{ "type": "IPv4", "indicator": "98.80.4.95", "general": { "whois": "http://whois.domaintools.com/98.80.4.95", "reputation": 0, "indicator": "98.80.4.95", "type": "IPv4", "type_title": "IPv4", "base_indicator": { "id": 3992766934, "indicator": "98.80.4.95", "type": "IPv4", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 16, "pulses": [ { "id": "69cc672eba03f3b7260a59d6", "name": "Honeypot Data \u2013 T-Pot - Sydney, Australia - April 2026", "description": "Rolling monthly view for April 2026 of indicators observed by T-Pot CE honeypots. Each run looks back the last 24h and appends newly seen indicators for this month. Signals are deduped and filtered (min event count threshold; private IPs excluded). Intended for defensive use; infrastructure may be compromised or spoofed. Sensor: T-Pot CE. Location: Sydney, Australia.", "modified": "2026-04-26T15:30:29.864000", "created": "2026-04-01T00:30:38.310000", "tags": [ "tpot", "honeypot", "sensor-tagged", "cowrie", "suricata", "dionaea", "honeytrap", "p0f", "fatt", "mailoney", "tanner", "sentrypeer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3613, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "conrat45", "id": "280429", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_280429/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 116574, "IPv6": 3682, "URL": 24, "FileHash-SHA256": 105 }, "indicator_count": 120385, "is_author": false, "is_subscribing": null, "subscriber_count": 104, "modified_text": "48 minutes ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69a388a0684b0ef823ae2c31", "name": "Honeypot Data \u2013 T-Pot - Sydney, Australia - March 2026", "description": "Rolling monthly view for March 2026 of indicators observed by T-Pot CE honeypots. Each run looks back the last 24h and appends newly seen indicators for this month. Signals are deduped and filtered (min event count threshold; private IPs excluded). Intended for defensive use; infrastructure may be compromised or spoofed. Sensor: T-Pot CE. Location: Sydney, Australia.", "modified": "2026-04-26T07:38:55.982000", "created": "2026-03-01T00:30:24.496000", "tags": [ "tpot", "honeypot", "sensor-tagged", "cowrie", "suricata", "dionaea", "honeytrap", "p0f", "fatt", "mailoney", "tanner", "sentrypeer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8237, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "conrat45", "id": "280429", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_280429/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 101, "IPv4": 93956, "IPv6": 796, "URL": 7 }, "indicator_count": 94860, "is_author": false, "is_subscribing": null, "subscriber_count": 113, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "5a64f74f0e543738c12bc973", "name": "Webscanners with Bad Requests - HTTP Status 400 - 1/20/2018 thru current day", "description": "Webscanners who's requests resulted in HTTP Status code 400 due to WAF rules or LB parsing issues", "modified": "2026-04-25T20:40:19.615000", "created": "2018-01-21T20:25:51.668000", "tags": [ "webscanner", "bruteforce", "badrequest", "probing", "webscan" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 385756, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "david3", "id": "2807", "avatar_url": "/otxapi/users/avatar_image/media/avatars/david3/resized/80/fireball-dwf.jpg", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 11243 }, "indicator_count": 11243, "is_author": false, "is_subscribing": null, "subscriber_count": 2578, "modified_text": "19 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69ec7984d8647f8b95ba9810", "name": "Vultr Melbourne (Australia) Port Scanning Hosts for 2026-04-24", "description": "IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot", "modified": "2026-04-25T08:21:24.496000", "created": "2026-04-25T08:21:24.496000", "tags": [ "vultr", "portscan", "scanners", "honeypot" ], "references": [ "https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-24/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 4278 }, "indicator_count": 4278, "is_author": false, "is_subscribing": null, "subscriber_count": 1528, "modified_text": "1 day ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69b3fd54be9ac43b3a3489de", "name": "Honeypot Data - March 2026 - Honeytrap", "description": "Data collected from honeypots in Louisiana. Just a fun project I tinker with.. data submitted with some gnarly python scripts for automation.", "modified": "2026-04-15T18:13:51.604000", "created": "2026-03-13T12:04:36.646000", "tags": [ "LAMP", "malicious", "honeytrap" ], "references": [ "https://github.com/telekom-security/tpotce" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ladarrellmiller", "id": "111524", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 425, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69b429ead977202bdcca23ba", "name": "LCIA