-29 15:42 and 2026-05-29 16:06 UTC.	2026-05-29
IPv4	176.120.22.74	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 176.120.22.74 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).	2026-05-29
IPv4	182.201.244.26	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 182.201.244.26 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4).	2026-05-29
IPv4	185.143.12.195	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 185.143.12.195 classified as scanning infrastructure conducting network reconnaissance (medium confidence). Origin: enriched. Listed on: FireHOL (firehol_level3).	2026-05-29
IPv4	192.121.251.108	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 192.121.251.108 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	185.157.91.192	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 185.157.91.192 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-29
IPv4	193.235.238.6	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.235.238.6 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	192.121.157.12	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 192.121.157.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-05-29
IPv4	83.140.109.243	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 83.140.109.243 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-05-29
IPv4	5.133.197.31	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 5.133.197.31 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-05-29
IPv4	193.183.86.17	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 193.183.86.17 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	193.180.221.124	Score: 79/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 193.180.221.124 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	192.71.88.154	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 192.71.88.154 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	193.183.76.118	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 193.183.76.118 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	185.151.19.138	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.151.19.138 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	194.132.62.226	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 194.132.62.226 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	185.116.240.193	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 185.116.240.193 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	192.121.124.209	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 192.121.124.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-05-29
IPv4	46.247.41.19	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 46.247.41.19 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	85.113.44.142	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 85.113.44.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	190.183.134.218	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 190.183.134.218 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	106.75.66.46	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 106.75.66.46 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	186.167.81.148	Score: 67/100. Labels: abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 186.167.81.148 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (ddos, exploited-host, hacking).	2026-05-29
IPv4	194.103.212.184	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. 194.103.212.184 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	193.111.248.244	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 193.111.248.244 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	121.123.141.251	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 121.123.141.251 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	172.239.71.245	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 172.239.71.245 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	212.233.40.63	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 212.233.40.63 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-29
IPv4	179.125.169.27	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 179.125.169.27 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	117.50.118.246	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 117.50.118.246 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	185.104.187.66	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. IP observed in Suricata network metadata	2026-05-29
IPv4	47.253.139.226	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted, abuseipdb:multi-reported. 47.253.139.226 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	18.116.82.204	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 18.116.82.204 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	180.243.105.146	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 180.243.105.146 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	34.12.190.69	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 34.12.190.69 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-29
IPv4	18.219.47.105	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 7m 12s; 5 events.	2026-05-29
IPv4	213.199.43.136	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 213.199.43.136 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Observed activity: 2 malware samples. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	206.135.24.10	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 206.135.24.10 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	182.138.158.102	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 182.138.158.102 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	1.24.16.142	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 1.24.16.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	117.40.113.85	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. 117.40.113.85 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	185.160.225.40	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 185.160.225.40 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-29
IPv4	173.187.90.131	Score: 52/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 173.187.90.131 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	164.92.255.134	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 164.92.255.134 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-29
IPv4	47.236.109.39	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 47.236.109.39 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-29
IPv4	8.209.109.215	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 8.209.109.215 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	144.31.184.1	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 144.31.184.1 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	14.103.46.139	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 14.103.46.139 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	118.196.86.3	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 118.196.86.3 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	52.23.195.88	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 52.23.195.88 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).	2026-05-29
IPv4	100.31.100.19	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 100.31.100.19 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).	2026-05-29
IPv4	54.91.130.222	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 54.91.130.222 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	43.226.40.60	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 43.226.40.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	164.92.232.80	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 164.92.232.80 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	95.111.255.226	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 95.111.255.226 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-29
