1.0.238.108	24	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr Web Attacks (IP=108,TH)
1.1.128.233	32	KF	None	2020-03-08 00:00:00	2020-06-06 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02063 (IP=233,US)
1.1.139.169	32	RW	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01858 (IP=169,TH)
1.1.148.187	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	Known Attacker Tool User Agent / BOT: Mirai Echobot Activity- TT# 310320-00004 (IP=187,TH)
1.1.174.4	24	CR	None	2020-04-04 00:00:00	2020-07-04 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=4,TH)
1.1.174.4	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SQL Injection (IP=4,TH)
1.1.174.4	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SQL Injection (IP=4,TH)
1.1.181.193	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=193,TH)
1.1.192.151	32	RW	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01868 (IP=151,TH)
1.1.197.180	24	BMP	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01871 (IP=180,TH)
1.1.217.251	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C01893 (IP=251,TH)
1.1.229.14	32	GM	None	2020-03-08 00:00:00	2020-06-08 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02074 (IP=14,US)
1.1.230.164	24	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=164,TH)
1.1.233.174	32	GM	None	2020-03-08 00:00:00	2020-06-08 00:00:00	None	Known Attack Tool User Agent - TT# 20C02071 (IP=174,US)
1.1.236.94	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=94,TH)
1.1.245.254	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=254,TH)
1.10.160.255	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=255,TH)
1.161.114.218	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=218,TW)
1.161.119.142	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=142,TW)
1.162.144.20	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=20,TW)
1.163.106.75	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=75,TW)
1.163.35.119	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=119,TW)
1.164.53.99	24	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=99 TW)
1.164.60.185	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=185,TW)
1.164.62.252	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=252,TW)
1.164.64.116	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=116,TW)
1.164.65.251	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=251,Taiwan)
1.164.70.33	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=33,TW)
1.165.175.166	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=166,TW)
1.165.179.135	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=135,TW)
1.165.30.76	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=76,TW)
1.165.51.25	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=25,TW)
1.165.98.204	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=204,TW)
1.168.15.158	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=158,TW)
1.169.194.193	24	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=193,TW)
1.169.206.57	32	KF	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01656 (IP=57,US)
1.169.22.152	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Command Injection Attempt (IP=152,TW)
1.170.2.4	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=4,TW)
1.170.246.10	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=10,TW)
1.170.35.229	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=229,TW)
1.170.88.106	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=106,TW)
1.174.129.48	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=48,TW)
1.174.76.177	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=177,TW)
1.174.98.189	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	APP-DETECT failed FTP login attempt - Web Attacks (IP=189,TW)
1.175.166.143	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=143,TW)
1.175.174.201	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=201,TW)
1.175.253.244	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=244,TW)
1.175.80.172	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=172,TW)
1.179.155.140	24	RW	None	2019-10-25 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr web attacks (IP=140,TH)
1.179.199.114	24	RB	None	2020-04-08 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (IP=114,TH) | Not blocked because this is a signature for home routers.
1.179.206.201	24	GM	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	ABC Generic ArcSight scan attempt (IP=201,TH)
1.179.209.69	24	RW	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=69,TH)
1.179.234.4	24	RB	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed_6 hr Failed Logons_CPC (IP=4,TH)
1.180.133.42	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password for invalid user - Failed Logons (IP=42,CN)
1.186.218.130	24	ABC	None	2019-10-06 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=130,IN) | updated by KF with reason Immediate Inbound Network Block - TT# 20C00942 (IP=130,US)
1.186.220.245	24	RW	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=245,IN)
1.186.45.250	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=250,IN)
1.186.57.146	24	DT	None	2020-04-20 00:00:00	2020-07-19 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=146,IN)
1.190.132.219	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=219,CN)
1.193.108.90	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	Illegal User - Failed Logons (IP=90,CN)
1.194.237.216	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=216,CN)
1.196.223.50	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user - Failed Logons (IP=50,CN)
1.2.134.166	32	RW	None	2020-03-09 00:00:00	2020-04-09 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02097 (IP=166,TH)
1.2.186.101	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=101,TH)
1.2.228.237	32	KF	None	2020-03-07 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02049 (IP=237,US)
1.2.230.102	32	RW	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01859 (IP=102,TH)
1.20.85.24	24	RW	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=24,TH)
1.20.91.53	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=53,TH)
1.202.113.200	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=200,CN)
1.202.128.68	24	RB	None	2018-05-12 05:00:00	2020-02-10 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=68 CN) | updated by GM with reason ABC Generic ArcSight scan attempt (IP=68,CN)
1.202.192.28	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=28,CN)
1.203.115.140	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=140,CN)
1.203.161.58	24	RB	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt_6 hr web attacks (IP=58,CN)
1.213.195.154	24	RR	None	2019-01-14 06:00:00	2020-02-04 00:00:00	None	Illegal user (IP=154,KR) | updated by RR with reason Invalid user - Failed Logons (IP=154,KR)
1.214.219.196	24	GM	None	2018-10-09 05:00:00	2020-08-22 00:00:00	None	Trojan.Qadars (IP=196,KR)Â Â  | updated by dbc with reason KR TO-S-2019-0926 Malicious Reconnaissance Activity
1.214.241.18	24	GM	None	2019-11-12 00:00:00	2020-02-12 00:00:00	None	Invalid user - Failed Logons (IP=18,KR)
1.217.125.148	32	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	KR TO-S-2020-0077 Malicious Email Activity
1.22.123.161	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
1.22.148.6	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
1.22.150.198	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
1.22.50.73	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=73,IN)
1.22.52.140	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
1.220.185.149	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Illegal user - Failed Logons (IP=149,KR)
1.220.217.37	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0212.01 Malicious Web Application Activity
1.220.217.37	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	KR TO-S-2020-0206 Malicious Web Application Activity
1.222.168.3	24	KF	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=3,KR)
1.222.44.52	24	CR	None	2018-12-11 06:00:00	2020-01-12 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=52,KR) | updated by ABC with reason Command Injection Attempt (IP=52,KR)
1.226.48.101	24	KF	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Potential Muieblackcat - TT# 20C02525 (IP=101,KR)
1.227.107.143	24	BMP	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=143,KR)
1.23.210.89	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
1.23.226.89	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
1.23.230.44	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
1.23.75.157	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
1.23.77.179	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
1.231.158.206	24	RR	None	2020-02-04 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=206,KR) | updated by RR Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=206,KR)
1.232.54.76	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=76,KR)
1.232.77.181	24	RB	None	2019-05-05 00:00:00	2020-01-09 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=181,KR) | updated by GM with reason Authentication Failed - Failed Logons
1.234.70.26	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=26,KR)
1.234.83.158	24	BLP	None	2016-10-13 05:00:00	2020-04-26 00:00:00	None	illegal user (IP=158,KR) | updated by RR with reason ET POLICY Suspicious inbound to mySQL port 3306 (IP=170,KR) | 2017-12-
1.240.54.225	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0212.01 Malicious Web Application Activity
1.240.54.225	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	KR TO-S-2020-0206 Malicious Web Application Activity
1.240.99.160	24	RW	None	2020-05-31 00:00:00	2020-08-31 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=160,KR)
1.246.220.117	24	dbc	None	2014-11-03 06:00:00	2020-05-10 00:00:00	None	Potential SSH Scan (IP=117, KR) | updated by RR with reason POLICY-OTHER PHP uri tag injection attempt (IP=121,KR) | updated by dbc with reason KR TO-S-2019-0658 Malware Activity
1.246.222.138	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=138,KR)
1.246.222.36	24	wmp	None	2020-09-15 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3822 CTR-20-1140 Suspicious Scan Activity (IP=36,KR)
1.246.223.125	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=125,KR)
1.255.226.82	24	KF	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=82,KR)
1.27.161.211	24	RR	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=211,CN)
1.27.49.131	24	RR	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=131,CN)
1.30.140.8	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	UDP: Host Sweep - ARCSight Sauron (IP=8,CN)
1.31.17.86	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=86,CN)
1.31.28.78	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=78,CN)
1.32.43.150	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	Authentication Failed (IP=150,MY)
1.34.117.77	24	sjl	None	2014-03-03 06:00:00	2020-04-13 00:00:00	None	TCP Host Sweep (ip=77, TW) | updated by KF with reason Illegal user (IP=251,TW)
1.34.220.237	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=237,TW)
1.38.0.0	17	kmw	None	2019-02-04 00:00:00	2020-02-20 00:00:00	None	IN TO-S-2019-0382 Malware Activity | updated by dbc with reason IN TO-S-2019-0400 Malicious Email Activity | updated by dbc
1.38.64.222	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	IN TO-S-2019-0382 Malicious Email Activity
1.4.187.34	32	GM	None	2020-03-08 00:00:00	2020-06-08 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02070 (IP=34,US)
1.53.159.110	32	BMP	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	TO-S-2020-0847 / MobileIron Vulnerability Scan - TT# 20C04007 (IP=110,VN)
1.54.129.108	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=8,VN)
1.56.207.131	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=131,CN)
1.58.73.211	24	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	TCP: SYN Host Sweep (IP=211,CN)
1.58.8.165	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=165,CN)
1.6.138.243	24	RB	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=243,IN)
1.62.163.245	24	ABC	None	2019-10-07 00:00:00	2020-01-05 00:00:00	None	Generic ArcSight scan attempt (IP=245,CN)
1.65.167.251	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=251 HK)
1.69.5.86	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=86,CN)
1.81.14.14	24	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=14 CN)
1.82.192.128	24	RB	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_6 hr web attacks (IP=128 CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (
1.82.193.242	24	BMP	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=242,CN)
1.82.195.89	24	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=89,CN)
1.82.196.91	24	RB	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=91,CN)
1.82.197.233	24	GM	None	2020-06-23 00:00:00	2020-06-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=233,CN)
1.82.198.68	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=68,CN)
1.82.199.245	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=245,CN)
1.83.103.147	24	RR	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=147,CN)
1.83.125.77	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt - SourceFire (IP=77,CN)
1.86.210.204	24	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=204,CN)
10.12.81.66	32	KF	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=66,US)
100.1.160.202	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=202,US)
100.24.6.168	32	RW	None	2020-03-03 00:00:00	2020-06-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=168,US)
100.24.65.136	32	RW	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=136,US)
100.25.140.249	32	DT	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=249,US)
100.25.36.38	32	KF	None	2020-05-31 00:00:00	2020-08-29 00:00:00	None	MALWARE-CNC or BOTNET HIT: MALWARE-CNC known malicious SSL certificate - Odinaff C&C (IP=38,US)
100.25.46.78	32	CR	None	2020-06-12 00:00:00	2020-09-12 00:00:00	None	HTTP: PHP Include - PHP Includedir Include Code Execution - Web Attacks (IP=78,US)
100.26.197.57	32	GM	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	ABC Generic ArcSight scan attempt (IP=57,US)
100.26.201.179	32	BMP	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=179,US)
100.26.9.223	32	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	APP-DETECT failed FTP login attempt_Failed Logon (IP=23,US)
100.27.28.85	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=85,US)
100.27.29.95	32	RW	None	2020-03-03 00:00:00	2020-06-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=95,US)
100.33.144.84	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=84,US)
100.33.231.133	32	GM	None	2020-04-21 00:00:00	2020-07-21 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=133,US)
100.43.64.0	19	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	RU TO-S-2020-0056 Malicious Reconnaissance Activity
100.6.85.37	32	GM	None	2020-06-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=37,US)
101.0.109.54	24	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=54,AU)
101.0.119.165	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	AU TO-S-2019-0546 Malicious Email Activity
101.0.76.6	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	AU TO-S-2019-0571 Malicious Email Activity
101.100.185.41	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	SG TO-S-2020-0212.01 Malicious Web Application Activity
101.100.185.41	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	SG TO-S-2020-0206 Malicious Web Application Activity
101.100.192.0	18	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	SG TO-S-2019-0532 Malicious Email Activity
101.108.154.93	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=93,TW)
101.108.246.233	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=233,TH)
101.108.255.124	24	RW	None	2020-01-09 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=124,TH)
101.109.115.27	24	GM	None	2020-01-08 00:00:00	2020-04-08 00:00:00	None	Illegal user - Failed Logons (IP=27,TH)
101.109.127.197	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=197,TH)
101.109.230.32	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed_Failed Logon (IP=32,TH)
101.109.247.183	24	RB	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=183 TH)
101.109.250.118	32	BMP	None	2020-05-11 00:00:00	2020-08-09 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02709 (IP=118,TH)
