{ "type": "IPv4", "indicator": "40.77.167.151", "general": { "whois": "http://whois.domaintools.com/40.77.167.151", "reputation": 0, "indicator": "40.77.167.151", "type": "IPv4", "type_title": "IPv4", "base_indicator": { "id": 1169084285, "indicator": "40.77.167.151", "type": "IPv4", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 50, "pulses": [ { "id": "6a1bef48177a946e63e4e905", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-30", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-31T08:20:24.246000", "created": "2026-05-31T08:20:24.246000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-30/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 274 }, "indicator_count": 274, "is_author": false, "is_subscribing": null, "subscriber_count": 1530, "modified_text": "13 hours ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69f42544e921b701eb2e4e9b", "name": "DugganUSA Threat Intel 2026-05-01 #1", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-31T05:19:13.706000", "created": "2026-05-01T04:00:04.285000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Hong Kong", "Singapore", "United States of America", "India", "Bangladesh", "Malaysia", "Poland", "Japan", "Mexico", "Brazil", "Finland", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Australia", "South Africa", "Canada", "Netherlands", "France", "Ireland", "Switzerland", "Morocco", "Sweden", "New Zealand", "Italy", "Russian Federation", "Argentina", "Lebanon", "Norway", "Venezuela, Bolivarian Republic of", "Ukraine", "Lithuania", "Latvia", "Kenya", "Taiwan", "Belgium", "Indonesia", "Kyrgyzstan", "Romania", "Korea, Republic of", "Serbia", "United Arab Emirates" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "16 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6a1a9dd92ac1ac6a38d285d4", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-29", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-30T08:20:41.412000", "created": "2026-05-30T08:20:41.412000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-29/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 319 }, "indicator_count": 319, "is_author": false, "is_subscribing": null, "subscriber_count": 1531, "modified_text": "1 day ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69f2d3c60a0790c6170037d9", "name": "DugganUSA Threat Intel 2026-04-30 #1", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-30T04:04:00.214000", "created": "2026-04-30T04:00:06.154000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Hong Kong", "Singapore", "Bangladesh", "United States of America", "India", "Malaysia", "Poland", "Japan", "Mexico", "Brazil", "Finland", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Australia", "South Africa", "Canada", "Netherlands", "France", "Ireland", "Switzerland", "Morocco", "Sweden", "New Zealand", "Russian Federation", "Argentina", "Norway", "Venezuela, Bolivarian Republic of", "Ukraine", "Lithuania", "Kenya", "Taiwan", "Belgium", "Kyrgyzstan", "Romania", "Serbia", "United Arab Emirates", "Korea, Republic of", "Iceland" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 192, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6a194c5d8591f193c3fd4d91", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-28", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-29T08:20:45.308000", "created": "2026-05-29T08:20:45.308000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-28/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 300 }, "indicator_count": 300, "is_author": false, "is_subscribing": null, "subscriber_count": 1530, "modified_text": "2 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69f18247f87709be6de3fd56", "name": "DugganUSA Threat Intel 2026-04-29 #1", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-29T04:00:47.823000", "created": "2026-04-29T04:00:07.365000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Hong Kong", "Singapore", "United States of America", "India", "Bangladesh", "Poland", "Japan", "Mexico", "Brazil", "Finland", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Australia", "South Africa", "Canada", "Netherlands", "France", "Ireland", "Switzerland", "Morocco", "Sweden", "New Zealand", "Italy", "Russian Federation", "Argentina", "Norway", "Venezuela, Bolivarian Republic of", "Ukraine", "Lithuania", "Kenya", "Taiwan", "Belgium", "Kyrgyzstan", "Romania", "Malaysia", "Serbia", "United Arab Emirates", "Korea, Republic of" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "2 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69f06e445dd7932ccefb9058", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-04-27", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-28T08:26:05.301000", "created": "2026-04-28T08:22:28.828000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-04-27/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 1532, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6a17fada2a7449eda905305e", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-27", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-28T08:20:42.796000", "created": "2026-05-28T08:20:42.796000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-27/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 471 }, "indicator_count": 471, "is_author": false, "is_subscribing": null, "subscriber_count": 1531, "modified_text": "3 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69f030cafe5566b4669264e3", "name": "DugganUSA Threat Intel 2026-04-28 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-28T04:06:43.668000", "created": "2026-04-28T04:00:10.514000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Singapore", "Korea, Republic of", "Germany", "Hong Kong", "Brazil", "Japan", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Russian