IPv4	3.81.228.214	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 3.81.228.214 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, moderate, multi-reported).	2026-05-29
IPv4	108.61.198.30	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 108.61.198.30 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	95.179.132.186	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 95.179.132.186 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	194.74.71.18	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 194.74.71.18 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	43.157.180.62	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 43.157.180.62 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-29
IPv4	171.36.6.167	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 171.36.6.167 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-29
IPv4	43.160.210.225	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Singapore, Singapore (AS132203, Tencent Building, Kejizhongyi Avenue). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 2s; 5 events.	2026-05-29
IPv4	160.30.142.221	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 160.30.142.221 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	165.227.59.200	Score: 55/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. 165.227.59.200 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-29
IPv4	38.52.135.50	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-29
IPv4	179.111.10.24	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-29
IPv4	104.128.144.212	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported. 104.128.144.212 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	121.204.208.117	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:well-known. 121.204.208.117 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, high).	2026-05-29
IPv4	37.77.150.72	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. IP observed in Suricata network metadata	2026-05-29
IPv4	50.116.24.43	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 50.116.24.43 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	131.100.242.102	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Campos dos Goytacazes, Brazil (AS61663, INFOLINE BANDA LARGA). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 1s; 5 events.	2026-05-29
IPv4	77.105.138.7	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from The Netherlands (AS216071, Servers Tech Fzco). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 1s; 5 events.	2026-05-29
IPv4	77.90.185.212	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Iran (AS213790, Limited Network LTD). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-29
IPv4	111.198.221.98	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 111.198.221.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	161.35.215.136	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 161.35.215.136 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	34.152.120.244	Score: 56/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:moderate, abuseipdb:reported, abuseipdb:web-attack, cowrie. 34.152.120.244 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, moderate).	2026-05-29
IPv4	80.248.243.202	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Helsinki, Finland (AS16302, Suomi Communications Oy). Observed targeting government sector honeypot backup-hp-01 via sentrypeer. 1 events.	2026-05-29
IPv4	159.195.52.136	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 159.195.52.136 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	68.183.68.173	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 68.183.68.173 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-29
IPv4	185.226.117.100	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 185.226.117.100 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 malware samples. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking).	2026-05-29
IPv4	41.93.28.23	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Tanzania (AS37182, TERNET). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 2s; 5 events.	2026-05-29
IPv4	69.5.7.218	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Indonesia (AS150436, Byteplus Pte. Ltd.). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 2s; 5 events.	2026-05-29
IPv4	34.11.70.107	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Washington, United States. Observed targeting energy sector honeypot petroleum-hp-01 via h0neytr4p. duration: 1s; 14 events.	2026-05-29
IPv4	92.63.197.47	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Ukraine (AS211736, FOP Dmytro Nedilskyi). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 1m 11s; 4 events.	2026-05-29
IPv4	161.35.171.91	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:port-scan. Attacker IP from Slough, United Kingdom (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via beelzebub. Session included execution of 1 commands (system reconnaissance). 2 events.	2026-05-29
IPv4	5.78.192.135	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Hillsboro, United States (AS212317, Hetzner Online GmbH) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 1s; 5 events.	2026-05-29
IPv4	161.35.149.56	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Amsterdam, The Netherlands (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting technology sector honeypot msp-rmm-hp-01 via tanner. duration: 1m 18s; 2 events.	2026-05-29
IPv4	134.209.30.57	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Slough, United Kingdom (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 1s; 5 events.	2026-05-29
IPv4	192.241.153.167	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 1s; 5 events.	2026-05-29
IPv4	167.71.31.15	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 1s; 5 events.	2026-05-29
IPv4	157.15.40.57	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Indonesia (AS139952, PT Trisari Data Indonusa). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 2s; 5 events.	2026-05-29
IPv4	198.23.152.176	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 198.23.152.176 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	20.78.0.33	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Tokyo, Japan (AS8075, Microsoft Corporation). Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 1s; 5 events.	2026-05-29
IPv4	165.154.233.2	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Manila, Philippines (AS142002, Scloud Pte Ltd) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 2s; 5 events.	2026-05-29
IPv4	223.123.38.122	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 223.123.38.122 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	165.22.160.87	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 165.22.160.87 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	45.205.1.41	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.205.1.41 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	193.24.123.55	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from Russia (AS200593, Prospero Ooo). Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 2s; 2 events.	2026-05-29
IPv4	158.101.21.209	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 158.101.21.209 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	134.199.211.156	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 134.199.211.156 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, moderate).	2026-05-29