101.109.250.75	32	RW	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02761 (IP=75,TH)
101.109.250.82	24	RR	None	2019-06-30 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=82,TH) | updated by RW with reason HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=96,TH)
101.109.83.140	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=140,TH)
101.110.45.156	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=156,JP)
101.124.22.10	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=10,CN)
101.128.239.102	32	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02240 (IP=102,JP)
101.132.126.100	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=100,CN)
101.132.156.237	24	RW	None	2020-08-01 00:00:00	2020-11-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=237,CN)
101.132.184.212	24	RB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=212,CN)
101.133.170.16	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=16,CN)
101.140.208.2	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	JP TO-S-2019-0864 Malware Activity
101.163.10.106	24	DT	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=106,AU)
101.166.168.102	24	CR	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 hrWeb Attacks (IP=102,AU)
101.167.168.137	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=137,AU)
101.181.113.139	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=139,AU)
101.181.196.10	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=10,AU)
101.181.36.224	32	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	Immediate Network Block TT# 20C01543 (IP=24,AU)
101.181.93.8	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=8,AU)
101.187.39.74	32	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Invalid user - Failed Logons (IP=74,AU )
101.190.65.91	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=91,AU)
101.200.232.103	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=103,CN)
101.200.38.105	24	RR	None	2017-07-12 05:00:00	2020-02-12 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt (IP=105,CN) | updated by RW with reason Generic ArcSight scan attempt (IP=68,CN)
101.200.41.150	24	RB	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Timeout before authentication for_6 hr Failed Logons (IP=150 CN)
101.200.52.56	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=56,CN)
101.204.227.166	24	RB	None	2019-06-25 00:00:00	2020-01-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=166,CN) | updated by RB with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=166,CN) | 2020-01-07 | 2019-09-23
101.204.240.36	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=36,CN)
101.206.72.167	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Failed password -Failed Logons (IP=167,CN)
101.207.113.73	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=73,CN)
101.207.134.63	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password_6 hr Failed Logons (IP=63,CN)
101.231.101.66	24	RW	None	2020-06-05 00:00:00	2020-09-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=66,CN)
101.231.133.165	24	BMP	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	HTTP: php.cgi Buffer Overflow - 6hr Web Attack (IP=165,CN)
101.231.133.165	32	RR	None	2020-07-25 00:00:00	2020-10-25 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 20C03558 (IP=165,CN)
101.231.141.170	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=170,CN)
101.231.201.50	24	RR	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Failed password - Failed Logons (IP=50,CN)
101.231.37.4	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=4,CN)
101.236.14.23	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=23,CN)
101.249.49.12	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=12,CN)
101.249.56.131	24	RR	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=131,CN)
101.249.59.231	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=231,CN)
101.249.63.135	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=135,CN)
101.254.159.140	24	RR	None	2020-04-28 00:00:00	2020-07-27 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=140,CN)
101.254.236.225	24	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=225,CN)
101.27.210.192	24	RR	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	UDP: Host Sweep - ARCSight Sauron (IP=192,CN)
101.27.213.209	24	ABC	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=209,CN)
101.36.138.88	24	KF	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	TCP: SYN Host Sweep (IP=88,CN)
101.36.164.177	24	DT	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=177,CN)
101.36.175.9	24	RR	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=9,CN)
101.36.177.159	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=59,CN)
101.36.178.202	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password (IP=202,CN)
101.36.178.31	24	BMP	None	2020-05-23 00:00:00	2020-08-21 00:00:00	None	Web Attacks HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=31,CN) | updated by KF Block was inactive. Reactivated on 20200523 with reason INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=31,CN)
101.36.178.31	24	KF	None	2020-05-23 00:00:00	2020-08-21 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=31,CN)
101.36.181.88	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=88,CN)
101.50.92.89	24	ABC	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	Generic ArcSight scan attempt (IP=89,PK)
101.51.106.223	24	CR	None	2019-01-22 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=223,TH) | updated by CW Block was inactive. Reactivated on 20191024 with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=23,TH)
101.51.144.239	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=239,TH)
101.51.146.203	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=203,TH)
101.51.233.138	24	KF	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C01919 (IP=138,TH)
101.51.37.69	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=69,)
101.53.144.237	24	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=237,IN)
101.53.158.42	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Illegal user (IP=42,IN)
101.53.24.130	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=130,VN)
101.55.120.0	24	tjh	None	2015-10-13 05:00:00	2020-02-15 00:00:00	None	KR TO-S-2016-0015 | updated by dbc with reason KR TO-S-2016-0772 Malicious Activity | updated by jky with reason KR TO-S-201
101.6.68.237	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Illegal user - 6hr Logons (IP=237,CN)
101.65.116.217	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=217,CN)
101.72.6.235	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=235,CN)
101.78.160.0	19	tjh	None	2014-01-29 06:00:00	2020-02-18 00:00:00	None	HK TO-S-2014-0393 | updated by jkc with reason ET SCAN Potential SSH Scan (IP=253, HK) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=47,HK)
101.78.214.170	24	KF	None	2020-03-26 00:00:00	2020-06-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=170,HK)
101.85.192.230	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Failed password for invalid user - Failed Logons (IP=230,CN)
101.89.112.10	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=10,CN)
101.89.145.133	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logon (IP=133,CN)
101.89.176.127	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=127,CN)
101.89.212.246	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=246,CN)
101.89.91.175	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=175,CN)
101.91.160.243	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=243,CN)
101.91.217.94	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Failed password for invalid user -Failed Logons (IP=94,CN)
101.95.111.142	24	RB	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Illegal user_6 hr Failed Logons (IP=142,CN)
101.95.173.130	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Attempted User Privilege Gain - OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=,CN)
101.95.22.230	24	RR	None	2020-07-19 00:00:00	2020-10-17 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attack (IP=230,CN)
101.99.32.0	21	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	VN TO-S-2020-0077 Malicious Email Activity
101.99.33.237	24	djs	None	2015-03-01 06:00:00	2020-01-20 00:00:00	None	VNC Scans (ip=237,VN) | updated by RB with reason HTTP: TO-S-2020-0063 / Pulse 201926-19 - TT# 20C00545 (IP=17,VN)
101.99.64.0	19	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	MY TO-S-2020-0006 Malicious Email Activity
101.99.64.165	24	EDBT	None	2018-02-06 06:00:00	2020-03-29 00:00:00	None	ET SCAN Potential VNC Scan 5900-5920 (IP=165,MY) | updated by dbc with reason MY TO-S-2019-0551.02 Malicious Email Activity
101.99.73.0	24	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	MY TO-S-2019-1002 Malicious Email Activity
101.99.84.72	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	MY TO-S-2019-0431 Malicious Email Activity
101.99.90.71	24	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=71, MY) | updated by dbc with reason MY TO-S-2019-0626.01 Malicious Email Activity
102.114.14.139	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=139,MU)
102.114.72.65	24	RW	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=65,MU)
102.119.208.165	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=165,MU)
102.119.209.59	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=59,)
102.124.27.87	24	GM	None	2019-10-17 00:00:00	2020-01-17 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=87,SD)
102.129.224.180	32	RW	None	2020-05-09 00:00:00	2020-06-09 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C02692 (IP=180,ZA)
102.129.224.252	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=252,GB)
102.130.112.0	24	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	ZA TO-S-2019-0577 Malicious Email Activity
102.132.141.202	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=202,ZF)
102.132.227.67	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=67,CN)
102.132.228.126	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=126,ZA)
102.133.237.250	32	RR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C01789 (IP=250,ZA)
102.135.160.0	22	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	ZA TO-S-2020-0056 Malicious Email Activity
102.140.224.3	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=3,KE)
102.140.246.0	23	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,KE)
102.156.137.70	24	RR	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=70,TU)
102.157.165.230	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=230,TN)
102.157.243.68	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=68,TU)
102.157.8.232	24	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_Sourcefire (IP=232,TN)
102.158.149.102	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=102,TU)
102.158.163.100	24	RR	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=100,TU)
102.158.231.142	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=142,TN)
102.159.183.251	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=251,TN)
102.164.194.65	24	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=65,ZA)
102.165.32.0	21	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	ZA TO-S-2019-0608 Malware Activity
102.176.160.30	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Illegal user_6 hr Failed Logons_CPC (IP=30 GN)
102.177.145.221	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=221,ZA)
102.182.92.55	24	RWB	None	2020-01-16 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=55,ZA) | updated by RR Block was inactive. Reactivated on 20200425 with reason SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=55,ZA)
102.184.245.43	24	BMP	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - 6hr Web Attacks (IP=43,EG)
102.186.145.57	24	BMP	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	Authentication Failed - 6 Logons (IP=57,EG)
102.186.74.220	24	RB	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - 6hr web attack (IP=220,EG)
102.187.76.231	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=231,EG)
102.188.33.100	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=100,EG)
102.188.81.64	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=64,EG)
102.244.193.30	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=30,CM)
102.40.1.216	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=216,EG)
102.40.186.199	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=199,MU)
102.41.202.128	24	KF	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=128,)
102.59.192.0	18	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	EG TO-S-2019-0864 Malware Activity
102.66.104.204	24	RW	None	2020-04-11 00:00:00	2020-07-11 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - 6hr web attacks (IP=204,ZA)
102.68.17.48	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Failed password - Failed Logons (IP=48,SO)
103.1.100.110	24	RW	None	2020-02-10 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=110,IN) | updated by GM Block was inactive. Reactivated on 20200603 with reason SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=110,IN)
103.1.112.0	22	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	IN TO-S-2020-0047 Malicious Email Activity
103.1.184.108	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	AU TO-S-2019-0571 Malware Activity
103.1.220.0	22	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	TW TO-S-2019-0400 Malicious Reconnaissance Activity
103.1.40.189	24	RR	None	2018-03-06 06:00:00	2020-04-12 00:00:00	None	ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack (IP=189,HK) | updated by RB with reason HTTP: WordPres | updated by CW with reason HTTP: ThinkPHP CMS Getshell Vulnerability_Web attacks (IP=72,HK)
103.10.168.130	24	jky	None	2016-12-01 06:00:00	2020-03-16 00:00:00	None	IN TO-S-2017-0233 Country Block | updated by KF with reason Illegal user (IP=8,IN)
103.10.226.141	24	RW	None	2019-10-25 00:00:00	2020-01-25 00:00:00	None	APP-DETECT failed FTP login attempt - 6hr Failed Logon(IP=141,IN)
103.10.228.0	22	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	TH TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason TH TO-S-2020-0212.01 Malicious Web Application Activity
103.10.30.204	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=204,NP)
103.10.61.114	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Invalid user_6 hr Failed Logons (IP=114,ID)
103.100.140.0	24	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CN TO-S-2019-0952 Malware Activity
103.100.156.0	22	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	HK TO-S-2019-0532 Malware Activity
103.100.208.242	32	RW	None	2020-01-06 00:00:00	2020-02-06 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01355(IP=242,HK)
103.100.210.23	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SoureFire (IP=23,HK)
103.100.211.27	24	RW	None	2019-10-28 00:00:00	2020-01-28 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=27,HK)
103.100.222.161	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=161,)
103.101.153.115	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Failed password - Failed Logon (IP=115,CN)
103.101.153.30	32	RW	None	2020-07-26 00:00:00	2020-08-26 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and
103.101.153.48	32	RW	None	2020-07-26 00:00:00	2020-08-26 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and
103.101.161.46	24	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=46,VN)
103.101.178.81	24	RW	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6 hr web attacks (IP=81,JP)
103.101.189.72	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=72,HK)
103.101.207.32	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=32,)
103.102.0.0	24	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	ID TO-S-2019-0546 Malicious Email Activity
103.102.44.0	22	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	HK TO-S-2019-0546 Malicious Email Activity
103.102.59.104	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=104,)
103.103.0.0	24	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	PH TO-S-2019-0430 Malicious Web Application Activity
103.103.88.242	24	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=242,BD)
103.104.117.144	24	GM	None	2020-08-12 00:00:00	2020-11-12 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=144,VN)
103.104.122.12	24	RB	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	HTTP: Blind SQL Injection - Timing_6 hr web attacks (IP=12 VN)