Federation", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Israel", "Spain", "Malaysia", "United Kingdom of Great Britain and Northern Ireland", "Denmark", "Lithuania", "Liechtenstein", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 18, "hostname": 38 }, "indicator_count": 56, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6a16a95c168b6f9eb233255a", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-26", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-27T08:20:44.275000", "created": "2026-05-27T08:20:44.275000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-26/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 283 }, "indicator_count": 283, "is_author": false, "is_subscribing": null, "subscriber_count": 1531, "modified_text": "4 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69eedf451102113cc49a2de6", "name": "DugganUSA Threat Intel 2026-04-27 #1", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-27T04:13:05.385000", "created": "2026-04-27T04:00:05.558000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Hong Kong", "Singapore", "Pakistan", "United States of America", "India", "Bangladesh", "Poland", "Japan", "Myanmar", "Mexico", "Brazil", "Finland", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Australia", "South Africa", "Canada", "Netherlands", "France", "Ireland", "Switzerland", "Morocco", "Sweden", "Italy", "Russian Federation", "Argentina", "Norway", "Venezuela, Bolivarian Republic of", "Ukraine", "Lithuania", "Kenya", "Taiwan", "Belgium", "Korea, Republic of", "Kyrgyzstan", "Romania", "Malaysia", "Serbia", "United Arab Emirates" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "4 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69edcc16c8df515dc78baf07", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-04-25", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-26T08:22:13.740000", "created": "2026-04-26T08:25:58.637000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-04-25/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 1532, "modified_text": "5 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69ec3c474333121ea703e355", "name": "DugganUSA Threat Intel 2026-04-25 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-25T04:21:46.500000", "created": "2026-04-25T04:00:07.334000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Belgium", "Netherlands", "United Kingdom of Great Britain and Northern Ireland", "Japan", "Sweden", "Russian Federation", "Serbia", "United Arab Emirates", "Korea, Republic of", "Canada", "India", "Singapore", "Hong Kong", "Germany", "China", "Brazil", "Iceland", "Poland", "Mexico", "Australia", "Switzerland", "Norway", "France", "Italy", "Ireland", "Romania", "Israel", "Spain", "Uzbekistan", "Denmark", "Lithuania", "Liechtenstein" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 19, "hostname": 47 }, "indicator_count": 66, "is_author": false, "is_subscribing": null, "subscriber_count": 196, "modified_text": "6 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69eaeac55b98cb8c1969d267", "name": "DugganUSA Threat Intel 2026-04-24 #1", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-24T04:25:58.622000", "created": "2026-04-24T04:00:05.616000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Hong Kong", "Singapore", "India", "Bangladesh", "United States of America", "Poland", "Japan", "Mexico", "Brazil", "Finland", "Sweden", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Australia", "South Africa", "Canada", "Netherlands", "France", "Ireland", "Switzerland", "Morocco", "New Zealand", "Italy", "Russian Federation", "T\u00fcrkiye", "Argentina", "Norway", "Venezuela, Bolivarian Republic of", "Ukraine", "Lithuania", "Kenya", "Taiwan", "Belgium", "Kyrgyzstan", "Romania", "Malaysia", "Serbia", "United Arab Emirates", "Korea, Republic of" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "7 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6a11635d0edd58363945073e", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-22", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-23T08:20:45.832000", "created": "2026-05-23T08:20:45.832000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-22/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 263 }, "indicator_count": 263, "is_author": false, "is_subscribing": null, "subscriber_count": 1531, "modified_text": "8 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69e99945a8a9f2af9ea0bd72", "name": "DugganUSA Threat Intel 2026-04-23 #1", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-23T04:13:23.120000", "created": "2026-04-23T04:00:05.209000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Hong Kong", "Singapore", "Indonesia", "India", "Bangladesh", "United States of America", "Poland", "Japan", "Philippines", "Mexico", "Brazil", "Finland", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Australia", "South Africa", "Canada", "Netherlands", "France", "Ireland", "Switzerland", "Morocco", "Sweden", "New Zealand", "Italy", "Russian Federation", "T\u00fcrkiye", "Argentina", "Paraguay", "Norway", "Venezuela, Bolivarian Republic of", "Ukraine", "Lithuania", "Kenya", "Taiwan", "Belgium", "Kyrgyzstan", "Romania", "Malaysia", "Israel", "Serbia", "United Arab Emirates", "Korea, Republic of" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69e847c8886880730d8fef93", "name": "DugganUSA Threat Intel 2026-04-22 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-22T04:20:13.230000", "created": "2026-04-22T04:00:08.861000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Korea, Republic of", "Singapore", "Germany", "Hong Kong", "China", "Brazil", "Japan", "Indonesia", "Iceland", "Poland", "Netherlands", "Sweden", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Russian