IPv4	87.236.176.28	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 87.236.176.28 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	3.85.50.214	Score: 96/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 3.85.50.214 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	54.152.211.0	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 54.152.211.0 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-29
IPv4	3.95.37.97	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 3.95.37.97 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	54.91.3.90	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported. 54.91.3.90 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	34.235.129.148	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 34.235.129.148 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	54.163.39.60	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 54.163.39.60 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	34.238.125.143	Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 34.238.125.143 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, hacking).	2026-05-29
IPv4	18.212.241.23	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 18.212.241.23 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, high, multi-reported).	2026-05-29
IPv4	188.166.245.29	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 188.166.245.29 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	18.205.117.233	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 18.205.117.233 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	54.175.97.188	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 54.175.97.188 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	3.84.60.212	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 3.84.60.212 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	3.88.220.252	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 3.88.220.252 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	100.25.213.254	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 100.25.213.254 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, hacking).	2026-05-29
IPv4	52.23.235.127	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 52.23.235.127 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	54.145.62.252	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 54.145.62.252 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	45.154.244.172	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Seychelles (AS210006, Shereverov Marat Ahmedovich). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. 2 events.	2026-05-29
IPv4	34.201.71.203	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 34.201.71.203 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	18.212.182.85	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:iot-targeted. 18.212.182.85 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-29
IPv4	45.154.244.158	Score: 95/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Seychelles (AS210006, Shereverov Marat Ahmedovich). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. 2 events.	2026-05-29
IPv4	45.230.66.119	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. P0f: OS: Linux 2.2.x-3.x, link: IPIP or SIT, dist: 20, uptime: 22 days 23 hrs 55 min (modulo 497 days) (last seen 2026-05-29T22:04:53.000Z)	2026-05-29
IPv4	45.153.34.149	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Eygelshoven, The Netherlands (AS51396, Pfcloud UG (haftungsbeschrankt)) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 0a07365cc01f...); duration: 2s; 5 events.	2026-05-29
IPv4	103.69.189.136	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 103.69.189.136 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-29
IPv4	3.88.219.42	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 3.88.219.42 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	54.242.142.82	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 54.242.142.82 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	13.218.113.4	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 13.218.113.4 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	23.20.175.40	Score: 99/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 23.20.175.40 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-29
IPv4	54.87.144.255	Score: 80/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 54.87.144.255 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-29
IPv4	18.185.182.96	Score: 55/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 18.185.182.96 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-29
IPv4	54.174.244.202	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:multi-reported. 54.174.244.202 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, hacking).	2026-05-29
IPv4	54.83.120.131	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 54.83.120.131 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, hacking).	2026-05-29
IPv4	3.85.2.232	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 3.85.2.232 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, hacking, high).	2026-05-29
IPv4	45.87.249.138	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 45.87.249.138 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, high).	2026-05-29
IPv4	89.36.231.131	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Roubaix, France (AS215381, Rockhoster Private Limited). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 2s; 5 events.	2026-05-29
IPv4	139.59.58.173	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bengaluru, India (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting healthcare sector honeypot medtech-hp-01 via beelzebub. Session included execution of 1 post-compromise commands. 2 events.	2026-05-29
IPv4	165.245.172.157	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Sandston, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 16443846184e...); duration: 1s; 5 events.	2026-05-29
IPv4	185.254.75.52	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.254.75.52 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_anonymous); AbuseIPDB (brute-force, critical, ddos).	2026-05-29
IPv4	219.151.190.165	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-30
IPv4	120.27.196.56	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 120.27.196.56 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-30
IPv4	82.156.0.185	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. Attacker IP from Beijing, China (AS45090, Shenzhen Tencent Computer Systems Company Limited). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 3s; 5 events.	2026-05-30
IPv4	23.234.113.76	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack. Attacker IP from Salt Lake City, United States. Observed targeting healthcare sector honeypot medtech-hp-01 via h0neytr4p. 2 events.	2026-05-30
IPv4	103.16.117.30	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Indonesia (AS55688, PT. Beon Intermedia). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 2s; 5 events.	2026-05-30
IPv4	34.12.160.27	Score: 57/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, anomaly:burst. IP observed in Suricata network metadata	2026-05-30
IPv4	101.126.89.57	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported, abuseipdb:port-scan. 101.126.89.57 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-30
IPv4	109.195.179.94	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-30
IPv4	101.96.220.35	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 101.96.220.35 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	41.33.90.68	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 41.33.90.68 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	84.247.162.143	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 1s; 5 events.	2026-05-30