103.104.122.33	32	GM	None	2020-07-11 00:00:00	2020-10-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03422 (IP=33,VN)
103.104.127.151	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logon (IP=151,IN)
103.105.190.2	24	RW	None	2020-04-18 00:00:00	2020-07-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=2,ID)
103.105.33.69	24	GM	None	2020-06-22 00:00:00	2020-08-22 00:00:00	None	Infection Match (blocked) - Case # 3055 (IP=69,ID)
103.105.48.156	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	GB TO-S-2019-0769 Malicious Email Activity
103.105.58.219	24	CW	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=19,CN)
103.106.136.188	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,IN)
103.106.241.23	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=,BD)
103.106.247.66	24	GM	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=66,CN)
103.107.114.175	24	GM	None	2020-06-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=175,IN)
103.107.17.134	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Invalid user - Failed Logons (IP=134,IN)
103.107.198.78	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=78,no ISC data)
103.107.238.243	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=243,HK)
103.107.244.14	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=14,ID)
103.107.81.30	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=30,PH)
103.108.132.234	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=234,VN)
103.108.187.4	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Illegal user_6 hr Failed Logons_CPC (IP=4,ID)
103.108.195.86	24	RW	None	2020-01-19 00:00:00	2020-04-21 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=86,CN) | updated by RWB with reason Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=,CN)
103.108.220.2	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	IN TO-S-2019-0400 Malicious Email Activity
103.108.42.158	24	RB	None	2020-08-01 00:00:00	2020-11-01 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=158,HK)
103.108.6.35	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=35,IN)
103.108.87.133	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=133,ID)
103.109.126.225	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=225,ID)
103.109.37.169	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=169,no ISC data)
103.11.244.232	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=232,HK)
103.11.80.170	24	RB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=170,IN)
103.110.132.153	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=153,CN)
103.110.210.158	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=158,US)
103.110.81.167	24	RR	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=167,CN)
103.111.110.154	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Authentication failed - Failed Logons (IP=154,IN)
103.111.52.0	22	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	ID TO-S-2019-0577 Malicious Email Activity
103.112.167.134	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=134,BD)
103.112.210.146	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Command Injection Attempt (IP=146,XX)
103.112.211.130	24	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=130,HK)
103.112.28.135	24	RW	None	2020-01-30 00:00:00	2020-06-13 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=135,CN) | updated by KF Block expiration extended with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=135,CN)
103.113.170.11	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=11,ID)
103.113.3.202	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	ID TO-S-2019-0409 Malicious Email Activity
103.113.3.226	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	ID TO-S-2019-0409 Malicious Email Activity
103.114.104.0	22	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	VN TO-S-2020-0088 Malicious Web Application Activity
103.114.104.149	24	RB	None	2018-05-20 05:00:00	2020-05-10 00:00:00	None	ET SCAN Potential SSH Scan (IP=149,VN) | updated by dbc with reason VN TO-S-2019-0658 Malware Activity
103.114.128.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AF TO-S-2020-0109.01 Malicious Email Activity
103.114.134.125	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Command Injection Attempt (IP=125,CN)
103.115.104.229	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password for invalid user - Failed Logons (IP=229,ID)
103.115.14.24	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AE TO-S-2020-0109.01 Malicious Email Activity
103.115.144.252	24	RW	None	2020-04-18 00:00:00	2020-07-18 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=252,HK)
103.115.227.253	24	CR	None	2019-12-21 00:00:00	2020-03-21 00:00:00	None	SQL HTTP URI blind injection attempt_Sourcefire (IP=253,ID)
103.115.26.183	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=183,BD)
103.115.40.24	24	FT	None	2020-08-28 00:00:00	2020-11-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=24,CN)
103.115.41.163	24	BMP	None	2020-03-10 00:00:00	2020-06-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=163,CN)
103.115.61.56	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=56,CN)
103.116.12.126	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=126,MM)
103.116.16.173	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
103.116.198.20	24	RW	None	2020-01-07 00:00:00	2020-04-09 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=20,IN) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=20,IN)
103.116.45.111	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=111,MY)
103.117.13.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
103.117.132.220	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=220,CN)
103.117.133.199	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SoureFire (IP=99,CN)
103.117.139.55	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=,HK)
103.117.153.33	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=33,IN)
103.117.180.0	24	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	ID TO-S-2019-0546 Malicious Email Activity
103.117.180.105	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	IN TO-S-2019-0382 Malicious Email Activity
103.117.180.5	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3904 COLS-NA-TIP-20-0292 (IP=5,IN)
103.117.212.187	32	wmp	None	2020-07-02 00:00:00	2020-10-02 00:00:00	None	HIVE Case #3190 COLS-NA-TIP-20-0200 (IP=187,IN)
103.118.222.40	24	CR	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=40,CN)
103.118.255.34	24	GM	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=34,CN)
103.118.26.95	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=95,TW)
103.118.87.194	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logons (IP=194,BD)
103.119.1.0	24	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	CN TO-S-2019-0864 Malware Activity
103.119.105.47	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=47,HK)
103.119.116.106	32	DT	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=106,ID)
103.119.144.0	24	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	ID TO-S-2019-0515 Malware Activity
103.119.180.0	22	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	CN TO-S-2019-0864 Malware Activity
103.119.240.71	24	BMP	None	2020-01-11 00:00:00	2020-02-10 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01418 (IP=71,IN)
103.12.211.105	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	IN TO-S-2019-0604 Malicious Email Activity
103.12.211.4	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=4,IN)
103.12.211.45	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=45,IN)
103.120.176.0	22	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	IN TO-S-2019-0508 Malicious Email Activity
103.120.225.186	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=186,CN)
103.120.56.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
103.120.82.147	24	RW	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=147,HK)
103.120.83.11	24	RW	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=11,HK)
103.121.72.88	24	GM	None	2020-01-10 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - Web Attacks (IP=88,IN)
103.122.110.114	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=114,XX)
103.122.247.106	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=106,JP)
103.122.35.14	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Failed password_6 hr Failed Logons (IP=14 ID)
103.122.92.110	24	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=110,HK)
103.122.94.60	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (IP=60,HK)
103.123.150.66	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=66,ID)
103.123.160.220	24	RB	None	2019-11-03 00:00:00	2020-02-09 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=220,CN) | updated by KF with reason Immediate Inbound Network Block - TT# 20C00955 (IP=199,US)
103.123.161.156	24	ABC	None	2019-10-15 00:00:00	2020-01-13 00:00:00	None	Command Injection Attempt (IP=156,no ISC data)
103.123.72.170	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=170,IN) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=170,IN)
103.124.147.22	24	RW	None	2020-09-01 00:00:00	2020-12-01 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=22,ID)
103.125.188.0	22	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	VN TO-S-2020-0088 Malicious Web Application Activity
103.126.6.0	23	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	IN TO-S-2019-0769 Malicious Email Activity
103.126.60.138	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=138,BD)
103.127.204.124	24	BMP	None	2020-05-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=124,VN)
103.127.28.105	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=105,IN)
103.127.41.92	32	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	AU TO-S-2020-0077 Malicious Email Activity
103.127.56.130	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=130,BD)
103.127.64.0	22	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,ID)
103.129.15.0	24	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	TH TO-S-2019-0781 Malicious Email Activity
103.129.221.116	32	RR	None	2020-09-10 00:00:00	2020-12-10 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03869 (IP=116,ID)
103.129.221.116	24	RW	None	2020-09-10 00:00:00	2020-12-10 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Sourcefire (IP=116,ID)
103.129.222.135	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=135,ID)
103.129.223.149	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password (IP=149,ID)
103.129.98.170	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=170,IN)
103.129.99.5	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	AU TO-S-2020-0065 Malicious Email Activity
103.129.99.92	24	BMP	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=92,IN)
103.13.223.52	24	RR	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire D9 (IP=52,KR)
103.13.228.0	22	dbc	None	2019-12-25 00:00:00	2020-12-25 00:00:00	None	TH TO-S-2020-0212 Malicious Email Activity
103.13.50.156	32	wmp	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=156,HK)
103.13.67.0	24	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	AF TO-S-2019-0890.01 Malicious Email Activity
103.131.16.76	24	GM	None	2020-08-29 00:00:00	2020-11-29 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=76,ID)
103.131.25.53	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - WebAttacks (IP=53,IN)
103.131.50.45	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=45,ID)
103.131.51.29	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=29,ID)
103.133.104.167	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Generic ArcSight scan attempt (IP=167,VN
103.133.105.121	24	RR	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	HTTP: php.cgi Buffer Overflow - Web Attacks (IP=121,VN)
103.133.108.245	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=245,VN)
103.133.111.177	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	VN TO-S-2019-0658 Malware Activity
103.133.114.14	24	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=14,ID)
103.136.251.99	24	RW	None	2020-03-05 00:00:00	2020-06-05 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6hr web attacks (IP=99,HK)
103.136.40.141	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	NL TO-S-2019-0577 Malware Activity
103.136.42.153	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=153,XX)
103.136.43.174	24	GM	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	ABC Generic ArcSight scan attempt (IP=174,RU)
103.137.185.49	24	BMP	None	2020-07-23 00:00:00	2020-10-21 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr Web Attacks (IP=49,VN)
103.137.34.107	24	RB	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	HTTP: SQL Injection Attempt
103.138.120.103	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logons (IP=103,BD)
103.138.41.7	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Invalid user - Failed Logons (IP=7,ID)
103.138.85.163	24	jkc	None	2020-07-01 00:00:00	2020-10-01 00:00:00	None	HIVE Case #3146 CTO-20-172 (IP=163,KH)
103.139.0.124	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=124,CN)
103.139.1.176	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=176,CN)
103.139.1.31	32	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	Immediate Inbound Network Block - TT# 20C00156 (IP=31,US)
103.139.2.118	32	KF	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	Immediate Inbound Network Block - TT# 20C01299 (IP=118,US)
103.139.2.118	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Attempted User Privilege Gain - SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=118,EGY (Egypt))
103.139.44.0	23	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,VN)
103.139.45.229	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=229,VN)
103.139.61.187	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
103.14.114.251	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	HK TO-S-2019-0420 Malware Activity
103.14.120.0	22	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	IN TO-S-2019-0358 Malicious Email Activity
103.14.33.229	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Invalid user - Failed Logon (IP=229,CN)
103.14.36.58	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=58,MN)
103.14.98.186	24	GLM	None	2018-09-28 05:00:00	2020-02-04 00:00:00	None	HTTP: Blind SQL Injection - Timing | updated by kmw with reason IN TO-S-2019-0382 Malicious Email Activity
103.140.126.13	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=13,XX)
103.140.127.138	32	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	HTTP: SQL Injection Attempt Detected - TT# 20C00485 (IP=138,US)
103.140.127.150	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=150,CN)
103.140.4.0	23	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	VN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason VN TO-S-2020-0212.01 Malicious Web Application Activity
103.140.8.0	23	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	VN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason VN TO-S-2020-0212.01 Malicious Web Application Activity
103.141.104.10	24	RR	None	2020-08-22 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=10,ID)
103.141.118.73	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C01535 (IP=73,HK)
103.141.238.61	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=61,XX)
103.143.46.51	24	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=51,IN)
103.144.241.28	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=28,CN)
103.145.12.28	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=28,NL)
103.145.13.111	32	GM	None	2020-09-05 00:00:00	2020-12-05 00:00:00	None	Unauthorized Access-Probe - TT # 20C03845 (IP=111,NL)
103.145.13.125	32	DT	None	2020-09-24 00:00:00	2020-12-23 00:00:00	None	Unauthorized Access-Probe (IP=125,NL)
103.145.13.127	32	RB	None	2020-08-17 00:00:00	2020-11-17 00:00:00	None	Unauthorized Access-Probe/ UDP: Host Sweep - TT # 20C03731 (IP=127,NL)
103.145.13.244	32	GM	None	2020-09-15 00:00:00	2020-12-15 00:00:00	None	Unauthorized Access-Probe: UDP Host Sweep - TT# 20C03912 (IP=244,NL)
103.145.13.38	32	GM	None	2020-09-15 00:00:00	2020-12-15 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03915 (IP=38,NL)
103.145.13.4	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	UDP: Host Sweep (IP=4,NL)
103.145.190.193	24	RR	None	2020-09-20 00:00:00	2020-12-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=193,AU)