HoneyNet Data - March 2026 - Honeytrap", "description": "Data collected from honeypots in Louisiana. Just a fun project I tinker with.. data submitted with some gnarly python scripts for automation.", "modified": "2026-04-15T18:13:51.604000", "created": "2026-03-13T15:14:50.806000", "tags": [ "malicious", "sftp", "honeytrap", "cowrie", "ssh", "LAMP" ], "references": [ "https://github.com/telekom-security/tpotce" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dm_lacia", "id": "132921", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 351, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69a38187d2667ce2ccfa69ef", "name": "LCIA HoneyNet Data - March 2026 - Honeytrap", "description": "Data collected from honeypots in Louisiana. Just a fun project I tinker with.. data submitted with some gnarly python scripts for automation.", "modified": "2026-04-12T10:05:21.243000", "created": "2026-03-01T00:00:07.252000", "tags": [ "ssh", "LAMP", "malicious", "dionaea", "sftp", "cowrie", "honeytrap" ], "references": [ "https://github.com/telekom-security/tpotce" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dm_lacia", "id": "132921", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 353, "modified_text": "14 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69a38187c38abb2021aa1292", "name": "Honeypot Data - March 2026 - Honeytrap", "description": "Data collected from honeypots in Louisiana. Just a fun project I tinker with.. data submitted with some gnarly python scripts for automation.", "modified": "2026-04-11T21:26:07.659000", "created": "2026-03-01T00:00:07.747000", "tags": [ "honeytrap", "LAMP", "malicious", "sftp", "ssh", "cowrie", "dionaea" ], "references": [ "https://github.com/telekom-security/tpotce" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ladarrellmiller", "id": "111524", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 427, "modified_text": "14 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69a7eb90b1c2ea37c8c16282", "name": "DigitalOcean Singapore FTP Bruteforce Hosts for 2026-03-03", "description": "IPv4 hosts detected attempting to brute force FTP on DigitalOcean Singapore honeypot", "modified": "2026-04-03T08:24:06.638000", "created": "2026-03-04T08:21:36.699000", "tags": [ "digital ocean", "ftp", "bruteforce", "honeypot" ], "references": [ "https://jamesbrine.com.au/digitaloceansingapore-ftp-bruteforce-ip-list-2026-03-03/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 1528, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69a7eba07abf0296b7c49589", "name": "DigitalOcean Singapore Port Scanning Hosts for 2026-03-03", "description": "IPv4 hosts detected port scanning DigitalOcean Singapore honeypot", "modified": "2026-04-03T08:24:06.638000", "created": "2026-03-04T08:21:52.120000", "tags": [ "digital ocean", "portscan", "scanners", "honeypot" ], "references": [ "https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-03/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 1528, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6955c00fc71c3eed5b3fa565", "name": "Honeypot Data \u2013 T-Pot - Sydney, Australia - January 2026", "description": "Rolling monthly view for January 2026 of indicators observed by T-Pot CE honeypots. Each run looks back the last 24h and appends newly seen indicators for this month. Signals are deduped and filtered (min event count threshold; private IPs excluded). Intended for defensive use; infrastructure may be compromised or spoofed. Sensor: T-Pot CE. Location: Sydney, Australia.", "modified": "2026-03-04T23:32:54.841000", "created": "2026-01-01T00:30:07.585000", "tags": [ "tpot", "honeypot", "sensor-tagged", "cowrie", "suricata", "dionaea", "honeytrap", "p0f", "fatt", "mailoney", "tanner", "sentrypeer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15157, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "conrat45", "id": "280429", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_280429/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 46, "FileHash-SHA256": 299 }, "indicator_count": 345, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "52 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "692cda84845f2ef97b4c3955", "name": "LCIA HoneyNet Data - December 2025 - Honeytrap", "description": "Data collected from honeypots in Louisiana. Just a fun project I tinker with.. data submitted with some gnarly python scripts for automation.", "modified": "2026-01-30T23:05:00.056000", "created": "2025-12-01T00:00:04.478000", "tags": [ "LAMP", "sftp", "malicious", "cowrie", "honeytrap", "ssh" ], "references": [ "https://github.com/telekom-security/tpotce" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dm_lacia", "id": "132921", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 