IPv4	45.154.98.96	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-30
IPv4	34.81.247.125	Score: 58/100. Labels: abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. IP observed in Suricata network metadata	2026-05-30
IPv4	20.104.200.136	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-30
IPv4	46.163.144.31	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-30
IPv4	159.69.6.143	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-30
IPv4	69.6.203.45	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-30
IPv4	2.58.202.98	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 2.58.202.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, hacking, moderate).	2026-05-30
IPv4	85.175.72.188	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 85.175.72.188 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (10 commands), 5 malware samples. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	47.242.212.105	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 47.242.212.105 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	177.181.7.199	Score: 69/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 177.181.7.199 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, iot-targeted).	2026-05-30
IPv4	194.187.179.187	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 194.187.179.187 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-30
IPv4	164.160.33.119	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Ivory Coast (AS328025, VEONE). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 2s; 5 events.	2026-05-30
IPv4	47.253.201.84	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 47.253.201.84 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	115.127.68.162	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:port-scan. 115.127.68.162 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-30
IPv4	115.190.4.225	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 115.190.4.225 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	115.190.230.82	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 115.190.230.82 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands). Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	41.89.227.164	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Baricho, Kenya (AS36914, Kenya Education Network). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 10s; 4 events.	2026-05-30
IPv4	91.231.89.17	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 91.231.89.17 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-30
IPv4	45.233.218.160	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Criciúma, Brazil (AS267340, ONDATURBO LTDA - ME). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 2s; 5 events.	2026-05-30
IPv4	110.40.134.47	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 110.40.134.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-30
IPv4	77.90.185.17	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 77.90.185.17 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level3); AbuseIPDB (brute-force, hacking, iot-targeted).	2026-05-30
IPv4	80.94.95.116	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Romania (AS204428, SS-Net). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.10.5 (HASSH: 1f2f2f9b0a73...); duration: 3s; 5 events.	2026-05-30
IPv4	80.94.95.115	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 80.94.95.115 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	91.107.240.99	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 91.107.240.99 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Observed activity: 2 command sessions (2 commands). Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	34.80.111.71	Score: 51/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, canary:bait-refinery, canary:refinery-ssh-key. IP observed in Suricata network metadata	2026-05-30
IPv4	157.245.247.139	Score: 76/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. 1 events.	2026-05-30
IPv4	45.148.10.159	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.148.10.159 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	34.125.86.206	Score: 66/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:web-attack. 34.125.86.206 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, moderate).	2026-05-30
IPv4	45.182.27.156	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-30
IPv4	47.84.191.250	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.84.191.250 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	121.29.149.14	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:iot-targeted. 121.29.149.14 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-30
IPv4	123.160.174.198	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 123.160.174.198 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-30
IPv4	23.239.12.34	Score: 70/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. IP observed in Suricata network metadata	2026-05-30
IPv4	159.89.230.220	Score: 57/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. IP observed in Suricata network metadata	2026-05-30
IPv4	154.83.14.94	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. Attacker IP from Seychelles (AS142403, YISU CLOUD LTD) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 7s; 5 events.	2026-05-30
IPv4	8.208.81.42	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 8.208.81.42 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	104.237.153.204	Score: 74/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 104.237.153.204 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-30
IPv4	134.122.28.193	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 134.122.28.193 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	74.207.252.40	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 74.207.252.40 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	173.255.221.52	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 173.255.221.52 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	204.48.22.120	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 204.48.22.120 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	23.239.12.100	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 23.239.12.100 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, low).	2026-05-30
IPv4	45.70.216.236	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. IP observed in Suricata network metadata	2026-05-30
IPv4	43.248.99.232	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 43.248.99.232 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	185.147.40.148	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 185.147.40.148 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	20.116.59.164	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Toronto, Canada. Observed targeting energy sector honeypot petroleum-hp-01 via h0neytr4p. duration: 24s; 102 events.	2026-05-30
IPv4	46.101.253.153	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 46.101.253.153 observed using TLS client fingerprint 'Unknown TLS Client (2a3322ff12fd)' 3 times when connecting to db1lapetro between 2026-05-30 00:45 and 2026-05-30 00:45 UTC.	2026-05-30
IPv4	209.38.201.184	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP 209.38.201.184 observed using TLS client fingerprint 'Unknown TLS Client (2a3322ff12fd)' 3 times when connecting to db1lapetro between 2026-05-30 00:46 and 2026-05-30 00:46 UTC.	2026-05-30
IPv4	34.181.215.59	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, canary:bait-refinery. Attacker IP 34.181.215.59 observed using HTTP client fingerprint 'HTTP Client: Mozilla/5.0 (X11; FreeBSD amd64) AppleWebKit/537.36 (KHTML, ...' 383 times when connecting to db1lapetro between 2026-05-30 00:48 and 2026-05-30 00:48 UTC.	2026-05-30