103.145.191.192	24	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	SQL Injection - Automated Block Report (IP=192,CN)
103.145.34.26	24	BMP	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=26,ID)
103.145.38.128	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=128,CN)
103.145.87.149	24	RB	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=149,CN)
103.147.12.107	32	RB	None	2020-06-15 00:00:00	2020-09-15 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03169 (IP=107,CN)
103.147.12.12	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=12,CN)
103.147.13.207	24	BMP	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03473 (IP=15,CN)
103.15.226.108	24	RB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	Invalid user_6 hr Failed Logons (IP=108,ID)
103.15.238.0	23	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
103.151.217.206	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=206,CN)
103.153.182.5	32	wmp	None	2020-08-13 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3555 COLS-NA-TIP-20-0254 (IP=5,US) | updated by wmp Block expiration extended with reason HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=5,US)
103.16.26.0	23	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	HK TO-S-2020-0088 Malware Activity
103.17.159.133	24	EDBT	None	2017-11-12 06:00:00	2020-02-18 00:00:00	None	ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack (IP=133,IN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=54,IN)
103.17.28.74	24	RR	None	2019-10-18 00:00:00	2020-01-16 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=74,HK)
103.18.109.104	24	djs	None	2016-07-07 05:00:00	2020-04-17 00:00:00	None	USAA Phishing url maid=8533 (ip=104,AU) | updated by dbc with reason AU TO-S-2019-0546 Malicious Email Activity | updated by
103.18.59.146	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	NZ TO-S-2019-0546 Malicious Email Activity
103.18.6.0	23	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	VN TO-S-2019-0351 Malware Activity
103.19.3.17	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	JP TO-S-2019-0634 Malware Activity
103.19.3.43	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	JP TO-S-2019-0634 Malware Activity
103.19.3.44	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	JP TO-S-2019-0634 Malware Activity
103.193.129.6	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	HTTP: SQL Injection Attempt Detected(IP=6,HK)
103.193.242.137	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	HTTP: SQL Injection AttemptDetected (IP=137,CN)
103.193.243.161	24	RR	None	2019-10-02 00:00:00	2020-01-02 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=161,CN) | updated by RB with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=161, CN)
103.194.105.146	24	RR	None	2019-04-28 00:00:00	2020-01-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (IP=146,HK) | updated by CR with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 19C02936 (IP=146,US) | updated by RB with reason HTTP: Joomla HTTP Header Unauthenti
103.194.107.178	24	RR	None	2020-02-17 00:00:00	2020-06-21 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=178,HK) | updated by RB Block expiration extended with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_Sourcefire (IP=178,HK)
103.194.251.0	24	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	IN TO-S-2019-0952 Malware Activity
103.195.150.131	24	CR	None	2019-01-22 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=131,HK) | updated by GM with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=223,CN)
103.195.184.0	22	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	IN TO-S-2019-0577 Malicious Email Activity
103.195.185.104	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=104,IN)
103.195.238.0	23	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	VN TO-S-2019-0468 Malicious Email Activity
103.195.4.0	22	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	HK TO-S-2019-0604 Malicious Email Activity
103.196.240.0	22	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	IN TO-S-2019-0358 Malware Activity
103.198.77.141	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	SG TO-S-2019-0604 Malicious Email Activity
103.199.102.202	24	KF	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=202,HK)
103.20.213.117	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	IN TO-S-2019-0831 Malicious Email Activity
103.20.215.241	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	IN TO-S-2019-0420 Malicious Email Activity
103.20.222.146	24	CR	None	2019-10-14 00:00:00	2020-01-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attack (IP=146,HK)
103.200.22.26	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C00118 (IP=26,VN)
103.200.28.122	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=122,HK)
103.200.29.80	24	wmp	None	2018-12-07 06:00:00	2020-01-14 00:00:00	None	authentication bypass vulnerability (IP=80,HK) | updated by RR with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=75,CN)
103.200.30.0	24	ABC	None	2016-10-09 05:00:00	2020-07-12 00:00:00	None	ET POLICY Suspicious inbound to | updated by BLP with reason ET POLICY Suspicious inbound to mySQL port 3306 (IP=195,CN) | updated by dbc with reason HK TO-S-2019-0816 Malware Activity
103.200.4.42	32	wmp	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=42,SG)
103.200.92.243	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Authentication Failed - Failed Logons (IP=243,BD)
103.200.93.238	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BD TO-S-2019-0409 Malicious Email Activity
103.204.170.246	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=246,IN)
103.205.64.138	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=138,IN)
103.205.68.2	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=2,BD)
103.206.131.243	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=243,IN)
103.206.21.125	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=125,US)
103.207.41.0	24	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	IN TO-S-2019-0532.01 Malicious Email Activity
103.207.56.201	32	RR	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02221 (IP=201,IN)
103.208.13.81	24	RW	None	2020-05-18 00:00:00	2020-08-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=81,CN)
103.208.152.11	24	RR	None	2018-02-13 06:00:00	2020-01-31 00:00:00	None	APP-DETECT failed FTP login attempt (IP=11,IN) | updated by RB with reason SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=165,IN) | 2020-01-31 | 2018-05-14
103.208.220.130	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0212.01 Malicious Web Application Activity
103.208.220.130	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity
103.208.220.131	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0212.01 Malicious Web Application Activity
103.208.220.131	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity
103.208.220.138	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0212.01 Malicious Web Application Activity
103.208.220.138	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity
103.208.220.139	32	KF	None	2019-01-11 06:00:00	2020-01-24 00:00:00	None	Signature: Known Attack Tool User Agent (IP=139,US) | updated by dbc with reason JP TO-S-2019-0351 Malware Activity
103.208.220.140	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0212.01 Malicious Web Application Activity
103.208.220.140	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity
103.208.220.142	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0212.01 Malicious Web Application Activity
103.208.220.142	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity
103.208.220.143	24	RR	None	2019-04-07 00:00:00	2020-02-08 00:00:00	None	Phish.URL (IP=143,JP) | updated by RR with reason Known Attack Tool User Agent - TT# 20C00352 (IP=131,JP) | updated by RR with reason 20451: HTTP: OpenVAS Vulnerability Scanner - TT# 20C01396 (IP=132,JP)
103.208.220.226	24	RR	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=226,MX)
103.208.32.212	32	FT	None	2020-09-20 00:00:00	2020-12-19 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03953 (IP=212,HK)
103.208.33.241	24	KF	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=241,CN)
103.208.34.125	24	GLM	None	2018-12-23 06:00:00	2020-01-18 00:00:00	None	HTTP: WordPress portable phpmyadmin | updated by RB with reason Command Injection Attempt (IP=95,XX) | 2020-01-18 | 2019-03-23
103.208.34.95	24	KF	None	2019-10-19 00:00:00	2020-01-18 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=95,) | updated by KF Block expiration extended with reason Command Injection Attempt (IP=95,XX)
103.209.1.230	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=230,ID)
103.209.145.85	24	RR	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=85,IN)
103.21.180.182	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=182,MY)
103.21.182.93	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=93,MY)
103.21.228.3	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=3,ID)
103.21.59.201	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=201,IN)
103.21.59.83	24	RR	None	2020-08-11 00:00:00	2020-11-09 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=83,IN)
103.210.133.20	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=20,no ISC data)
103.210.170.39	24	RR	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logons (IP=39,CN)
103.210.236.172	24	CW	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	HTTP: SQL Injection Attempt Detected_web attacks (IP=72,HK)
103.210.237.191	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=191,)
103.210.238.169	24	RW	None	2020-05-23 00:00:00	2020-08-23 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=169,HK)
103.210.239.248	24	DT	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=248,HK)
103.210.239.248	24	DT	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=248,HK)
103.211.216.225	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	IN TO-S-2019-0400 Malicious Email Activity
103.211.217.226	32	RR	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=226,IN)
103.211.217.226	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=226,IN)
103.211.217.51	32	RR	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C01623 (IP=51,IN)
103.212.235.182	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=182,IN)
103.212.32.0	22	jky	None	2018-03-14 05:00:00	2020-01-03 00:00:00	None	CN TO-S-2018-0562 Malware activity | updated by BLP with reason MALWARE-BACKDOOR JSP webshell backdoor detected(IP=73,HK) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=196,HK)
103.212.32.153	24	RWB	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	Attempted User Privilege Gain - SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=153,HK)
103.212.96.0	22	jky	None	2017-08-08 05:00:00	2020-04-06 00:00:00	None	HK TO-S-2017-1364 Phishing activity | updated by KF with reason HTTP: ThinkPHP CMS Getshell Vulnerability (IP=45,HK)
103.213.193.123	24	RR	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	Illegal user - Failed Logons (IP=123,IN)
103.213.248.0	22	jky	None	2017-01-31 06:00:00	2020-02-15 00:00:00	None	TO-S-2017-0499 Intrusion of US CDC | updated by dbc with reason HK TO-S-2019-0409 Malware Activity
103.214.140.139	24	BMP	None	2020-01-12 00:00:00	2020-04-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=139,HK) | updated by CW with reason INDICATOR-SCAN PHP backdoor scan attempt_SourceFire (IP=39,HK)
103.214.165.214	24	RB	None	2020-04-08 00:00:00	2020-07-10 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=214,HK) | not blocked DUPLICATE, COULD NOT IMPLEMENT. | updated by KF Block was inactive. Reactivated on 20200411 with reason Web (HTTP) Attacks (IP=214,no ISC data)
103.214.168.233	24	RW	None	2020-03-20 00:00:00	2020-06-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=233,HK)
103.214.170.193	24	RR	None	2017-03-21 05:00:00	2020-01-08 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=193,CN) | updated by jky with reason CN TO-S-2017-1441 Recon activity | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=176,CN)
103.214.171.239	24	ABC	None	2018-03-10 06:00:00	2020-01-13 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=239,CN) | updated by ABC with reason Command Injection Attempt (IP=110,HK)
103.214.235.13	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=13,IN)
103.214.4.195	32	GM	None	2020-08-21 00:00:00	2020-11-18 00:00:00	None	Unauthorized Access-Probe // UDP: Host Sweep - TT # 20C03750 (IP=195,NL)
103.215.191.219	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=219,HK)
103.215.211.226	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AF TO-S-2020-0109.01 Malicious Email Activity
103.215.223.5	24	RB	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	Illegal user_6 hr Failed Logons (IP=5,IR)
103.215.80.70	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=70,HK)
103.215.83.10	24	KF	None	2020-06-22 00:00:00	2020-09-20 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=10,HK)
103.215.83.216	32	RB	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03107 (IP=216,HK)
103.216.237.0	24	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	IN TO-S-2020-0006 Malware Activity
103.216.60.0	24	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	IR TO-S-2020-0077 Malware Activity
103.217.112.87	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=87,BD)
103.217.130.228	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Authentication Failed - 6hr Logons (IP=228,IN)
103.217.135.78	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=78,IN)
103.217.156.218	24	BMP	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	Authentication Failed - 6hr Logon (IP=218,MM)
103.217.243.49	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=49,IN)
103.217.252.178	24	RR	None	2020-01-20 00:00:00	2020-04-21 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=178,HK) | updated by RWB with reason Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=,HK)
103.218.169.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
103.218.2.166	24	RR	None	2017-06-14 05:00:00	2020-01-16 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=166,CN) | updated by RB with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=181 CN) | 2020-01-16 | 2017-09-12
103.218.242.10	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=10,HK)
103.218.3.134	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (IP=134,)
103.219.205.22	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Failed password - Failed Logons (IP=22,IN)
103.219.30.128	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=128,CN)
103.22.181.125	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=125,TH)
103.221.220.8	24	YM	None	2018-04-05 05:00:00	2020-03-29 00:00:00	None	SQL generic convert injection attempt - GET parameter (IP=220,VN) | updated by dbc with reason VN TO-S-2019-0551.02 Malicious
103.221.244.160	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=160,IN)
103.221.252.46	24	KF	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Failed password_6 Hr Failed Logons (IP=46,BD) | updated by RW with reason Authentication Failed - 6hr Failed Logon(IP=46,BD)
103.221.69.246	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Illegal user_Failed Logon (IP=46,IN)
103.222.188.13	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=13,CN)
103.223.121.33	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	HTTP: SQL Injection AttemptDetected (IP=33,CN)
103.223.8.12	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=12,IN)
103.223.9.26	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=26,IN)
103.223.9.72	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=72,IN)
103.224.166.29	24	sjl	None	2015-07-23 05:00:00	2020-03-08 00:00:00	None	ET SCAN Potential SSH Scan (IP=29 SG) | updated by sjl with reason ET SCAN Potential SSH Scan (IP=40 SG) | updated by djs wi | updated by RR with reason Authentication Failed - Failed Logons (IP=210,SG)
103.224.167.248	24	RB	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	Authentication Failed_6 hr Failed Logons_CPC (IP=248,SG)
103.224.182.212	32	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	AU TO-S-2019-0985 Malicious Email Activity
103.224.251.161	32	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	Signature: HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01464 (IP=161,HK)