Federation", "Israel", "Spain", "United Kingdom of Great Britain and Northern Ireland", "France", "Denmark", "Lithuania", "Liechtenstein", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 19, "hostname": 38 }, "indicator_count": 57, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "9 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69e6f65314353847f7265ba3", "name": "DugganUSA Threat Intel 2026-04-21 #1", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-21T04:01:18.280000", "created": "2026-04-21T04:00:19.406000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "China", "Hong Kong", "Singapore", "Kenya", "South Africa", "Pakistan", "Bangladesh", "India", "Poland", "Japan", "Mexico", "Colombia", "Germany", "Brazil", "Finland", "Ireland", "United Kingdom of Great Britain and Northern Ireland", "Australia", "Lithuania", "Canada", "Netherlands", "France", "Switzerland", "Morocco", "Viet Nam", "Sweden", "New Zealand", "Italy", "Russian Federation", "Argentina", "Norway", "Kyrgyzstan", "Venezuela, Bolivarian Republic of", "Ukraine", "Taiwan", "Belgium", "Romania", "Serbia", "United Arab Emirates", "Korea, Republic of" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69e5e2b93892b5b5c5c17ed3", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-04-19", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-20T08:09:05.426000", "created": "2026-04-20T08:24:25.282000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-04-19/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 1529, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69e5a4ce47b42285c45fa9ed", "name": "DugganUSA Threat Intel 2026-04-20 #1", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-20T04:22:58.740000", "created": "2026-04-20T04:00:14.865000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "China", "Hong Kong", "Singapore", "South Africa", "India", "Bangladesh", "Poland", "Japan", "Mexico", "Brazil", "Finland", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Philippines", "Australia", "Lithuania", "Canada", "Netherlands", "Austria", "France", "Ireland", "Switzerland", "Morocco", "Sweden", "New Zealand", "Russian Federation", "Argentina", "Norway", "Venezuela, Bolivarian Republic of", "Ukraine", "Kenya", "Taiwan", "Belgium", "Kyrgyzstan", "Romania", "Serbia", "United Arab Emirates", "Korea, Republic of" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6a0c1d7fbb91bb4762653cb9", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-18", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-19T08:21:19.476000", "created": "2026-05-19T08:21:19.476000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-18/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 189 }, "indicator_count": 189, "is_author": false, "is_subscribing": null, "subscriber_count": 1531, "modified_text": "12 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69e49217c4689e33cc4dc977", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-04-18", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-19T08:01:52.363000", "created": "2026-04-19T08:28:07.025000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-04-18/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 1532, "modified_text": "12 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69e453441b18a1a4aa6f024d", "name": "DugganUSA Threat Intel 2026-04-19 #1", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-19T04:17:14.504000", "created": "2026-04-19T04:00:04.148000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Hong Kong", "Singapore", "India", "Bangladesh", "United States of America", "Poland", "Japan", "Mexico", "Brazil", "Finland", "Sweden", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Australia", "South Africa", "Canada", "Netherlands", "Austria", "France", "Ireland", "Switzerland", "Morocco", "New Zealand", "Russian Federation", "Argentina", "Norway", "Venezuela, Bolivarian Republic of", "Ukraine", "Lithuania", "Kenya", "Taiwan", "Belgium", "Kyrgyzstan", "Romania", "Serbia", "United Arab Emirates", "Korea, Republic of" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "12 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69e301d0f788e055416ad9f7", "name": "DugganUSA Threat Intel 2026-04-18 #1", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-18T04:24:33.259000", "created": "2026-04-18T04:00:16.634000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Hong Kong", "Singapore", "India", "Bangladesh", "United States of America", "Poland", "Japan", "Mexico", "Brazil", "Finland", "Sweden", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Australia", "South Africa", "Canada", "Netherlands", "Italy", "Korea, Republic of", "Austria", "France", "Ireland", "Switzerland", "Morocco", "New Zealand", "Russian Federation", "Argentina", "Lithuania", "Norway", "Venezuela, Bolivarian Republic of", "Ukraine", "Kenya", "Taiwan", "Belgium", "Kyrgyzstan", "Romania", "Serbia", "United Arab Emirates" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69feade97906c965ce3a1a59", "name": "jan2,2025 clone Auto-generated Pulse CREATED 1 YEAR AGO MODIFIED 1 YEAR AGO by AlessandroFiori", "description": "", "modified": "2026-05-17T05:25:39.873000", "created": "2026-05-09T03:45:45.979000", "tags": [ "auto-generated security" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6776d3a8bad5e5591b90c296", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 148319, "hostname": 357 }, "indicator_count": 148676, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "14 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69feada1983b8b796eeb1b60", "name": "jan2.2025clone-Auto-generated Pulse CREATED 1 YEAR AGO MODIFIED 1 YEAR AGO by