IPv4	159.89.154.198	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 159.89.154.198 observed using TLS client fingerprint 'Unknown TLS Client (2a3322ff12fd)' 7 times when connecting to db1lapetro between 2026-05-30 00:46 and 2026-05-30 00:46 UTC.	2026-05-30
IPv4	45.33.84.187	Score: 60/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP 45.33.84.187 observed using TLS client fingerprint 'Unknown TLS Client (7cd520ec1448)' 7 times when connecting to db1lapetro between 2026-05-30 00:46 and 2026-05-30 00:46 UTC.	2026-05-30
IPv4	172.94.9.73	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 172.94.9.73 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	125.36.92.11	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 125.36.92.11 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	82.156.34.74	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 82.156.34.74 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	45.79.5.120	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 45.79.5.120 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	111.30.98.26	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 111.30.98.26 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, hacking).	2026-05-30
IPv4	3.145.139.111	Score: 54/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. IP observed in Suricata network metadata	2026-05-30
IPv4	180.124.118.202	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 180.124.118.202 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-30
IPv4	45.154.244.166	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 45.154.244.166 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, high).	2026-05-30
IPv4	44.220.188.125	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 44.220.188.125 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-05-30
IPv4	62.68.75.59	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 62.68.75.59 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-30
IPv4	3.136.233.55	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 41s; 2 events.	2026-05-30
IPv4	118.212.122.251	Score: 57/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:multi-reported, abuseipdb:port-scan. 118.212.122.251 classified as attacker with unclear intent (low confidence). Origin: enriched.	2026-05-30
IPv4	18.191.151.134	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 4m 30s; 3 events.	2026-05-30
IPv4	143.198.115.76	Score: 68/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:ssh. 143.198.115.76 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-30
IPv4	176.65.139.12	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 176.65.139.12 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	34.79.174.207	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 34.79.174.207 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	34.140.157.193	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-30
IPv4	39.105.76.156	Score: 56/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 39.105.76.156 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, low, port-scan).	2026-05-30
IPv4	161.35.17.235	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 161.35.17.235 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Observed activity: 2 malware samples. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	34.86.138.84	Score: 55/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack, canary:bait-refinery. 34.86.138.84 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, port-scan).	2026-05-30
IPv4	117.102.4.133	Score: 82/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. IP observed in Suricata network metadata	2026-05-30
IPv4	43.165.190.208	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Tokyo, Japan (AS132203, Tencent Building, Kejizhongyi Avenue). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 1s; 5 events.	2026-05-30
IPv4	203.23.199.87	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Mongolia (AS17882, UNIVISION LLC). Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 2s; 5 events.	2026-05-30
IPv4	101.96.210.82	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 101.96.210.82 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-30
IPv4	201.17.146.173	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Nova Lima, Brazil (AS28573, Claro NXT Telecomunicacoes Ltda). Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 2s; 5 events.	2026-05-30
IPv4	196.196.150.100	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-30
IPv4	136.248.121.226	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. IP observed in Suricata network metadata	2026-05-30
IPv4	185.100.157.74	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 185.100.157.74 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	14.18.96.22	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 14.18.96.22 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	3.21.92.229	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. IP observed in Suricata network metadata	2026-05-30
IPv4	34.19.249.0	Score: 51/100. Labels: abuseipdb:brute-force, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, canary:bait-refinery, canary:refinery-ssh-key. 34.19.249.0 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, low, reported).	2026-05-30
IPv4	18.220.124.161	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:multi-reported. 18.220.124.161 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	45.92.1.83	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 45.92.1.83 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level4); AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	131.0.235.131	Score: 81/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low. 131.0.235.131 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-30
IPv4	46.100.15.170	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 46.100.15.170 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	106.13.44.224	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 106.13.44.224 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	107.172.230.181	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan. 107.172.230.181 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	35.234.159.250	Score: 65/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 35.234.159.250 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, hacking).	2026-05-30
IPv4	45.148.10.244	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 45.148.10.244 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	117.72.35.182	Score: 92/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 117.72.35.182 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands). Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-30
IPv4	35.241.146.218	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, canary:bait-refinery. IP observed in Suricata network metadata	2026-05-30
IPv4	136.118.75.216	Score: 50/100. Labels: abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie, fatt. Attacker IP 136.118.75.216 observed using TLS client fingerprint 'Unknown TLS Client (2a3322ff12fd)' 2 times when connecting to offbackup1 between 2026-05-30 03:14 and 2026-05-30 03:14 UTC.	2026-05-30
IPv4	120.48.98.75	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 120.48.98.75 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	213.210.37.92	Score: 89/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 213.210.37.92 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-30
