threat-feeds/unknown_threats.json at main · Tempest-Solutions-Company/threat-feeds · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
{
  "metadata": {
    "category": "Unknown",
    "generated": "2026-01-26T11:26:17.793411+00:00",
    "source": "Ethical Threat Feeds by Devs, for Devs",
    "total_threats": 8,
    "expiry_days": 30,
    "format_version": "1.0"
  },
  "threats": [
    {
      "ip": "45.192.10.196",
      "first_seen": "2025-12-27T23:44:04.214000+00:00",
      "last_seen": "2025-12-27T23:44:04.214000+00:00",
      "count": 1,
      "severity": "low",
      "signature": "ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt",
      "protocol": "TCP",
      "country": "TW"
    },
    {
      "ip": "87.251.78.58",
      "first_seen": "2025-12-29T17:47:01.064000+00:00",
      "last_seen": "2025-12-29T17:47:01.064000+00:00",
      "count": 1,
      "severity": "low",
      "signature": "GPL SMTP vrfy root",
      "protocol": "TCP",
      "country": "RU"
    },
    {
      "ip": "87.251.78.129",
      "first_seen": "2025-12-27T15:12:48.151000+00:00",
      "last_seen": "2025-12-27T22:20:12.132000+00:00",
      "count": 2,
      "severity": "low",
      "signature": "GPL SMTP vrfy root",
      "protocol": "TCP",
      "country": "RU"
    },
    {
      "ip": "118.26.111.61",
      "first_seen": "2025-12-30T17:04:09.012000+00:00",
      "last_seen": "2025-12-30T17:04:09.012000+00:00",
      "count": 1,
      "severity": "low",
      "signature": "ET EXPLOIT Apache HTTP Server 2.4.49 - Path Traversal Attempt (CVE-2021-41773) M2",
      "protocol": "TCP",
      "country": "SG"
    },
    {
      "ip": "141.255.164.26",
      "first_seen": "2025-12-29T02:38:00.364000+00:00",
      "last_seen": "2025-12-29T02:38:00.364000+00:00",
      "count": 1,
      "severity": "low",
      "signature": "ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt",
      "protocol": "TCP",
      "country": "CH"
    },
    {
      "ip": "193.142.147.57",
      "first_seen": "2025-12-28T21:00:51.713000+00:00",
      "last_seen": "2025-12-28T21:00:51.713000+00:00",
      "count": 1,
      "severity": "low",
      "signature": "ET WEB_SERVER Wordpress Login Bruteforcing Detected",
      "protocol": "TCP",
      "country": "NL"
    },
    {
      "ip": "213.176.117.85",
      "first_seen": "2025-12-31T18:37:42.603000+00:00",
      "last_seen": "2025-12-31T18:37:42.603000+00:00",
      "count": 1,
      "severity": "low",
      "signature": "ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt",
      "protocol": "TCP",
      "country": "SE"
    },
    {
      "ip": "216.250.254.36",
      "first_seen": "2025-12-27T14:58:29.110000+00:00",
      "last_seen": "2025-12-27T14:58:29.110000+00:00",
      "count": 1,
      "severity": "low",
      "signature": "ET WEB_SERVER Wordpress Login Bruteforcing Detected",
      "protocol": "TCP",
      "country": "US"
    }
  ]
}