AlessandroFiori", "description": "", "modified": "2026-05-17T05:25:39.137000", "created": "2026-05-09T03:44:33.206000", "tags": [ "auto-generated security" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6776d3a8bad5e5591b90c296", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 148319, "hostname": 357 }, "indicator_count": 148676, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "14 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69e1b044fc603481a7ef0e89", "name": "DugganUSA Threat Intel 2026-04-17 #1", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-17T04:00:20.032000", "created": "2026-04-17T04:00:04.168000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Hong Kong", "Singapore", "India", "Bangladesh", "United States of America", "Poland", "Japan", "Mexico", "Brazil", "Finland", "Ireland", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Australia", "South Africa", "Canada", "Netherlands", "Korea, Republic of", "France", "Switzerland", "Morocco", "Sweden", "New Zealand", "Russian Federation", "Argentina", "Lithuania", "Norway", "Venezuela, Bolivarian Republic of", "Ukraine", "Kenya", "Taiwan", "Belgium", "Israel", "Kyrgyzstan", "Romania", "Serbia", "United Arab Emirates" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "14 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69e05ec4076a7289e15ab25d", "name": "DugganUSA Threat Intel 2026-04-16 #1", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-16T04:27:11.756000", "created": "2026-04-16T04:00:04.914000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Hong Kong", "Singapore", "United States of America", "India", "Bangladesh", "Poland", "Japan", "Mexico", "Brazil", "Finland", "Sweden", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Australia", "South Africa", "Canada", "Netherlands", "France", "Ireland", "Switzerland", "Morocco", "New Zealand", "Jamaica", "Russian Federation", "T\u00fcrkiye", "Argentina", "Norway", "Venezuela, Bolivarian Republic of", "Ukraine", "Syrian Arab Republic", "Lithuania", "Kenya", "Taiwan", "Belgium", "Kyrgyzstan", "Romania", "Malaysia", "Cambodia", "Serbia", "United Arab Emirates", "Korea, Republic of" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "15 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6a06d7fa7c072a3f8da4907b", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-14", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-15T08:23:21.444000", "created": "2026-05-15T08:23:21.444000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-14/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 233 }, "indicator_count": 233, "is_author": false, "is_subscribing": null, "subscriber_count": 1533, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69df4aaebc296672471fe662", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-04-14", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-15T08:01:13.934000", "created": "2026-04-15T08:22:06.770000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-04-14/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 1533, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69df0d676d7404f7fe08497c", "name": "DugganUSA Threat Intel 2026-04-15 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-15T04:05:48.765000", "created": "2026-04-15T04:00:38.993000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "Malaysia", "Netherlands", "United States of America", "Belgium", "United Kingdom of Great Britain and Northern Ireland", "Japan", "Cambodia", "Russian Federation", "Serbia", "United Arab Emirates", "Korea, Republic of", "Canada", "India", "Hong Kong", "Singapore", "Germany", "Brazil", "China", "Iceland", "Poland", "Pakistan", "Sweden", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Romania", "Israel", "Spain", "Denmark", "Lithuania", "Liechtenstein", "France" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 41, "domain": 18 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6a0585ee46d9d64f7630bde9", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-13", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-14T08:21:02.020000", "created": "2026-05-14T08:21:02.020000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-13/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 214 }, "indicator_count": 214, "is_author": false, "is_subscribing": null, "subscriber_count": 1532, "modified_text": "17 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69ddbbc87e54f91f9125fbca", "name": "DugganUSA Threat Intel 2026-04-14 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-14T04:01:31.012000", "created": "2026-04-14T04:00:08.335000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "Belgium", "United States of America", "United Kingdom of Great Britain and Northern Ireland", "Japan", "Russian Federation", "Serbia", "United Arab Emirates", "Korea, Republic of", "Canada", "India", "Hong Kong", "Singapore", "Germany", "Brazil", "China", "Iceland", "Poland", "Netherlands", "Pakistan", "Sweden", "Bulgaria", "Syrian Arab Republic", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Romania", "Israel", "Spain", "Uzbekistan", "Denmark", "Iraq", "Lithuania", "Liechtenstein", "France" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 42, "domain": 19 }, "indicator_count": 61, "is_author": false, "is_subscribing": null, "subscriber_count": 196, "modified_text": "17 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6a0434653ace13f88a8b7574", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-12", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-13T08:20:53.114000", "created": "2026-05-13T08:20:53.114000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-12/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 239 }, "indicator_count": 