103.224.82.186	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SQL use of sleep function with and - likely SQL injection - SourceFire (IP=186,CN)
103.225.106.163	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	IN TO-S-2019-1002 Malware Activity
103.225.168.0	24	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	TH TO-S-2019-0571 Malware Activity
103.225.85.44	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=44,CN)
103.225.99.36	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=36,IN)
103.226.143.65	24	klb	None	2015-08-29 05:00:00	2020-02-15 00:00:00	None	SCAN Potential SSH Scan (IP=65 IN) | updated by dbc with reason IN TO-S-2019-0409 Malicious Email Activity
103.226.153.104	24	bob	None	2014-10-15 05:00:00	2020-06-18 00:00:00	None	HK TO-S-2015-0031 APT Software | updated by jky with reason HK TO-S-2018-0204 Web application activity | updated by dbc with reason HK TO-S-2019-0734.01 Malicious Email Activity
103.227.176.16	24	wmp	None	2018-09-13 05:00:00	2020-02-21 00:00:00	None	COLS-NA TIP 18-0336 (IP=16,SI) | updated by dbc with reason SG TO-S-2018-1141 Malicious Email Activity | updated by dbc with
103.228.130.99	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=99,CN)
103.228.55.243	24	YM	None	2017-02-23 06:00:00	2020-01-31 00:00:00	None	MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (IP=243,MY) | updated by RB with reason Failed password_6 hr Failed Logons (IP=79,MY) | 2020-01-31 | 2017-05-24
103.229.125.35	24	dbc	None	2016-06-28 05:00:00	2020-01-09 00:00:00	None	TW TO-S-2016-0787 Malicious Activity | updated by GM with reason INDICATOR-SCAN PHP backdoor scan
103.229.126.141	24	KF	None	2019-10-15 00:00:00	2020-01-13 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_6 hr web attacks (IP=141,TW)
103.229.183.202	24	RW	None	2019-10-28 00:00:00	2020-01-28 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=202,HK)
103.23.101.152	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	ID TO-S-2019-0488 Malicious Email Activity
103.23.201.0	24	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	ID TO-S-2019-0551.02 Malicious Email Activity
103.23.22.244	24	djs	None	2015-08-16 05:00:00	2020-03-12 00:00:00	None	China Chopper PHP/Backdoor Detected (ip=244,ID) | updated by dbc with reason ID TO-S-2019-0488 Malicious Email Activity
103.23.224.121	24	GM	None	2018-06-06 05:00:00	2020-04-04 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=121,ID) | updated by dbc with reason ID TO-S-2019-0571 Malicious Email Activit
103.230.216.130	24	RR	None	2020-07-19 00:00:00	2020-10-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=130,HK)
103.230.242.169	24	RW	None	2020-03-09 00:00:00	2020-06-07 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02088 (IP=169,HK)
103.230.242.30	32	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03050 (IP=30,HK)
103.230.243.220	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=220,HK)
103.231.28.150	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=150,HK)
103.231.40.0	24	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	IN TO-S-2019-1036 Malicious Email Activity
103.231.91.133	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NZ TO-S-2020-0212.01 Malicious Web Application Activity
103.231.91.133	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NZ TO-S-2020-0206 Malicious Web Application Activity
103.231.91.38	32	RB	None	2019-10-03 00:00:00	2020-10-15 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C00125 (IP=38,NZ) | updated by dbc Block expiration extended with reason NZ TO-S-2020-0031 Malicious Reconnaissance Activity
103.231.91.66	24	RB	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	HTTP OpenVAS Vulnerability Scanner - TT# 20C01491 (IP=66,AU)
103.232.151.16	24	RR	None	2017-03-23 05:00:00	2020-08-22 00:00:00	None	APP-DETECT failed FTP login attempt (IP=16,IN) | updated by RR with reason HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - 6hr Web Attacks (IP=30,IN) | updated by RW with reason INDICATOR-SCAN PHP backdoor scan attemp
103.233.103.20	32	RR	None	2020-07-25 00:00:00	2020-12-13 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02703 (IP=20,ID) | updated by RR Block was inactive. Reactivated on 20200914 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)
103.233.103.20	32	BMP	None	2020-05-10 00:00:00	2020-12-13 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02703 (IP=20,ID) | updated by RR Block was inactive. Reactivated on 20200914 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)
103.233.194.102	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=102,TH)
103.233.255.94	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=94,SG)
103.234.210.36	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	ID TO-S-2019-0577 Malicious Email Activity
103.234.39.53	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	VN TO-S-2019-0488 Malicious Email Activity
103.234.99.0	24	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	HK TO-S-2019-0734.01 Malicious Email Activity
103.235.104.170	24	RB	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=170,IN)
103.235.170.195	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password_Failed Logon (IP=95,HK)
103.235.65.92	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	AU TO-S-2019-0926 Malicious Email Activity
103.236.149.0	24	dbc	None	2019-01-30 00:00:00	2020-02-04 00:00:00	None	GB TO-S-2019-0370 Malware Activity | updated by kmw with reason ID TO-S-2019-0382 Command and Control Exploit
103.236.176.197	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed - 6hr Logons (IP=197,PH)
103.236.193.204	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=204,IN)
103.236.201.48	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=48,ID)
103.237.108.172	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	AU TO-S-2019-0400 Malicious Email Activity
103.237.144.177	24	dbc	None	2015-05-16 05:00:00	2020-01-25 00:00:00	None	TCP Host Sweeps (IP=177, VN) | updated by ged with reason WEBAPP Setup.php access (IP=85, VN) | updated by kmw with reason VN
103.238.163.140	24	RW	None	2019-10-25 00:00:00	2020-01-25 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=140,CN)
103.238.200.62	24	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=62,ID)
103.238.213.0	24	dbc	None	2019-02-21 00:00:00	2020-02-22 00:00:00	None	VN TO-S-2019-0430 Malicious Web Application Activity | updated by dbc with reason VN TO-S-2019-0431 Malicious Web Application
103.238.225.76	24	alj	None	2018-11-27 06:00:00	2020-01-14 00:00:00	None	FIREEYE Web: Malware Callback | updated by RR with reason Known Attack Tool User Agent - TT# 19C02090 (IP=54,HK) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=164,HK)
103.238.71.109	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=109,VN)
103.239.72.0	22	dbc	None	2019-02-27 00:00:00	2020-02-27 00:00:00	None	HK TO-S-2019-0444 Malware Activity
103.240.156.0	24	bob	None	2016-09-27 05:00:00	2020-01-02 00:00:00	None	US TO-S-2016-1155 US IP associated with malicious activity | updated by jky with reason RU TO-S-2017-0264 Corrected range | updated by RB with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=131,CN) | 2020-01-02 | 2017-12-05
103.240.157.225	24	MLJ	None	2016-11-21 06:00:00	2020-02-10 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=225,CN) | updated by GM with reason ABC Command Injection Attempt (IP=191,US)
103.240.182.25	24	JKC	None	2019-01-07 06:00:00	2020-01-20 00:00:00	None	WPC REGIONAL Fireeye multiple alerts MPS (IP=25, HK) | updated by GM with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - 19C03024 (IP=140,US) | updated by RB with reason Command Injection Attempt (IP=140,HK) | 2020-01-20 | 20
103.240.220.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
103.240.37.254	24	RB	None	2020-05-29 00:00:00	2020-08-27 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=254,CN)
103.241.1.250	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	AU TO-S-2019-0734.01 Malicious Email Activity
103.242.107.252	32	DT	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C04006 (IP=252,ID)
103.242.119.217	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=17,IN)
103.242.134.56	24	RW	None	2020-04-29 00:00:00	2020-07-29 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=56,CN)
103.242.15.5	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=5,KH)
103.242.2.195	24	klb	None	2016-05-06 05:00:00	2020-01-06 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=195 HK) | updated by CR with reason SERVER-WEBAPP Netgear DGN1000 series r | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=184,HK)
103.243.110.231	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=231,AU)
103.243.164.254	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=254,HK)
103.244.149.181	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_SourceFire (IP=81,HK)
103.244.173.65	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
103.244.39.154	24	RR	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Generic ArcSight scan attempt (IP=154,ID)
103.245.167.0	24	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	TH TO-S-2019-0409 Malicious Email Activity
103.245.206.36	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=36,BD)
103.245.32.106	24	MLJ	None	2017-06-05 05:00:00	2020-09-19 00:00:00	None	ET SCAN Potential SSH Scan (IP=106,IN) | updated by dbc with reason IN TO-S-2019-1002 Malware Activity
103.246.114.249	24	BMP	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=249 HK)
103.248.120.2	24	RR	None	2019-01-19 00:00:00	2020-02-24 00:00:00	None	Failed password for invalid user (IP=2,IN) | updated by RW Block was inactive. Reactivated on 20191124 with reason Authentication Failed - 6hr Failed Logon(IP=2,IN)
103.248.122.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
103.248.137.31	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=31,HK)
103.248.21.93	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	AU TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason AU TO-S-2020-0212.01 Malicious Web Application Activity
103.248.223.0	24	jky	None	2016-12-27 06:00:00	2020-01-03 00:00:00	None	CN TO-S-2017-0357 Foreign CNE actors | updated by RR with reason HTTP: ThinkPHP CMS Getshell Vulnerability (IP=140,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=59,CN) | 2
103.248.25.171	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=171,ID)
103.248.83.249	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password_6 hr Failed Logons (IP=249,IN)
103.249.52.5	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=5,CN)
103.249.84.0	24	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	MY TO-S-2019-0382 Malicious Email Activity
103.249.87.51	32	RR	None	2019-12-18 00:00:00	2020-01-17 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01170 (IP=51,MY)
103.25.120.0	22	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	BD TO-S-2020-0012 Malware Activity
103.25.3.82	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	IN TO-S-2019-0409 Malicious Email Activity
103.25.59.75	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	AU TO-S-2019-0610 Malicious Email Activity
103.250.186.0	24	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malware Activity
103.250.23.218	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	AU TO-S-2020-0056 Malicious Email Activity
103.250.232.64	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	NZ TO-S-2019-0604 Malicious Email Activity
103.251.21.34	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3604 COLS-NA-TIP-20-0262 (IP=34,IN)
103.251.67.2	32	DT	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	8316 HTTP Cross Site Scripting (String.fromCharCode) - TT# 20C02862 (IP=2,US)
103.252.255.108	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=108,VN)
103.252.6.77	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=77,IN)
103.253.145.66	24	CR	None	2018-06-26 05:00:00	2020-04-08 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=66,SG) | updated by dbc with reason SG TO-S-2019-0577 Malicious Email Activity
103.253.211.152	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=152,IN)
103.253.68.41	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=41,ID)
103.253.87.8	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt_Sourcefire (IP=8 ID)
103.254.13.91	32	wmp	None	2020-09-11 00:00:00	2020-12-11 00:00:00	None	HIVE Case #3844 COLS-NA-TIP-20-0288 (IP=91,VN)
103.254.196.146	24	RW	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=146,CN)
103.254.198.67	32	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Failed password - Failed Logons (IP=67,US)
103.254.255.131	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	SG TO-S-2019-0631 Malicious Email Activity
103.254.68.0	22	dcg	None	2018-07-05 05:00:00	2020-01-27 00:00:00	None	CN TO-S-2018-0908 associated with Malicious Web Application Activity | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=120,CN)
103.254.73.68	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user (IP= 68 , KR )
103.255.146.19	24	ged	None	2014-11-27 06:00:00	2020-02-11 00:00:00	None	TCP HOST SWEEPS (IP=19, IN) | updated by GM with reason Invalid user - Failed Logons (IP=154,IN)
103.255.241.26	24	RW	None	2020-08-09 00:00:00	2020-11-09 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=26,ID)
103.255.47.38	24	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=23,HK)
103.255.6.105	24	dlb	None	2016-08-20 05:00:00	2020-01-17 00:00:00	None	APP-DETECT failed FTP login attempt (IP=105, PK) | updated by RR with reason APP-DETECT failed FTP login attempt (IP=3,PK) | updated by RB with reason APP-DETECT failed FTP login attempt (IP=96,PK) | 2020-01-17 | 2019-03-05
103.255.6.96	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	APP-DETECT failed FTP login attempt (1:13360:7)_SourceFire (IP=96,PA)
103.26.169.66	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
103.26.221.81	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=81,SG)
103.26.224.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
103.26.40.143	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=143,SG)
103.26.76.0	24	GLM	None	2016-11-05 05:00:00	2020-01-03 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=102,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=173,CN) | 2019-08-03 | 2017-02-03 | updated by RW with reason SERVER
103.26.77.171	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Command Injection Attempt (IP=171,CN)
103.26.79.216	24	KF	None	2020-06-28 00:00:00	2020-09-26 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03300 (IP=216,CN)
103.26.79.39	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=39,CN)
103.27.200.0	22	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	TH TO-S-2020-0190 Malicious Email Activity
103.27.206.162	24	RR	None	2017-08-01 05:00:00	2020-04-04 00:00:00	None	APP-DETECT failed FTP login attempt (IP=162,ID) | updated by RB with reason SQL 1 = 1 - possible sql injection attem
103.27.208.78	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=78,CN)
103.27.222.71	24	RR	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=71,AU)
103.27.236.139	24	djs	None	2014-10-09 05:00:00	2020-02-07 00:00:00	None	Setup.php access (ip=139,VN) | updated by klb with reason SCAN Potential SSH Scan (IP=94 VN) | updated by ged with reason SE | updated by RB with reason HTTP: Blind SQL Injection - Timing_12 hr web attacks (IP=238,VN) | 2020-02-07 | 2019-05-09
103.27.4.142	24	GLM	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=142,CN)
103.27.61.222	24	GM	None	2020-03-22 00:00:00	2020-06-20 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=222,VN)
103.27.74.13	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=13,MY)
103.27.74.194	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	MY TO-S-2019-0747 Malicious Email Activity
103.28.12.150	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=150,ID)
103.28.120.38	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=38,BD)
103.28.132.225	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AF TO-S-2020-0109.01 Malicious Email Activity
103.28.148.51	24	djs	None	2014-06-08 05:00:00	2020-03-24 00:00:00	None	malware C2 (ip=51,ID) | updated by CR with reason SQL HTTP URI blind injection attempt - Sourcefire (IP=82, ID)
103.28.148.82	24	CR	None	2019-12-24 00:00:00	2020-03-25 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=82, ID) | updated by CR Block expiration extended with reason SQL HTTP URI blind injection attempt - Sourcefire (IP=82, ID)