359, "modified_text": "85 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69428baa34e26652c938ef2a", "name": "Honeypot Data \u2013 T-Pot - Sydney, Australia - December 2025", "description": "Rolling monthly view for December 2025 of indicators observed by T-Pot CE honeypots. Each run looks back the last 1h and appends newly seen indicators for this month. Signals are deduped and filtered (min event count threshold; private IPs excluded). Intended for defensive use; infrastructure may be compromised or spoofed. Sensor: T-Pot CE. Location: Sydney, Australia.", "modified": "2026-01-30T23:05:00.056000", "created": "2025-12-17T10:53:30.791000", "tags": [ "tpot", "honeypot", "sensor-tagged", "cowrie", "suricata", "dionaea", "honeytrap", "p0f", "fatt", "mailoney", "tanner", "sentrypeer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 34706, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "conrat45", "id": "280429", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_280429/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 750, "FileHash-SHA256": 181 }, "indicator_count": 931, "is_author": false, "is_subscribing": null, "subscriber_count": 100, "modified_text": "85 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69054d860c50fd52320dcc8a", "name": "LCIA HoneyNet Data - November 2025 - Honeytrap", "description": "Data collected from honeypots in Louisiana. Just a fun project I tinker with.. data submitted with some gnarly python scripts for automation.", "modified": "2025-12-30T01:05:22.673000", "created": "2025-11-01T00:00:06.195000", "tags": [ "cowrie", "LAMP", "honeytrap", "malicious", "sftp", "ssh" ], "references": [ "https://github.com/telekom-security/tpotce" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dm_lacia", "id": "132921", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 359, "modified_text": "117 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "686325055c0d5e89c0320c31", "name": "LCIA HoneyNet Data - July 2025 - Honeytrap", "description": "Data collected from honeypots in Louisiana. Just a fun project I tinker with.. data submitted with some gnarly python scripts for automation.", "modified": "2025-08-30T23:05:39.500000", "created": "2025-07-01T00:00:05.610000", "tags": [ "malicious", "dionaea", "heralding", "LAMP", "honeytrap" ], "references": [ "https://github.com/telekom-security/tpotce" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dm_lacia", "id": "132921", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 360, "modified_text": "238 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "6776d3a8bad5e5591b90c296", "name": "Auto-generated Pulse", "description": "46.166.184.104 = goog.pl", "modified": "2025-02-01T17:05:58.066000", "created": "2025-01-02T17:58:00.076000", "tags": [ "auto-generated security" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 48, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlessandroFiori", "id": "91912", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 148318, "hostname": 357 }, "indicator_count": 148675, "is_author": false, "is_subscribing": null, "subscriber_count": 455, "modified_text": "448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 } ], "references": [ "https://jamesbrine.com.au/digitaloceansingapore-ftp-bruteforce-ip-list-2026-03-03/", "https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-24/", "https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-03/", "https://github.com/telekom-security/tpotce", "https://jamesbrine.com.au" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [], "validation": [], "asn": "ASNone ", "city_data": true, "city": null, "region": null, "continent_code": "NA", "country_code3": "USA", "country_code2": "US", "subdivision": null, "latitude": 37.751, "postal_code": null, "longitude": -97.822, "accuracy_radius": 1000, "country_code": "US", "country_name": "United States of America", "dma_code": 0, "charset": 0, "area_code": 0, "flag_url": "/assets/images/flags/us.png", "flag_title": "United States of America", "sections": [ "general", "geo", "reputation", "url_list", "passive_dns", "malware", "nids_list", "http_scans" ] }, "geo": { "asn": "ASNone ", "city_data": true, "city": null, "region": null, "continent_code": "NA", "country_code3": "USA", "country_code2": "US", "subdivision": null, "latitude": 37.751, "postal_code": null, "longitude": -97.822, "accuracy_radius": 1000, "country_code": "US", "country_name": "United States of America", "dma_code": 0, "charset": 0, "area_code": 0, "flag_url": "/assets/images/flags/us.png", "flag_title": "United States of America" }, "geo_ipapicom": { "country": "United States", "country_code": "US", "region": "Virginia", "city": "Ashburn", "zip": "20149", "latitude": 39.0438, "longitude": -77.4874, "timezone": "America/New_York", "isp": "Amazon.com, Inc.", "org": "AWS