239, "is_author": false, "is_subscribing": null, "subscriber_count": 1532, "modified_text": "18 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69dc6a520cee325182f37d08", "name": "DugganUSA Threat Intel 2026-04-13 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-13T04:07:31.664000", "created": "2026-04-13T04:00:18.411000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Russian Federation", "Serbia", "United Arab Emirates", "Korea, Republic of", "Canada", "India", "Singapore", "Germany", "Hong Kong", "China", "Brazil", "Iceland", "Poland", "Netherlands", "T\u00fcrkiye", "Sweden", "Mexico", "Australia", "Norway", "Italy", "Ireland", "Romania", "Israel", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Uzbekistan", "Denmark", "Lithuania", "Liechtenstein", "France" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 41, "domain": 19 }, "indicator_count": 60, "is_author": false, "is_subscribing": null, "subscriber_count": 196, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6a03f74a45ec1801da790ddd", "name": "DugganUSA Threat Intel 2026-05-13 #2", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-13T04:00:10.425000", "created": "2026-05-13T04:00:10.425000", "tags": [ "dugganusa", "threat-intel", "country-sg", "country-us", "mixed-ip-domain" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "United Arab Emirates", "Korea, Republic of", "Canada", "India", "Hong Kong", "Singapore", "Indonesia", "Germany", "Brazil", "Japan", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Mexico", "United Kingdom of Great Britain and Northern Ireland", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Romania", "Russian Federation", "Israel", "Finland", "Spain", "Denmark", "Malaysia", "Lithuania", "Liechtenstein", "France", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 702, "domain": 26, "hostname": 57 }, "indicator_count": 785, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "18 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "6a02e2d80ef535f95a0c4563", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-11", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-12T08:20:40.154000", "created": "2026-05-12T08:20:40.154000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-11/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 227 }, "indicator_count": 227, "is_author": false, "is_subscribing": null, "subscriber_count": 1532, "modified_text": "19 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69db18c736b1266d8e75afa6", "name": "DugganUSA Threat Intel 2026-04-12 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-12T04:17:00.315000", "created": "2026-04-12T04:00:07.683000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany", "India", "Poland", "Australia", "Japan", "Netherlands", "France", "Kyrgyzstan", "China", "Switzerland", "Hong Kong", "Romania", "Belgium", "United Kingdom of Great Britain and Northern Ireland", "Russian Federation", "Serbia", "United Arab Emirates", "Korea, Republic of", "Canada", "Singapore", "Indonesia", "Brazil", "Iceland", "T\u00fcrkiye", "Sweden", "Mexico", "Norway", "Italy", "Israel", "Spain", "Ireland", "Denmark", "Georgia", "Lithuania", "Liechtenstein" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6a02a5c5020c98c3d1f4d122", "name": "DugganUSA Threat Intel 2026-05-12 #1", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-12T04:00:05.594000", "created": "2026-05-12T04:00:05.594000", "tags": [ "dugganusa", "threat-intel", "country-us", "country-cn", "ip-only" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Hong Kong", "Singapore", "United States of America", "India", "Bangladesh", "United Kingdom of Great Britain and Northern Ireland", "Poland", "Japan", "Mexico", "Germany", "Brazil", "Finland", "Australia", "South Africa", "Canada", "Netherlands", "France", "Ireland", "Switzerland", "Morocco", "Sweden", "New Zealand", "Italy", "Russian Federation", "Argentina", "Norway", "Venezuela, Bolivarian Republic of", "Ukraine", "Lithuania", "Kenya", "Taiwan", "Belgium", "Czechia", "Kyrgyzstan", "Romania", "Israel", "Serbia", "United Arab Emirates", "Korea, Republic of" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 998, "IPv6": 2 }, "indicator_count": 1000, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "19 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "6a019186851e3bc97a5d738b", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-10", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-11T08:21:26.799000", "created": "2026-05-11T08:21:26.799000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-10/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 215 }, "indicator_count": 215, "is_author": false, "is_subscribing": null, "subscriber_count": 1531, "modified_text": "20 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69d9c749b597d4ee829b4dfa", "name": "DugganUSA Threat Intel 2026-04-11 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-11T04:03:23.302000", "created": "2026-04-11T04:00:09.515000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Belgium", "Netherlands", "United Kingdom of Great Britain and Northern Ireland", "Japan", "Russian Federation", "Serbia", "China", "United Arab Emirates", "Korea, Republic of", "Germany", "Canada", "India", "Hong Kong", "Singapore", "Brazil", "Indonesia", "Lithuania", "Iceland", "Poland", "T\u00fcrkiye", "France", "Sweden", "Mexico", "Norway", "Italy", "Israel", "Spain", "Ireland", "Australia", "Romania", "Denmark", "Georgia", "Liechtenstein" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 42, "domain": 19 }, "indicator_count": 61, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "20 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6a0154445afc7b8de7d8962a", "name": "DugganUSA