IPv4	62.72.30.141	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Mumbai, India (AS47583, Hostinger International Limited) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	143.198.143.161	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 143.198.143.161 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	218.17.244.234	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Shenzhen, China (AS4134, Chinanet). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	157.245.50.190	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Singapore, Singapore (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	104.248.202.196	Score: 73/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 104.248.202.196 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-30
IPv4	149.88.81.206	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Kwai Chung, Hong Kong (AS401696, cognetcloud INC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 1s; 2 events.	2026-05-30
IPv4	178.128.19.97	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high. Attacker IP from Singapore, Singapore (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	72.61.227.194	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 72.61.227.194 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-30
IPv4	139.59.111.210	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. Attacker IP from Singapore, Singapore (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	160.250.133.162	Score: 88/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Vietnam (AS150895, EZ TECHNOLOGY COMPANY LIMITED). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 15m 0s; 8 events.	2026-05-30
IPv4	160.191.54.23	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Hanoi, Vietnam (AS150862, VPSTTT COMPUTER COMPANY LIMITED) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 14m 25s; 8 events.	2026-05-30
IPv4	119.59.102.161	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Thailand (AS56067, 453 Ladplacout Jorakhaebua). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 1s; 2 events.	2026-05-30
IPv4	1.234.20.61	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. Attacker IP from Gangnam-gu, South Korea (AS9318, SK Broadband Co Ltd). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	190.108.89.215	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Peru (AS18678, INTERNEXA S.A. E.S.P). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 17m 13s; 10 events.	2026-05-30
IPv4	103.204.43.85	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Bangladesh (AS151820, Max Speed). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	124.158.10.21	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. Attacker IP from Vietnam (AS38733, CMC Telecom Infrastructure Company). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	131.100.209.128	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Brazil (AS61652, Webplus Brasil Ltda Me). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 18m 16s; 10 events.	2026-05-30
IPv4	150.95.26.141	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Japan (AS135161, GMO-Z com NetDesign Holdings Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 14m 57s; 8 events.	2026-05-30
IPv4	5.175.45.231	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 5.175.45.231 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	173.212.241.181	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 14m 57s; 10 events.	2026-05-30
IPv4	47.89.246.144	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from United States (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 6m 24s; 6 events.	2026-05-30
IPv4	112.74.40.193	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Shenzhen, China (AS37963, Hangzhou Alibaba Advertising Co.,Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 1s; 2 events.	2026-05-30
IPv4	8.215.205.243	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Jakarta, Indonesia (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 19m 56s; 10 events.	2026-05-30
IPv4	14.225.255.159	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Vietnam (AS135905, VIETNAM POSTS AND TELECOMMUNICATIONS GROUP). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	64.150.165.48	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 64.150.165.48 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2).	2026-05-30
IPv4	140.82.28.70	Score: 84/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Miami, United States (AS20473, The Constant Company, LLC). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 18m 49s; 14 events.	2026-05-30
IPv4	47.254.192.95	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Kuala Lumpur, Malaysia (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	38.248.6.208	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Newark, United States (AS174, Cogent Communications, LLC). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	45.10.151.248	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Türkiye (AS214941, Upcell Telekomunikasyon Limited Sirketi). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 16m 26s; 10 events.	2026-05-30
IPv4	119.8.166.13	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Singapore, Singapore (AS136907, HUAWEI CLOUDS) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	65.21.62.219	Score: 78/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Helsinki, Finland (AS24940, Hetzner Online GmbH) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 18m 38s; 12 events.	2026-05-30
IPv4	5.189.161.137	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 18m 38s; 12 events.	2026-05-30
IPv4	8.213.81.38	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Riyadh, Saudi Arabia (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 19m 18s; 10 events.	2026-05-30
IPv4	47.243.45.246	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. 47.243.45.246 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	103.106.104.25	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Vietnam (AS151858, INTERDIGI JOINT STOCK COMPANY). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 19m 54s; 10 events.	2026-05-30
IPv4	185.217.126.16	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 185.217.126.16 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	47.242.189.67	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Hong Kong, Hong Kong (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 19m 5s; 10 events.	2026-05-30
IPv4	57.131.49.91	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Italy (AS16276, OVH SAS) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 18m 18s; 12 events.	2026-05-30
IPv4	82.165.104.144	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 82.165.104.144 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	62.171.160.133	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 15m 7s; 10 events.	2026-05-30
IPv4	38.242.232.186	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 16m 26s; 10 events.	2026-05-30
IPv4	152.32.182.220	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 152.32.182.220 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	47.243.170.143	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:multi-reported. Attacker IP from Hong Kong, Hong Kong (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	5.188.156.61	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from St Petersburg, Russia (AS49505, JSC Selectel). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 16m 4s; 10 events.	2026-05-30
IPv4	167.71.87.254	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 167.71.87.254 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	8.210.59.99	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Hong Kong, Hong Kong (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 1 events.	2026-05-30
IPv4	47.83.179.47	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 47.83.179.47 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	157.245.197.171	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Singapore, Singapore (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 1s; 2 events.	2026-05-30