EC2 (us-east-1)", "asn": "AS14618 Amazon.com, Inc.", "asn_name": "AMAZON-AES", "is_proxy": false, "is_hosting": true, "source": "ip-api.com" }, "pulse_count": 16, "pulses": [ { "id": "69cc672eba03f3b7260a59d6", "name": "Honeypot Data \u2013 T-Pot - Sydney, Australia - April 2026", "description": "Rolling monthly view for April 2026 of indicators observed by T-Pot CE honeypots. Each run looks back the last 24h and appends newly seen indicators for this month. Signals are deduped and filtered (min event count threshold; private IPs excluded). Intended for defensive use; infrastructure may be compromised or spoofed. Sensor: T-Pot CE. Location: Sydney, Australia.", "modified": "2026-04-26T15:30:29.864000", "created": "2026-04-01T00:30:38.310000", "tags": [ "tpot", "honeypot", "sensor-tagged", "cowrie", "suricata", "dionaea", "honeytrap", "p0f", "fatt", "mailoney", "tanner", "sentrypeer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3613, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "conrat45", "id": "280429", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_280429/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 116574, "IPv6": 3682, "URL": 24, "FileHash-SHA256": 105 }, "indicator_count": 120385, "is_author": false, "is_subscribing": null, "subscriber_count": 104, "modified_text": "48 minutes ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69a388a0684b0ef823ae2c31", "name": "Honeypot Data \u2013 T-Pot - Sydney, Australia - March 2026", "description": "Rolling monthly view for March 2026 of indicators observed by T-Pot CE honeypots. Each run looks back the last 24h and appends newly seen indicators for this month. Signals are deduped and filtered (min event count threshold; private IPs excluded). Intended for defensive use; infrastructure may be compromised or spoofed. Sensor: T-Pot CE. Location: Sydney, Australia.", "modified": "2026-04-26T07:38:55.982000", "created": "2026-03-01T00:30:24.496000", "tags": [ "tpot", "honeypot", "sensor-tagged", "cowrie", "suricata", "dionaea", "honeytrap", "p0f", "fatt", "mailoney", "tanner", "sentrypeer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8237, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "conrat45", "id": "280429", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_280429/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 101, "IPv4": 93956, "IPv6": 796, "URL": 7 }, "indicator_count": 94860, "is_author": false, "is_subscribing": null, "subscriber_count": 113, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "5a64f74f0e543738c12bc973", "name": "Webscanners with Bad Requests - HTTP Status 400 - 1/20/2018 thru current day", "description": "Webscanners who's requests resulted in HTTP Status code 400 due to WAF rules or LB parsing issues", "modified": "2026-04-25T20:40:19.615000", "created": "2018-01-21T20:25:51.668000", "tags": [ "webscanner", "bruteforce", "badrequest", "probing", "webscan" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 385756, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "david3", "id": "2807", "avatar_url": "/otxapi/users/avatar_image/media/avatars/david3/resized/80/fireball-dwf.jpg", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 11243 }, "indicator_count": 11243, "is_author": false, "is_subscribing": null, "subscriber_count": 2578, "modified_text": "19 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69ec7984d8647f8b95ba9810", "name": "Vultr Melbourne (Australia) Port Scanning Hosts for 2026-04-24", "description": "IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot", "modified": "2026-04-25T08:21:24.496000", "created": "2026-04-25T08:21:24.496000", "tags": [ "vultr", "portscan", "scanners", "honeypot" ], "references": [ "https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-24/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 4278 }, "indicator_count": 4278, "is_author": false, "is_subscribing": null, "subscriber_count": 1528, "modified_text": "1 day ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 1 }, { "id": "69b3fd54be9ac43b3a3489de", "name": "Honeypot Data - March 2026 - Honeytrap", "description": "Data collected from honeypots in Louisiana. Just a fun project I tinker with.. data submitted with some gnarly python scripts for automation.", "modified": "2026-04-15T18:13:51.604000", "created": "2026-03-13T12:04:36.646000", "tags": [ "LAMP", "malicious", "honeytrap" ], "references": [ "https://github.com/telekom-security/tpotce" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ladarrellmiller", "id": "111524", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 425, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69b429ead977202bdcca23ba", "name": "LCIA HoneyNet Data - March 2026 - Honeytrap", "description": "Data