Threat Intel 2026-05-11 #1", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-11T04:00:04.609000", "created": "2026-05-11T04:00:04.609000", "tags": [ "dugganusa", "threat-intel", "country-us", "country-cn", "ip-only" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Hong Kong", "Singapore", "Pakistan", "India", "Bangladesh", "United States of America", "Mongolia", "United Kingdom of Great Britain and Northern Ireland", "Finland", "Poland", "Japan", "Mexico", "Viet Nam", "Brazil", "Germany", "Australia", "South Africa", "Lithuania", "Netherlands", "Canada", "Austria", "France", "Ireland", "Switzerland", "Azerbaijan", "Morocco", "Sweden", "Italy", "Russian Federation", "Argentina", "Venezuela, Bolivarian Republic of", "Ukraine", "Kenya", "Taiwan", "Belgium", "Indonesia", "Kyrgyzstan", "Romania", "Israel", "Serbia", "United Arab Emirates", "Korea, Republic of" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 998, "IPv6": 2 }, "indicator_count": 1000, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "20 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "6a0154438a63447c4bb90ce3", "name": "DugganUSA Threat Intel 2026-05-11 #1", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-11T04:00:03.634000", "created": "2026-05-11T04:00:03.634000", "tags": [ "dugganusa", "threat-intel", "country-us", "country-cn", "ip-only" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Hong Kong", "Singapore", "Pakistan", "India", "Bangladesh", "United States of America", "Mongolia", "United Kingdom of Great Britain and Northern Ireland", "Finland", "Poland", "Japan", "Mexico", "Viet Nam", "Brazil", "Germany", "Australia", "South Africa", "Lithuania", "Netherlands", "Canada", "Austria", "France", "Ireland", "Switzerland", "Azerbaijan", "Morocco", "Sweden", "Italy", "Russian Federation", "Argentina", "Venezuela, Bolivarian Republic of", "Ukraine", "Kenya", "Taiwan", "Belgium", "Indonesia", "Kyrgyzstan", "Romania", "Israel", "Serbia", "United Arab Emirates", "Korea, Republic of" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 998, "IPv6": 2 }, "indicator_count": 1000, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "20 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69f7fe25391f82b9e6e8fdff", "name": "TSEC Honeypot: General Activity - Week of 2026-05-04", "description": "Honeypot-observed general activity activity for the week of 2026-05-04. Contains 4 indicators (4 IPv4). Data sourced from TSEC T-Pot honeypot network.", "modified": "2026-05-10T23:36:59.802000", "created": "2026-05-04T02:02:13.367000", "tags": [ "honeypot", "threat-intelligence", "tpot" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ladarrellmiller", "id": "111524", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 498 }, "indicator_count": 498, "is_author": false, "is_subscribing": null, "subscriber_count": 433, "modified_text": "20 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "6a003fd2ecb0c62611b91ac2", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-09", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-10T08:20:34.106000", "created": "2026-05-10T08:20:34.106000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-09/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 345 }, "indicator_count": 345, "is_author": false, "is_subscribing": null, "subscriber_count": 1532, "modified_text": "21 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69d875c7832c16adac2f6c0c", "name": "DugganUSA Threat Intel 2026-04-10 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-10T04:12:46.896000", "created": "2026-04-10T04:00:07.645000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "India", "Poland", "Japan", "Canada", "Germany", "Jordan", "Netherlands", "France", "Kyrgyzstan", "China", "Switzerland", "Brazil", "Australia", "Hong Kong", "Romania", "United Kingdom of Great Britain and Northern Ireland", "Belgium", "Russian Federation", "Serbia", "United Arab Emirates", "Korea, Republic of", "Singapore", "Indonesia", "Lithuania", "Iceland", "T\u00fcrkiye", "Sweden", "Mexico", "Norway", "Italy", "Israel", "Spain", "Ireland", "Denmark" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6a0002c979fedddc0cd4e0a2", "name": "DugganUSA Threat Intel 2026-05-10 #2", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-10T04:00:09.655000", "created": "2026-05-10T04:00:09.655000", "tags": [ "dugganusa", "threat-intel", "country-sg", "country-us", "mixed-ip-domain" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Russian Federation", "Serbia", "United Arab Emirates", "Korea, Republic of", "Canada", "India", "Hong Kong", "Singapore", "Germany", "China", "Brazil", "Japan", "Iceland", "Poland", "Netherlands", "Andorra", "Sweden", "Mexico", "United Kingdom of Great Britain and Northern Ireland", "Australia", "Norway", "Switzerland", "Italy", "Saudi Arabia", "Ireland", "Romania", "Israel", "Spain", "Uzbekistan", "Denmark", "Finland", "Lithuania", "Liechtenstein", "France", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 779, "domain": 18, "hostname": 45 }, "indicator_count": 842, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "21 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69d7244a5236345da33deda5", "name": "DugganUSA Threat Intel 2026-04-09 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-09T04:55:45.131000", "created": "2026-04-09T04:00:10.418000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Australia", "Hong Kong", "China", "Romania", "Netherlands", "Belgium", "United Kingdom of Great Britain and Northern Ireland", "Japan", "Russian Federation", "Serbia", "United Arab Emirates", "Korea, Republic