IPv4	47.75.99.54	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.75.99.54 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	43.98.255.36	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. Attacker IP from Singapore (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 14m 27s; 8 events.	2026-05-30
IPv4	203.161.63.6	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 203.161.63.6 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-05-30
IPv4	146.190.139.182	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Santa Clara, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 17m 32s; 12 events.	2026-05-30
IPv4	47.82.233.135	Score: 87/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 47.82.233.135 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, ftp-brute, hacking).	2026-05-30
IPv4	206.162.244.24	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from United States (AS53850, GorillaServers, Inc.). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 16m 6s; 12 events.	2026-05-30
IPv4	87.106.162.50	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Germany (AS8560, IONOS SE). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 18m 33s; 12 events.	2026-05-30
IPv4	8.217.171.64	Score: 93/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. 8.217.171.64 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, exploited-host, ftp-brute).	2026-05-30
IPv4	163.44.192.82	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Vietnam (AS131392, GMO-Z.com Runsystem Joint Stock Company). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	118.145.233.138	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from China (AS137718, Beijing Volcano Engine Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	147.182.160.19	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 16m 3s; 12 events.	2026-05-30
IPv4	15.235.185.182	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Singapore (AS16276, OVH SAS) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 19m 46s; 10 events.	2026-05-30
IPv4	27.112.79.9	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported. 27.112.79.9 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, ddos, ftp-brute).	2026-05-30
IPv4	47.253.82.89	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.253.82.89 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	206.189.39.63	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Singapore, Singapore (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	31.220.86.196	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 18m 31s; 12 events.	2026-05-30
IPv4	188.64.138.89	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from Drongelen, The Netherlands (AS211041, Connectra B.V.). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 17m 33s; 12 events.	2026-05-30
IPv4	47.238.103.64	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan. 47.238.103.64 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ftp-brute, hacking).	2026-05-30
IPv4	43.156.108.197	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Singapore, Singapore (AS132203, Tencent Building, Kejizhongyi Avenue). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 14m 43s; 8 events.	2026-05-30
IPv4	43.225.52.111	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. Attacker IP from United Arab Emirates (AS394695, PDR). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	194.163.136.225	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Lauterbourg, France (AS51167, Contabo GmbH). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 18m 21s; 12 events.	2026-05-30
IPv4	108.174.147.120	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Vinhedo, Brazil (AS31898, Oracle Corporation). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 8m 39s; 6 events.	2026-05-30
IPv4	47.90.206.27	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. 47.90.206.27 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	191.252.111.63	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan. Attacker IP from Brazil (AS27715, Locaweb Servicos de Internet SA). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	5.227.172.13	Score: 91/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:reported, cowrie. Attacker IP from Russia (AS49154, MTS PJSC). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 14m 21s; 8 events.	2026-05-30
IPv4	47.252.4.107	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 47.252.4.107 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	68.178.161.20	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS26496, GoDaddy.com, LLC). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	103.98.152.120	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Ho Chi Minh City, Vietnam (AS131374, HQG Technology Solutions Joint Stock Company). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	104.105.81.199	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Milan, Italy (AS63949, Akamai Connected Cloud) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 14m 40s; 10 events.	2026-05-30
IPv4	197.140.9.224	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Algeria (AS36891, Sarl Icosnet). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	135.125.107.224	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported. P0f: OS: Linux 2.2.x-3.x, link: Ethernet or modem, dist: 27, uptime: 33 days 1 hrs 13 min (modulo 49 days) (last seen 2026-05-30T05:33:08.000Z)	2026-05-30
IPv4	119.47.88.254	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Indonesia (AS38527, JAWA POS NATIONAL NETWORK MEDIALINK, PT). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 14m 29s; 8 events.	2026-05-30
IPv4	157.245.141.140	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from North Bergen, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 18m 4s; 14 events.	2026-05-30
IPv4	5.63.21.245	Score: 70/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie. 5.63.21.245 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, moderate).	2026-05-30
IPv4	47.86.201.90	Score: 77/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 47.86.201.90 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-30
IPv4	165.22.177.234	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 165.22.177.234 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	47.86.238.45	Score: 72/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 47.86.238.45 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-30
IPv4	23.251.128.185	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 23.251.128.185 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	2.59.183.60	Score: 98/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 2.59.183.60 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking).	2026-05-30
IPv4	218.93.190.170	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 218.93.190.170 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	157.230.99.66	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted. 157.230.99.66 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	161.97.115.179	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 161.97.115.179 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	134.209.122.215	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. 134.209.122.215 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-30
IPv4	20.187.184.86	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Hong Kong, Hong Kong (AS8075, Microsoft Corporation). Observed targeting technology sector honeypot msp-rmm-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.12.0 (HASSH: af8223ac9914...); duration: 2s; 5 events.	2026-05-30