collected from honeypots in Louisiana. Just a fun project I tinker with.. data submitted with some gnarly python scripts for automation.", "modified": "2026-04-15T18:13:51.604000", "created": "2026-03-13T15:14:50.806000", "tags": [ "malicious", "sftp", "honeytrap", "cowrie", "ssh", "LAMP" ], "references": [ "https://github.com/telekom-security/tpotce" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dm_lacia", "id": "132921", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 351, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69a38187d2667ce2ccfa69ef", "name": "LCIA HoneyNet Data - March 2026 - Honeytrap", "description": "Data collected from honeypots in Louisiana. Just a fun project I tinker with.. data submitted with some gnarly python scripts for automation.", "modified": "2026-04-12T10:05:21.243000", "created": "2026-03-01T00:00:07.252000", "tags": [ "ssh", "LAMP", "malicious", "dionaea", "sftp", "cowrie", "honeytrap" ], "references": [ "https://github.com/telekom-security/tpotce" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dm_lacia", "id": "132921", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 353, "modified_text": "14 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69a38187c38abb2021aa1292", "name": "Honeypot Data - March 2026 - Honeytrap", "description": "Data collected from honeypots in Louisiana. Just a fun project I tinker with.. data submitted with some gnarly python scripts for automation.", "modified": "2026-04-11T21:26:07.659000", "created": "2026-03-01T00:00:07.747000", "tags": [ "honeytrap", "LAMP", "malicious", "sftp", "ssh", "cowrie", "dionaea" ], "references": [ "https://github.com/telekom-security/tpotce" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ladarrellmiller", "id": "111524", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 427, "modified_text": "14 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69a7eb90b1c2ea37c8c16282", "name": "DigitalOcean Singapore FTP Bruteforce Hosts for 2026-03-03", "description": "IPv4 hosts detected attempting to brute force FTP on DigitalOcean Singapore honeypot", "modified": "2026-04-03T08:24:06.638000", "created": "2026-03-04T08:21:36.699000", "tags": [ "digital ocean", "ftp", "bruteforce", "honeypot" ], "references": [ "https://jamesbrine.com.au/digitaloceansingapore-ftp-bruteforce-ip-list-2026-03-03/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 1528, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 }, { "id": "69a7eba07abf0296b7c49589", "name": "DigitalOcean Singapore Port Scanning Hosts for 2026-03-03", "description": "IPv4 hosts detected port scanning DigitalOcean Singapore honeypot", "modified": "2026-04-03T08:24:06.638000", "created": "2026-03-04T08:21:52.120000", "tags": [ "digital ocean", "portscan", "scanners", "honeypot" ], "references": [ "https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-03/", "https://jamesbrine.com.au" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jamesbrine", "id": "83487", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_83487/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 1528, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "IPv4", "related_indicator_is_active": 0 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "98.80.4.95", "type": "IPv4" }, "abuseipdb": { "indicator": "98.80.4.95", "abuse_score": 53, "verdict": "suspicious", "total_reports": 41, "distinct_users": 25, "last_reported": "2026-04-24T02:19:23+00:00", "country_code": "US", "country_name": "United States of America", "isp": "Amazon Data Services Northern Virginia", "domain": "amazon.com", "is_tor": false, "is_public": true, "is_whitelisted": false, "usage_type": "Data Center/Web Hosting/Transit", "recent_reports": [ { "date": "2026-04-24", "categories": [ "Port Scan", "Hacking" ], "comment": "Connection to port 830 with data transfer.\nData preview: SSH-2.0-paramiko_2.9.2", "reporter": "" }, { "date": "2026-04-23", "categories": [ "Port Scan", "Brute-Force", "SSH" ], "comment": "Reported from Nginx log analysis 16. Log: 98.80.4.95 - - [23/Apr/2026:xx:xx:xx 0200] \"GET / HTTP/1.1\" xxx xxx \"-\" \"Mozi", "reporter": "" }, { "date": "2026-04-21", "categories": [ "Web App Attack" ], "comment": "Bloqueada por Fail2Ban jail postscreen por intento de spam SMTP", "reporter": "" }, { "date": "2026-04-20", "categories": [ "Hacking", "Bad Web Bot" ], "comment": "Honeypot hit: HTTP/1.1 request on 8015\n\nGET /\nUser-Agent: Mozilla/5.0 (Windows NT 6.2;en-US) AppleWebKit/537.32.36 (KHTM", "reporter": "" }, { "date": "2026-04-14", "categories": [ "Web App Attack" ], "comment": "Bloqueada por Fail2Ban jail postscreen por intento de spam SMTP", "reporter": "" } ], "error": null }, "urlhaus": { "indicator": "98.80.4.95", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1777220382.14575 }