of", "Canada", "India", "Singapore", "Germany", "Brazil", "Indonesia", "Iceland", "Poland", "France", "Sweden", "Mexico", "Norway", "Italy", "Israel", "Spain", "Ireland", "Denmark", "Lithuania", "Liechtenstein" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 42, "domain": 17 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69feb1459724a0548607f983", "name": "DugganUSA Threat Intel 2026-05-09 #1", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-09T04:00:05.419000", "created": "2026-05-09T04:00:05.419000", "tags": [ "dugganusa", "threat-intel", "country-us", "country-cn", "ip-only" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Hong Kong", "Singapore", "Pakistan", "United States of America", "India", "Bangladesh", "Mongolia", "United Kingdom of Great Britain and Northern Ireland", "Poland", "Japan", "Viet Nam", "Mexico", "Brazil", "Finland", "Sweden", "Germany", "Australia", "South Africa", "Netherlands", "Canada", "Austria", "Korea, Republic of", "France", "Ireland", "Switzerland", "Morocco", "New Zealand", "Russian Federation", "Argentina", "Venezuela, Bolivarian Republic of", "Ukraine", "Lithuania", "Kenya", "Taiwan", "Belgium", "Kyrgyzstan", "Romania", "Serbia", "United Arab Emirates" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 997, "IPv6": 3 }, "indicator_count": 1000, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "22 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69feae531592b3944394d4b1", "name": "jan 2 25 clone Auto-generated Pulse CREATED 1 YEAR AGO MODIFIED 1 YEAR AGO by AlessandroFiori", "description": "", "modified": "2026-05-09T03:50:22.289000", "created": "2026-05-09T03:47:31.568000", "tags": [ "auto-generated security" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "6776d3a8bad5e5591b90c296", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 148318, "hostname": 358, "URL": 1, "FileHash-SHA256": 20 }, "indicator_count": 148697, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "22 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 } ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-29/", "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-26/", "https://jamesbrine.com.au", "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-28/", "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-09/", "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-27/", "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-30/", "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-04-18/", "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-13/", "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-04-19/", "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-12/", "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-10/", "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-04-27/", "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-11/", "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-22/", "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-18/", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-04-14/", "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-14/", "https://www.abuseipdb.com", "https://www.dugganusa.com", "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-04-25/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [], "validation": [ { "source": "cloud", "message": "In cloud provider range: provider=azure", "name": "Cloud Provider IP range" } ], "asn": "AS8075 microsoft corporation", "city_data": true, "city": "Boydton", "region": "VA", "continent_code": "NA", "country_code3": "USA", "country_code2": "US", "subdivision": "VA", "latitude": 36.6534, "postal_code": "23917", "longitude": -78.375, "accuracy_radius": 1000, "country_code": "US", "country_name": "United States of America", "dma_code": 560, "charset": 0, "area_code": 0, "flag_url": "/assets/images/flags/us.png", "flag_title": "United States of America", "sections": [ "general", "geo", "reputation", "url_list", "passive_dns", "malware", "nids_list", "http_scans" ] }, "geo": { "asn": "AS8075 microsoft corporation", "city_data": true, "city": "Boydton", "region": "VA", "continent_code": "NA", "country_code3": "USA", "country_code2": "US", "subdivision": "VA", "latitude": 36.6534, "postal_code": "23917", "longitude": -78.375, "accuracy_radius": 1000, "country_code": "US", "country_name": "United States of America", "dma_code": 560, "charset": 0, "area_code": 0, "flag_url": "/assets/images/flags/us.png", "flag_title": "United States of America" }, "geo_ipapicom": { "country": "United States", "country_code": "US", "region": "Virginia", "city": "Boydton", "zip": "23917", "latitude": 36.677696, "longitude": -78.37471, "timezone": "America/New_York", "isp": "Microsoft Corporation", "org": "Microsoft Azure Cloud (eastus2)", "asn": "AS8075 Microsoft Corporation", "asn_name": "MICROSOFT-CORP-MSN-AS-BLOCK", "is_proxy": false, "is_hosting": true, "source": "ip-api.com" }, "pulse_count": 50, "pulses": [ { "id": "6a1bef48177a946e63e4e905", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-30", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-31T08:20:24.246000", "created": "2026-05-31T08:20:24.246000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-30/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 274 }, "indicator_count": 274, "is_author": false, "is_subscribing": null, "subscriber_count": 1530, "modified_text": "13 hours ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69f42544e921b701eb2e4e9b", "name": "DugganUSA Threat Intel 2026-05-01 #1", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-31T05:19:13.706000", "created": "2026-05-01T04:00:04.285000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Hong Kong", "Singapore", "United States of America", "India", "Bangladesh", "Malaysia", "Poland", "Japan", "Mexico", "Brazil", "Finland", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Australia", "South