IPv4	118.145.244.202	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from China (AS137718, Beijing Volcano Engine Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. 2 events.	2026-05-30
IPv4	103.251.247.198	Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from Dhaka, Bangladesh (AS134970, Tuhin Enterprise Bangladesh). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 14m 32s; 8 events.	2026-05-30
IPv4	8.211.28.246	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Frankfurt am Main, Germany (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 17m 35s; 12 events.	2026-05-30
IPv4	103.27.206.6	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Indonesia (AS55688, PT. Beon Intermedia). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 14m 42s; 8 events.	2026-05-30
IPv4	43.98.124.198	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Singapore (AS45102, Alibaba US Technology Co., Ltd.). Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 14m 0s; 8 events.	2026-05-30
IPv4	178.156.198.226	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Ashburn, United States (AS213230, Hetzner Online GmbH) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via heralding. duration: 11m 26s; 10 events.	2026-05-30
IPv4	3.148.222.95	Score: 97/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 4m 13s; 4 events.	2026-05-30
IPv4	45.156.87.166	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP from Eygelshoven, The Netherlands (AS51396, Pfcloud UG (haftungsbeschrankt)) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-Go (HASSH: 0a07365cc01f...); duration: 2s; 5 events.	2026-05-30
IPv4	35.228.160.117	Score: 75/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. Attacker IP 35.228.160.117 observed using TLS client fingerprint 'Unknown TLS Client (082f07b3f5bc)' 383 times when connecting to offbackup1 between 2026-05-30 05:24 and 2026-05-30 05:24 UTC.	2026-05-30
IPv4	123.160.174.53	Score: 58/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:low, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 123.160.174.53 classified as botnet node participating in coordinated attack campaigns (medium confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, low).	2026-05-30
IPv4	182.138.158.43	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:moderate. 182.138.158.43 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, ddos, exploited-host).	2026-05-30
IPv4	112.119.21.245	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. Attacker IP 112.119.21.245 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 14 times when connecting to mdms1 between 2026-05-30 05:09 and 2026-05-30 05:25 UTC.	2026-05-30
IPv4	34.156.70.171	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 34.156.70.171 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-30
IPv4	34.107.60.108	Score: 62/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, canary:bait-refinery. Attacker IP 34.107.60.108 observed using TLS client fingerprint 'Unknown TLS Client (082f07b3f5bc)' 383 times when connecting to db1lapetro between 2026-05-30 05:09 and 2026-05-30 05:10 UTC.	2026-05-30
IPv4	34.79.77.73	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 34.79.77.73 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	35.195.112.225	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 35.195.112.225 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	106.12.128.184	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP 106.12.128.184 observed using SSH client fingerprint 'Unknown SSH Client (f555226df196)' 11 times when connecting to mdms1 between 2026-05-30 05:03 and 2026-05-30 05:31 UTC.	2026-05-30
IPv4	3.145.143.53	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via honeytrap. duration: 4m 17s; 5 events.	2026-05-30
IPv4	45.137.194.88	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. IP observed in Suricata network metadata	2026-05-30
IPv4	103.168.66.141	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 103.168.66.141 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	8.148.183.191	Score: 67/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:reported-export. 8.148.183.191 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).	2026-05-30
IPv4	18.218.121.66	Score: 83/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. Attacker IP from Columbus, United States (AS16509, Amazon.com, Inc.) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via conpot. duration: 3m 28s; 16 events.	2026-05-30
IPv4	116.198.232.100	Score: 67/100. Labels: abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported, cowrie, firehol:unlisted. 116.198.232.100 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (hacking, moderate, port-scan).	2026-05-30
IPv4	80.94.95.118	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:port-scan, abuseipdb:reported. 80.94.95.118 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, hacking).	2026-05-30
IPv4	34.156.174.138	Score: 71/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 34.156.174.138 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-30
IPv4	34.38.188.230	Score: 63/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:multi-reported, abuseipdb:port-scan. 34.38.188.230 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).	2026-05-30
IPv4	141.98.11.117	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 141.98.11.117 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_30d, firehol_level1); AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	213.171.208.62	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 213.171.208.62 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_abusers_1d, firehol_level2); AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	121.167.15.73	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 121.167.15.73 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, ddos).	2026-05-30
IPv4	72.56.80.116	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 72.56.80.116 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ftp-brute).	2026-05-30
IPv4	203.25.124.68	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported, abuseipdb:web-attack. 203.25.124.68 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, hacking).	2026-05-30
IPv4	62.16.33.187	Score: 59/100. Labels: abuseipdb:brute-force, abuseipdb:hacking, abuseipdb:low, abuseipdb:reported, abuseipdb:web-attack, cowrie. 62.16.33.187 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (brute-force, hacking, low).	2026-05-30
IPv4	115.131.3.84	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 115.131.3.84 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level4); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	209.38.68.31	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking, abuseipdb:port-scan. Attacker IP from Santa Clara, United States (AS14061, DigitalOcean, LLC) [VPN/hosting provider]. Observed targeting government sector honeypot backup-hp-01 via cowrie. Session included 1 failed login attempt, 1 credential pair tried across 1 unique username. SSH client: SSH-2.0-libssh_0.9.6 (HASSH: f555226df196...); duration: 1s; 5 events.	2026-05-30
IPv4	64.89.162.87	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. Attacker IP from United States (AS198584, PIO-Hosting GmbH) [VPN/hosting provider]. Observed targeting energy sector honeypot petroleum-hp-01 via cowrie. 2 events.	2026-05-30
IPv4	101.35.46.45	Score: 94/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:port-scan. 101.35.46.45 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30
IPv4	47.237.207.19	Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 47.237.207.19 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).	2026-05-30