103.28.2.60	24	RR	None	2019-01-14 06:00:00	2020-02-21 00:00:00	None	Illegal user (IP=60,KH) | updated by BP Block was inactive. Reactivated on 20191121 with reason Authentication Failed - 6hr Failed Logon(IP=60,KH)
103.28.219.171	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password - Failed Logon (IP=171,ID)
103.28.36.176	24	djs	None	2014-05-13 05:00:00	2020-04-04 00:00:00	None	Cuckoo analysis 825 malware callback domain (ip=176,VN) | updated by CR with reason SQL 1 = 1 - possible sql injection attempt
103.28.38.115	24	jkc	None	2015-10-08 05:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt (IP=115 , VN) | updated by djs with reason FBI M-000069-BT: Brobot/Kami
103.28.52.84	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=84,ID)
103.3.65.10	32	CR	None	2019-12-21 00:00:00	2020-10-08 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01198 (IP=10,US) | updated by DT Block was inactive. Reactivated on 20200710 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C0341
103.3.76.211	24	GM	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=211,ID)
103.30.151.17	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password_Faield Logon (IP=17,CN)
103.30.43.129	24	GLM	None	2016-12-04 06:00:00	2020-03-16 00:00:00	None	MALWARE-CNC: OSINT : China Chopper PHP/Backdoor Detected (IP=129,HK) | updated by RB with reason SQL generic sql with comment | updated by KF with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=70,HK)
103.31.53.2	24	GM	None	2020-08-11 00:00:00	2020-11-10 00:00:00	None	SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt - Sourcefire (IP=2,CN)
103.35.109.142	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BD TO-S-2019-0409 Malicious Email Activity
103.35.198.219	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=219,IN)
103.35.64.73	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=73,VN)
103.36.103.66	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=66,BD)
103.36.127.182	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=182,IN)
103.36.52.121	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan
103.36.52.121	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=121 HK)
103.36.52.121	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=121,HK)
103.36.84.100	24	EDBT	None	2018-01-15 06:00:00	2020-02-08 00:00:00	None	Illegal user (IP=100,IN) | updated by RR with reason Failed password for invalid user (IP=100,IN) | updated by GM with reason Failed password - Failed Logons (IP=100,IN)
103.37.232.123	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web attacks (IP=23,HK)
103.37.233.59	24	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=59,HK)
103.37.234.169	24	GM	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=169,HK)
103.37.61.106	24	RB	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=106 HK)
103.38.252.204	24	ged	None	2016-04-25 05:00:00	2020-02-08 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=204, CN) | updated by RB with reason Invalid user_6 hr Failed Logons (IP=117,CN) | 2020-02-08 | 2016-07-25
103.39.135.50	32	GL	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	HIVE Case #3466 CTO-20-211 JFHQ-DODIN (IP=50,IN)
103.39.211.139	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=139,CN)
103.39.212.28	24	GM	None	2019-10-07 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=28,CN)
103.39.219.141	24	DT	None	2020-04-23 00:00:00	2020-07-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell VulnerabilitY - Web Attacks (IP=141,CN)
103.39.77.176	24	YM	None	2018-05-23 05:00:00	2020-02-15 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=176,HK) | updated by dbc with reason HK TO-S-2019-04
103.39.78.10	24	djs	None	2016-04-07 05:00:00	2020-01-18 00:00:00	None	WEBAPP Setup.php access (ip=10,AU) | updated by JKC with reason WPC REGIONAL Fireeye multiple alerts MPS (IP=118, HK) | updated by RB with reason Command Injection Attempt (IP=106,XX) | 2020-01-18 | 2019-04-07
103.39.78.106	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Command Injection Attempt (IP=106,XX)
103.4.118.169	24	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - Failed Logons (IP=169,BD)
103.4.216.0	22	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	TH TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason TH TO-S-2020-0212.01 Malicious Web Application Activity
103.4.217.138	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Failed password for invalid user - 6hr Logons (IP=138,TH)
103.4.65.78	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=78,BG)
103.40.100.0	22	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	HK TO-S-2019-0747 Malicious Email Activity
103.40.172.174	24	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=174,HK)
103.40.19.67	32	RW	None	2020-07-25 00:00:00	2020-08-25 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability
103.40.21.41	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=41,CN)
103.40.22.10	24	KF	None	2019-10-15 00:00:00	2020-01-13 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_6 hr web attacks (IP=10,CN)
103.40.235.188	24	RR	None	None	2020-02-11 00:00:00	None	Failed password for invalid user (IP=188,CN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=215,CN)
103.40.240.222	24	BMP	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=222,CN)
103.40.244.225	24	CR	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=225,CN)
103.40.8.120	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected_web attacks (IP=20,HK)
103.41.134.117	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=117,XX)
103.41.175.154	24	RW	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6hr Web Attack (IP=154,HK)
103.41.24.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
103.42.224.5	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	AU TO-S-2020-0012 Malicious Email Activity
103.42.28.0	22	jky	None	2017-08-23 05:00:00	2020-01-24 00:00:00	None	CN TO-S-2017-1427 Recon activity | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_Sourcefire (IP=53,CN) | 2020-01-03 | 2018-08-23 | updated by RR with reason SERVER-WEBAPP vBulletin pre-authenticated command injection a
103.42.31.53	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=53,CN)
103.42.57.177	24	RWB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	HTTP: Blind SQL Injection - Timing - SourceFire (IP=177,VN)
103.43.16.72	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=72,CN)
103.43.160.250	24	GM	None	2020-03-22 00:00:00	2020-06-22 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=250,IN)
103.43.161.57	24	RB	None	2020-06-08 00:00:00	2020-09-06 00:00:00	None	Hello Peppa Scan (IP=57,HK)
103.43.18.0	24	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	CN TO-S-2019-0577 Malware Activity
103.43.185.34	24	RR	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=34,CN)
103.43.191.96	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	SG TO-S-2019-0571 Malicious Email Activity
103.43.46.0	24	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	ID TO-S-2019-0972 Malware Activity
103.43.8.58	24	GM	None	2020-08-12 00:00:00	2020-11-12 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=58,HK)
103.44.18.248	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	IN TO-S-2019-0409 Malicious Email Activity
103.44.235.88	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Failed password_Failed Logon (IP=88,PH)
103.44.27.58	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=58,ID)
103.44.62.0	24	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	HK TO-S-2019-0400 Malware Activity
103.45.103.236	24	RB	None	2020-01-29 00:00:00	2020-05-02 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=236,CN) | updated by KF Block expiration extended with reason HTTP: SQL Injection Attempt Detected (IP=236,CN)
103.45.105.207	24	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=207,CN)
103.45.106.172	24	RB	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability_6 hr web attacks (IP=172,CN)
103.45.106.172	24	RB	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=172,CN)
103.45.107.144	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt -Web Attacks (IP=144,CN)
103.45.109.36	24	RB	None	2019-07-01 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_6 hr web attacks (IP=36,CN) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=91,CN)
103.45.110.11	24	RW	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=11,CN)
103.45.110.114	24	RW	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=114,CN)
103.45.111.204	24	KF	None	2020-06-27 00:00:00	2020-09-25 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=204,CN)
103.45.118.205	24	RR	None	2020-04-18 00:00:00	2020-07-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=205,CN)
103.45.129.210	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=210 CN)
103.45.149.89	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Generic ArcSight scan attempt (IP=89,CN)
103.45.158.0	24	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CN TO-S-2019-0952 Malware Activity
103.45.161.162	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=162,CN)
103.45.173.108	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web attacks (IP=8,CN)
103.45.178.61	32	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02945 (IP=61,CN)
103.45.178.73	24	RW	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 hr web attacks (IP=73,CN)
103.45.191.18	24	KF	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=18,CN)
103.45.230.240	24	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=240,VN)
103.45.98.149	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=149,CN)
103.45.99.20	24	RW	None	2020-05-24 00:00:00	2020-08-24 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=20,CN)
103.46.12.33	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability_Web attacks (IP=33,CN)
103.46.12.33	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=33,CN)
103.46.140.20	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	NL TO-S-2019-0816 Malicious Email Activity
103.46.208.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AF TO-S-2020-0109.01 Malicious Email Activity
103.47.14.18	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
103.47.16.2	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password_Faield Logon (IP=2,IN)
103.47.192.52	24	BMP	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SQL use of sleep function with and - likely SQL injection- SourceFire (IP=52,VN)
103.47.200.91	24	RB	None	2020-08-23 00:00:00	2020-11-21 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=91,JP)
103.47.57.165	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=165,IN)
103.47.60.37	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Invalid user - Failed Logons (IP=37,ID)
103.47.81.121	24	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=121 CN)
103.48.180.117	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Failed password - Failed Logons (IP=117,IN)
103.48.192.48	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=48,VN)
103.48.193.7	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=7,VN)
103.48.206.51	24	RR	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=51,TH)
103.48.81.78	24	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=78,VN)
103.49.135.195	24	RB	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=195,HK)
103.49.94.181	24	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_6 hr web attacks (IP=181,CN)
103.5.149.0	24	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	HK TO-S-2019-0515 Malware Activity
103.5.51.0	24	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	ID TO-S-2019-0864 Malware Activity
103.50.160.20	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=20,IN)
103.50.160.20	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr web attacks (IP=20,IN)
103.50.160.20	24	RB	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter_Sourcefire (IP=20,IN)
103.50.163.30	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=30,IN)
103.50.254.0	24	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	HK TO-S-2019-0546 Malware Activity
103.51.153.74	24	RR	None	2017-04-18 05:00:00	2020-02-04 00:00:00	None	APP-DETECT failed FTP login attempt (IP=74,IN) | updated by RR with reason Failed password - Failed Logons (IP=235,IN)
103.52.134.206	24	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=206,BD)
103.52.145.106	24	GLM	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	ABC Generic ArcSight scan attempt (IP=106,ID)
103.52.16.35	24	RB	None	2019-01-18 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user(IP=35,ID) | updated by RR with reason Failed password - Failed Logons (IP=35,ID)
103.52.52.22	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Invalid user -Failed Logons (IP=22,IN)
103.53.176.0	22	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	PG TO-S-2020-0088 Malware Activity
103.53.188.2	24	RW	None	2020-09-02 00:00:00	2020-12-02 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=2,ID)
103.53.24.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AF TO-S-2020-0109.01 Malicious Email Activity
103.53.40.71	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	IN TO-S-2019-0640.01 Malicious Email Activity
103.53.88.0	22	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	VN TO-S-2020-0190 Malicious Email Activity
103.54.147.34	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=34,IN)
103.54.219.107	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=107,ID)
103.55.24.183	24	djs	None	2016-06-10 05:00:00	2020-01-03 00:00:00	None	mySQL port 3306 scans (ip=183,CN) | updated by djs with reason mySQL port 3306 scans (ip=183,CN) | updated by RR with reason | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=1
103.55.25.55	24	RB	None	2018-05-12 05:00:00	2020-03-24 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=55 HK) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=126,CN)
103.55.26.5	24	RB	None	2018-12-12 06:00:00	2020-01-16 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=5,HK) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=202,CN)
103.55.8.0	24	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	HK TO-S-2019-0864 Malicious Email Activity
103.55.91.51	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=51,IN)
103.56.113.208	24	CR	None	2019-10-18 00:00:00	2020-01-18 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=208,HK)
103.56.113.208	32	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Immediate Inbound Network Block - TT# 20C00811 (IP=208,US)
103.56.17.223	24	RB	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=223,CN)
103.56.207.117	24	BMP	None	2020-01-15 00:00:00	2020-05-07 00:00:00	None	Illegal user - 6hr Logon (IP=117,ID) | updated by RR Block expiration extended with reason Illegal user - Failed Logopns (IP=117,ID)
103.56.53.0	24	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	HK TO-S-2019-0577 Malware Activity
103.57.123.1	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Invalid user - Failed Logon (IP=1,BD)
103.57.210.21	24	GLM	None	2019-01-17 00:00:00	2020-04-04 00:00:00	None	Illegal user (IP=21,VN) | updated by RB with reason Illegal user_6 hr Failed Logons (IP=12,VN) | 2020-04-04 | 2019-04-17
103.57.220.0	22	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	VN TO-S-2019-0468 Malicious Email Activity
103.57.80.0	22	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
103.59.134.51	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shellarbitrary command execution attempt (IP=51,IN)
103.59.214.238	24	RW	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	UDP: Host Sweep (IP=238,ID)
103.59.47.240	24	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=240 HK)
103.6.198.166	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=166,MY)
103.6.205.50	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=50,ID)
103.6.52.120	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=120,ID)
103.6.54.206	24	RW	None	2020-08-09 00:00:00	2020-11-09 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=206,ID)
103.6.90.50	24	RB	None	2020-07-20 00:00:00	2020-10-18 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=50,IN)
103.60.126.65	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=65,KR)
103.60.167.175	24	RB	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=175,CN)
103.61.137.0	24	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	TW TO-S-2019-0734.01 Malicious Email Activity
103.61.37.23	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=23,HK)