Africa", "Canada", "Netherlands", "France", "Ireland", "Switzerland", "Morocco", "Sweden", "New Zealand", "Italy", "Russian Federation", "Argentina", "Lebanon", "Norway", "Venezuela, Bolivarian Republic of", "Ukraine", "Lithuania", "Latvia", "Kenya", "Taiwan", "Belgium", "Indonesia", "Kyrgyzstan", "Romania", "Korea, Republic of", "Serbia", "United Arab Emirates" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "16 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6a1a9dd92ac1ac6a38d285d4", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-29", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-30T08:20:41.412000", "created": "2026-05-30T08:20:41.412000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-29/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 319 }, "indicator_count": 319, "is_author": false, "is_subscribing": null, "subscriber_count": 1531, "modified_text": "1 day ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69f2d3c60a0790c6170037d9", "name": "DugganUSA Threat Intel 2026-04-30 #1", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-30T04:04:00.214000", "created": "2026-04-30T04:00:06.154000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Hong Kong", "Singapore", "Bangladesh", "United States of America", "India", "Malaysia", "Poland", "Japan", "Mexico", "Brazil", "Finland", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Australia", "South Africa", "Canada", "Netherlands", "France", "Ireland", "Switzerland", "Morocco", "Sweden", "New Zealand", "Russian Federation", "Argentina", "Norway", "Venezuela, Bolivarian Republic of", "Ukraine", "Lithuania", "Kenya", "Taiwan", "Belgium", "Kyrgyzstan", "Romania", "Serbia", "United Arab Emirates", "Korea, Republic of", "Iceland" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 192, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6a194c5d8591f193c3fd4d91", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-28", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-29T08:20:45.308000", "created": "2026-05-29T08:20:45.308000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-28/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 300 }, "indicator_count": 300, "is_author": false, "is_subscribing": null, "subscriber_count": 1530, "modified_text": "2 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69f18247f87709be6de3fd56", "name": "DugganUSA Threat Intel 2026-04-29 #1", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-29T04:00:47.823000", "created": "2026-04-29T04:00:07.365000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "China", "Hong Kong", "Singapore", "United States of America", "India", "Bangladesh", "Poland", "Japan", "Mexico", "Brazil", "Finland", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Australia", "South Africa", "Canada", "Netherlands", "France", "Ireland", "Switzerland", "Morocco", "Sweden", "New Zealand", "Italy", "Russian Federation", "Argentina", "Norway", "Venezuela, Bolivarian Republic of", "Ukraine", "Lithuania", "Kenya", "Taiwan", "Belgium", "Kyrgyzstan", "Romania", "Malaysia", "Serbia", "United Arab Emirates", "Korea, Republic of" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "2 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69f06e445dd7932ccefb9058", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-04-27", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-28T08:26:05.301000", "created": "2026-04-28T08:22:28.828000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-04-27/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 1532, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6a17fada2a7449eda905305e", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-27", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-28T08:20:42.796000", "created": "2026-05-28T08:20:42.796000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-27/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 471 }, "indicator_count": 471, "is_author": false, "is_subscribing": null, "subscriber_count": 1531, "modified_text": "3 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69f030cafe5566b4669264e3", "name": "DugganUSA Threat Intel 2026-04-28 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-28T04:06:43.668000", "created": "2026-04-28T04:00:10.514000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Singapore", "Korea, Republic of", "Germany", "Hong Kong", "Brazil", "Japan", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Russian Federation", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Israel", "Spain", "Malaysia", "United Kingdom of Great Britain and Northern Ireland", "Denmark", "Lithuania", "Liechtenstein", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 18, "hostname": 38 }, "indicator_count": 56, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6a16a95c168b6f9eb233255a", "name": "Cloudflare Honeypot Web Attack Hosts for 2026-05-26", "description": "IPv4 hosts detected performing web attacks against Cloudflare honeypot edge", "modified": "2026-05-27T08:20:44.275000", "created": "2026-05-27T08:20:44.275000", "tags": [ "cloudflare", "web", "honeypot" ], "references": [ "https://jamesbrine.com.au/cfglobal-web-ip-list-2026-05-26/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 283 }, "indicator_count": 283, "is_author": false, "is_subscribing": null, "subscriber_count": 1531, "modified_text": "4 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "40.77.167.151", "type": "IPv4" }, "abuseipdb": { "error": "AbuseIPDB daily limit reached (1,000/day).", "indicator": "40.77.167.151" }, "urlhaus": { "indicator": "40.77.167.151", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780265639.5905032 }