103.62.232.0	22	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	PK TO-S-2019-0723 Correction to TO-S-2019-0711 Malware Activity
103.63.114.199	24	BMP	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=199,VN)
103.64.12.125	24	RR	None	2018-12-13 06:00:00	2020-08-22 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=125,HK) | updated by dbc with reason HK TO-S-2019-0926 Malware Activity
103.64.148.244	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	AU TO-S-2019-1002 Malicious Email Activity
103.64.15.34	24	RR	None	2020-02-04 00:00:00	2020-06-04 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=34,ID) | updated by RB Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=34,ID)
103.66.16.18	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Failed password for invalid user -Failed Logons (IP=18,IN)
103.66.213.122	24	GM	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	Authentication Failed - Failed Logons (IP=122,IN)
103.66.216.44	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=44,HK)
103.66.217.139	24	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=139,CN)
103.66.50.50	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=50,XX)
103.67.235.10	24	RR	None	2017-09-06 05:00:00	2020-02-05 00:00:00	None	APP-DETECTfailed FTP login attempt (IP=10,AE) | updated by GLM with reason SQL union select - possible sql injection attempt - | updated by RR with reason Generic ArcSight scan attempt (IP=46,AU)
103.67.236.0	22	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	IN TO-S-2020-0056 Malicious Email Activity
103.68.173.13	24	RB	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=13,HK)
103.69.130.41	24	RW	None	2020-05-14 00:00:00	2020-08-14 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=41,SG)
103.69.29.209	24	RW	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=209,IN)
103.7.58.206	24	GLM	None	2016-12-07 06:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP Setup.php access (IP=206,TH) | updated by dbc with reason TH TO-S-2019-0577 Malicious Email Activity
103.7.8.207	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=207,SG)
103.70.128.32	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=32,IN)
103.70.128.32	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=32,IN)
103.70.128.34	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=34,IN) | not blocked because its covered under a DUPLICATE SUBNET
103.70.128.34	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=34,IN) | not blocked because its covered under a DUPLICATE SUBNET
103.70.128.42	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=42,IN) | not blocked because its covered under a DUPLICATE SUBNET
103.70.128.42	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=42,IN) | not blocked because its covered under a DUPLICATE SUBNET
103.70.128.57	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=57,IN) | not blocked because its covered under a DUPLICATE SUBNET
103.70.128.57	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=57,IN) | not blocked because its covered under a DUPLICATE SUBNET
103.70.128.61	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=61,IN) | not blocked because its covered under a DUPLICATE SUBNET
103.70.128.61	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=61,IN) | not blocked because its covered under a DUPLICATE SUBNET
103.70.128.62	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=62,IN) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
103.70.128.62	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=62,IN) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
103.70.147.0	24	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	IN TO-S-2019-0952 Malware Activity
103.70.226.14	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=14,CN)
103.71.176.223	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=223,MY)
103.71.50.204	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	HTTP: SQL Injection Attempt Detected(IP=204,CN)
103.71.59.118	24	RW	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=118,AF)
103.72.162.44	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Web Attacks (IP=44,MY)
103.72.165.188	32	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Immediate Inbound Network Block - TT# 20C00803 (IP=188,US)
103.72.220.35	32	RW	None	2020-03-10 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=35,IN)
103.73.161.251	24	CR	None	2018-11-15 06:00:00	2020-01-09 00:00:00	None	Hello Peppa Scan (IP=251,HK) | updated by RR with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=243,HK)
103.73.162.50	24	RR	None	2019-04-28 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (IP=50,HK) | updated by KF with reason Command Injection Attempt (IP=66,XX)
103.73.65.116	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	AU TO-S-2019-0617 Malware Activity
103.74.119.134	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=134,VN)
103.74.15.52	24	KF	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=52,NP)
103.74.254.242	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Failed password - Failed Logons (IP=242,TH)
103.75.184.179	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=179,VN)
103.75.184.194	24	GM	None	2020-08-30 00:00:00	2020-11-30 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=194,VN)
103.75.3.0	24	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	HK TO-S-2019-0577 Malware Activity
103.75.48.179	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed_Faield Logon (IP=79,NP)
103.76.201.214	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	ID TO-S-2019-0409 Malicious Email Activity
103.76.22.118	24	RW	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=118,XX)
103.76.231.28	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=28,IN)
103.76.53.42	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=42,IN)
103.76.84.0	22	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	CN TO-S-2019-0400 Malicious Reconnaissance Activity
103.76.85.136	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) (IP=136,HK)
103.78.141.187	24	RB	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_Sourcefire (IP=187,ID)
103.78.205.165	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=165,IN)
103.78.208.163	24	GM	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web attacks (IP=163,ID)
103.78.243.153	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=153,TH)
103.79.154.104	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user - Failed Logons (IP=104,ID)
103.79.161.6	24	RR	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=6,IN)
103.79.179.0	22	dbc	None	2020-03-04 00:00:00	2020-05-01 00:00:00	None	HK TO-S-2020-0331 Malicious Email Activity | unblocked: TO-S-2020-0331.01 Lift block to correct error on range from TO-S-2020-0331
103.79.52.101	24	GM	None	2020-06-23 00:00:00	2020-08-23 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=101,CN)
103.79.52.39	32	FT	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03784 (IP=39,CN)
103.79.52.96	32	RB	None	2020-06-22 00:00:00	2020-09-20 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03252 (IP=96,CN)
103.79.53.151	24	DT	None	2020-06-14 00:00:00	2020-09-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=151,CN)
103.79.53.179	32	CR	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02934 (IP=179,CN)
103.8.12.100	24	RW	None	2020-06-05 00:00:00	2020-09-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=100,IN)
103.8.24.66	24	bob	None	2016-10-05 05:00:00	2020-05-01 00:00:00	None	MY TO-S-2016-1185 IP associated with malicious Botnet activity | updated by jky with reason TO-S-2017-0381 GRIZZLY STEPPE ind | updated by dbc with reason MY TO-S-2019-0634 Malware Activity
103.8.49.92	24	GM	None	2020-03-11 00:00:00	2020-06-11 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=92,JP)
103.80.117.214	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=214,IN)
103.80.237.162	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	ID TO-S-2019-0409 Malicious Email Activity
103.80.24.69	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=69,)
103.80.27.108	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_6 hr web attacks (IP=108,CN)
103.80.36.34	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=34,MM)
103.80.49.140	24	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=140,TH)
103.80.55.23	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=23,IN)
103.81.156.56	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password - Failed Logons (IP=56,IN)
103.81.171.56	24	GM	None	2020-08-12 00:00:00	2020-11-12 00:00:00	None	SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt - Sourcefire (IP=56,CN)
103.81.87.0	24	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	VN TO-S-2019-0631 Malware Activity
103.82.140.250	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web attacks (IP=50,HK)
103.82.141.197	32	RW	None	2020-07-31 00:00:00	2020-10-29 00:00:00	None	FTKNOX_HRC_IPS Signature: BOT: China Chopper Webshell Traffic Detected - TT# 20C03594 (IP=197,KR)
103.82.169.122	24	RR	None	2020-08-13 00:00:00	2020-11-11 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=122,HK)
103.82.198.153	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=153,VN)
103.82.198.69	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=69,VN)
103.82.198.76	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=76,VN)
103.82.235.10	24	KF	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=10,)
103.82.235.10	32	RW	None	2019-08-15 00:00:00	2020-01-18 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 19C02808 (IP=10,US) | updated by KF Block was inactive. Reactivated on 20191020 with reason Generic ArcSight scan attempt (IP=10,US)
103.82.55.191	24	KF	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=191,CN)
103.82.72.233	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=233,IN)
103.83.18.0	23	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AF TO-S-2020-0109.01 Malicious Email Activity
103.83.192.0	22	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	IN TO-S-2019-0658 Malware Activity
103.83.212.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
103.83.5.41	32	GM	None	2020-03-05 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent/TTP: Masscan Scanner Traffic Detected - TT# 20C01987 (IP=41,US)
103.84.108.234	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=234,CN)
103.84.194.2	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Invalid user - Failed Logons (IP=2,ID)
103.84.90.219	24	KF	None	2020-03-09 00:00:00	2020-06-07 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=219,HK)
103.85.108.0	22	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	MY TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason MY TO-S-2020-0212.01 Malicious Web Application Activity
103.85.21.85	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=85,CN)
103.85.22.230	24	RR	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=230,CN)
103.85.224.0	22	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	CN TO-S-2019-0631 Malicious Email Activity
103.85.24.0	24	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	CN TO-S-2019-0430 Malicious Web Application Activity
103.85.255.40	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=40,HK)
103.85.63.253	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=253,ID)
103.85.84.114	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=114,CN)
103.85.85.103	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=103,CN)
103.86.152.218	32	RW	None	2020-09-27 00:00:00	2020-12-27 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C00997 (IP=218,ID)
103.86.176.0	24	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	IN TO-S-2019-0571 Malicious Email Activity
103.86.48.0	22	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	MY TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason MY TO-S-2020-0212.01 Malicious Web Application Activity
103.86.49.187	24	ABC	None	2019-10-15 00:00:00	2020-01-13 00:00:00	None	Command Injection Attempt (IP=187,TH)
103.86.50.0	24	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	TH TO-S-2019-0571 Malicious Email Activity
103.86.51.0	24	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	TH TO-S-2019-0800 Malicious Email Activity
103.86.66.186	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=86,HK)
103.87.152.146	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=146,ID)
103.87.169.177	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=177,IN)
103.87.25.201	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user (IP= 201 , IN )
103.87.26.190	24	GM	None	2020-07-04 00:00:00	2020-10-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=190,IN)
103.87.69.135	32	wmp	None	2020-07-29 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=135,MN) | updated by wmp Block expiration extended with reason HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=135,MN)
103.88.176.0	22	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CN TO-S-2019-0952 Malware Activity
103.88.243.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
103.88.56.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
103.89.177.140	24	CR	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=140,MM)
103.89.254.190	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=190,IN)
103.9.12.219	24	GM	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	ABC Generic ArcSight scan attempt (IP=219,IN)
103.9.156.0	24	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	VN TO-S-2019-0952 Malicious Email Activity
103.9.159.210	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	VN TO-S-2019-0640.01 Malicious Email Activity
103.9.168.225	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	AU TO-S-2019-0571 Malicious Email Activity
103.9.188.83	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	UDP: Host Sweep (IP=83,KH)
103.9.76.178	24	CR	None	2019-05-01 00:00:00	2020-09-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_CIRT Web Attacks - Prior 6 hours (IP=178,VN) | updated by dbc with reason VN TO-S-2019-0952 Malware Activity
103.90.136.68	24	GM	None	2019-10-09 00:00:00	2020-01-09 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code
103.90.203.154	32	RW	None	2020-05-09 00:00:00	2020-06-09 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02693(IP=154,US)
103.90.203.162	32	RB	None	2020-05-04 00:00:00	2020-06-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02615 (IP=162,HK)
103.90.203.197	24	CW	None	2019-10-25 00:00:00	2020-03-28 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_Web Attacks (IP=97,HK) | updated by KF with reason Immediate Inbound Network Block - TT# 20C01260 (IP=211,HK) | updated by KF with reason Immediate Inbound Network Block - TT# 20C01
103.90.220.145	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=145 VN)
103.90.227.164	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user - Failed Logon (IP=164,VN)
103.90.240.0	22	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	IN TO-S-2020-0006 Malicious Email Activity
103.90.68.158	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=158,IN)
103.91.181.25	24	RB	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	Illegal user_6 hr Failed Logons (IP=25,IN)
103.91.208.233	32	RR	None	2020-08-16 00:00:00	2020-11-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03725 (IP=233,CN)
103.91.67.56	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Immediate Inbound Network Block - TT# 20C00514 (IP=56,US)
103.91.85.198	24	CW SERVER-WEBAPP	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=98,IN)
103.91.92.17	24	RR	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=17,IN)
103.92.120.204	24	RR	None	2020-01-18 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=204,IT) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=204,IN)
103.92.24.0	22	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	VN TO-S-2019-0890.01 Malicious Email Activity
103.93.252.153	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	SG TO-S-2019-0634 Malicious Web Application Activity
103.93.252.196	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	SG TO-S-2020-0065 Malicious Web Application Activity
103.93.254.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AF TO-S-2020-0109.01 Malicious Email Activity
103.93.58.110	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=110,ID)
103.93.77.183	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	JP TO-S-2019-0634 Malicious Web Application Activity
103.93.77.196	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	JP TO-S-2019-0634 Malicious Web Application Activity
103.93.79.168	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=168,CN)
103.94.157.0	24	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	HK TO-S-2020-0065 Command and Control Exploit
103.94.180.140	24	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=140,CN)
103.94.244.41	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Authentication Failed - 6hr Logons (IP=41,PK)
103.94.76.136	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=136,HK)
103.95.199.151	32	GM	None	2020-09-30 00:00:00	2020-12-30 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C04020 (IP=151,VN)
103.95.207.6	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=6,US)
103.95.8.185	24	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=185,ID)
103.95.8.189	24	KF	None	2020-06-27 00:00:00	2020-09-25 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03294 (IP=189,ID)
103.96.148.244	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Command Injection Attempt (IP=244,HK)
103.96.149.222	24	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6 Hr Web Attack (IP=222,CN)
103.96.73.68	32	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00481 (IP=68,HK)
103.96.74.117	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=117,HK)
103.96.75.105	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=105,HK)
103.97.125.49	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=49,VM)
103.97.176.196	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	Command Injection Attempt (IP=196,HK)
103.97.210.0	23	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
103.97.3.233	24	CW	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=33,HK)
103.97.34.47	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=47,CN)
103.97.92.0	22	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	IN TO-S-2019-1036 Malicious Email Activity
103.98.112.196	24	GM	None	2020-04-13 00:00:00	2020-07-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=196,HK)
103.98.201.13	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_12 hr web attacks (IP=13,BD)
103.99.186.85	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=85,IN)
103.99.3.10	24	GM	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - Failed Logons (IP=10,VN)
104.11.42.193	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=193,US)
104.117.231.114	32	CR	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt - Sourcefire (IP=114,US)
104.123.26.21	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=21,NL)
104.124.58.153	32	RWB	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Unknown Traffic - INFORMATIONAL : CIRT : Possible Cosmic Duke APT - SourceFire (IP=153,US)
104.124.58.163	32	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	INFORMATIONAL : CIRT : Possible Cosmic Duke Dropper - sourcefire (IP=163,US)
104.124.58.232	32	BMP	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data - SourceFire (IP=232,US)
104.128.226.6	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
104.128.64.45	32	KF	None	2020-06-16 00:00:00	2020-09-13 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03178 (IP=45,US)
104.128.65.63	32	RB	None	2020-06-27 00:00:00	2020-09-25 00:00:00	None	Unauthorized Access-Probe - TT# 20C03296 (IP=63,US)
104.128.73.58	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
104.128.74.188	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
104.129.0.109	32	JKC	None	2020-06-08 00:00:00	2020-06-09 00:00:00	None	Malicious IP Hive Case 2977 TIPPER 20-0172 (ip=109, US) | Correction from TIPPER, Wrong IPs blocked
104.129.0.117	32	wmp	None	2020-08-03 00:00:00	2020-11-03 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=117,US)
104.129.24.58	32	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	SQL Injection- ARCSight Sauron (IP=58,US)
104.129.29.18	32	RR	None	2020-06-30 00:00:00	2020-09-28 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT# 20C03333 (IP=18,US)
104.129.56.190	32	DT	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=190,US)
104.131.11.150	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
104.131.111.64	32	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=64,US)
104.131.15.189	32	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=189,US)
104.131.178.223	32	RB	None	2019-01-06 06:00:00	2020-02-27 00:00:00	None	Illegal user (IP=223,US) | updated by RB with reason Invalid user_6 hr Failed Logons (IP=223,US) | 2020-02-27 | 2019-04-06
104.131.189.116	32	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=116,US)
104.131.208.175	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
104.131.213.133	32	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt (IP=133,US)
104.131.216.170	32	RW	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=170,US)
104.131.217.18	32	RB	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=18,US)
104.131.219.157	32	RB	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=157,US)
104.131.29.92	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logons (IP=92,US)
104.131.46.166	32	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=166,US)
104.131.6.118	32	RR	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire D10 (IP=118,US)
104.131.76.62	32	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	US TO-S-2019-0515 Malicious Web Application Activity
104.131.8.137	32	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=137,US)
104.131.8.15	32	wmp	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=15,US)
104.131.82.164	32	GM	None	2020-08-14 00:00:00	2020-11-14 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=164,US)
104.137.199.106	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02422 (IP=106,US)
104.137.199.43	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=43,US)
104.140.54.59	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=59,US)
104.143.83.242	32	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=242,US)
104.145.231.114	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	Unaffiliated TO-S-2019-0608 Malware Activity
104.148.105.4	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0212.01 Malicious Web Application Activity
104.148.105.4	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	US TO-S-2020-0206 Malicious Web Application Activity
104.148.109.48	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malware Activity
104.149.147.186	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Command Injection Attempt (IP=186,US)
104.149.162.141	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
104.151.22.170	24	RR	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=170,US)
104.151.7.169	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
104.152.110.210	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
104.152.168.21	24	jky	None	2016-12-21 06:00:00	2020-04-26 00:00:00	None	CA TO-S-2017-0338 Fireeye detected exploit.doc.mvx | updated by jky with reason CA TO-S-2018-0204 Web application activity |
104.152.52.0	24	GM	None	2019-02-22 00:00:00	2020-01-09 00:00:00	None	Unauthorized Access-Probe 19C01162 (IP=0,US) | updated by GM with reason INDICATOR-SCAN DNS version.bind
104.152.52.29	32	FT	None	2020-08-03 00:00:00	2020-11-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - sourcefire (IP=29,US)
104.152.52.29	32	GLM	None	2019-01-02 06:00:00	2020-11-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=29,US) | updated by FT Block was inactive. Reactivated on 20200803 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - sourcefire (IP=29,US)
104.152.52.36	32	RB	None	2018-10-20 05:00:00	2020-06-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=36,US) | updated by GM Block was inactive. Reactivated on 20200322 with reason Known Attack Tool User Agent / HTTP: Masscan Scanner Traffic Detected - TT# 20C021
104.153.30.202	32	RR	None	2020-09-19 00:00:00	2020-12-18 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=202,US)
104.154.111.41	32	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - sourcefire (IP=41,US)
104.154.184.234	32	RB	None	2020-08-01 00:00:00	2020-09-01 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT# 20C03607 (IP=234,US)
104.154.54.222	32	DT	None	2020-08-08 00:00:00	2020-11-08 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT# 20C03660 (IP=222,US)
104.154.92.15	32	RB	None	2020-08-01 00:00:00	2020-10-30 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03596 (IP=15,US)
104.155.117.126	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=126,CA)
104.155.117.126	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=126,US)
104.155.224.100	32	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Illegal User_Failed Logon (IP=0,US)
104.155.25.187	32	RB	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2/UDS-OpenVAS_RC8766 - TT# 20C02680 (IP=187,US)
104.155.27.112	32	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	INDICATOR-COMPROMISE Suspicious .ml dns query (IP=112,US)
104.155.29.241	32	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	INDICATOR-COMPROMISE Suspicious .ml dns query (IP=241,US)
104.156.233.156	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	AU TO-S-2020-0056 Malware Activity
104.156.233.219	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=219,AU)
104.156.60.23	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
104.157.97.54	24	KF	None	2020-03-07 00:00:00	2020-06-05 00:00:00	None	APP-DETECT failed FTP login attempt (1:13360:7) - SourceFire (IP=54,CA)
104.16.159.215	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=215,US)
104.16.160.215	32	wmp	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	HIVE Case #3110 COLS-NA-TIP-20-0193 (IP=215,US)
104.16.173.80	32	wmp	None	2020-07-07 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=80,US) | updated by wmp Block expiration extended with reason HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=80,US) | updated by wmp Block expiration extended with reason HIVE Case #3708 TO-S-2020-0766 (
104.16.188.173	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
104.16.188.5	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malware Activity
104.16.202.237	32	wmp	None	2020-07-17 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=237,US) | updated by wmp Block expiration extended with reason HIVE Case #3374 COLS-NA-TIP-20-0228 (IP=237,US) | updated by wmp Block expiration extended with reason HIVE Case #3430 COLS-NA-TIP-20
104.16.230.163	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	US TO-S-2019-0613 Malicious Email Activity
104.16.234.163	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
104.16.54.111	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=111, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
104.160.179.98	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=98,US)
104.161.21.109	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=109,US)
104.161.36.101	32	RB	None	2020-06-30 00:00:00	2020-09-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03345 (IP=101,US)
104.164.166.202	32	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	Immediate Inbound Network Block - TT# 20C00140 (IP=202,US)
104.167.109.131	24	djs	None	2015-06-27 05:00:00	2020-06-07 00:00:00	None	Rapid POP3 Scans (ip=131,CA) | updated by dbc with reason CA TO-S-2019-0723 Malicious Email Activity
104.167.11.100	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=100,US)
104.167.11.100	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=100,US)
104.168.137.57	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
104.168.140.138	32	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	SSH_EVENT_RESPOVERFLOW (IP=138,US) | unblocked: Lift this block. Its business impacting. Related to SOC case: INC000007645646
104.168.140.162	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
104.168.144.42	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
104.168.148.78	32	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=78,US)
104.168.151.39	32	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=39,US)
104.168.159.29	32	kmw	None	2019-01-25 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity | updated by kmw with reason CA TO-S-2019-0382 Malicious Email Activity
104.168.166.234	32	RB	None	2019-12-27 00:00:00	2020-10-13 00:00:00	None	Unauthorized Access-Probe/TCP: SYN Port Scan - TT# 20C01253 (IP=234,US) | updated by wmp Block was inactive. Reactivated on 20200713 with reason HIVE Case #3322 CTO-20-193 (IP=234,US)
104.168.174.81	32	KF	None	2020-05-01 00:00:00	2020-07-30 00:00:00	None	Known Attack Tool User Agent V2 / 20086 HTTP Muieblackcat - TT# 20C02583 (IP=81,US)
104.168.176.112	32	wmp	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3506 COLS-NA-TIP-20-0252 (IP=112,US)
104.168.194.148	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3322 CTO-20-193 (IP=148,US)
104.168.198.45	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=45,US)
104.168.211.139	32	RB	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	Unauthorized Access-Probe/TCP: SYN Port Scan - TT# 20C01254 (IP=139,US)
104.168.242.166	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
104.17.130.180	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
104.17.187.167	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
104.17.88.109	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
104.17.89.109	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
104.171.119.44	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	ID TO-S-2019-0351 Malware Activity
104.178.162.203	32	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=203,US)
104.18.216.67	32	wmp	None	2020-08-20 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=67,US) | updated by wmp Block expiration extended with reason HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=67,US)
104.18.33.16	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
104.18.34.16	24	RR	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	Infection Match - HIVE Case #1491 (IP=16,US)
104.18.35.42	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0610 Malicious Email Activity
104.18.37.116	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
104.18.38.74	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
104.18.39.57	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
104.18.42.188	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=188,US)
104.18.43.206	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
104.18.44.111	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
104.18.45.186	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
104.18.45.217	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
104.18.48.97	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	NL TO-S-2019-0382 Malicious Email Activity
104.18.50.169	32	wmp	None	2020-06-23 00:00:00	2020-09-23 00:00:00	None	HIVE Case #3072 COLS-NA-TIP-20-0190 (IP=169,US)
104.18.52.155	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
104.18.54.237	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	US TO-S-2019-0816 Malicious Email Activity
104.18.55.225	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
104.18.56.58	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
104.18.57.18	32	wmp	None	2020-08-17 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3560 COLS-NA-TIP-20-0259 (IP=18,US) | updated by wmp Block expiration extended with reason HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=18,US)
104.18.57.224	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0363.01 Malicious Email Activity
104.18.59.246	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
104.18.60.164	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
104.18.60.33	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	US TO-S-2020-0012 Malicious Email Activity
104.18.62.160	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0734.01 Malicious Email Activity
104.18.62.251	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
104.18.63.249	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=249,US)
104.19.248.34	32	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	BROWSER-OTHER multiple browsers content security policy bypass attempt - sourcefire (IP=34,US)
104.192.0.62	32	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=62,US)
104.193.172.63	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	CA TO-S-2019-0640.01 Malicious Email Activity
104.193.173.6	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	CA TO-S-2019-0852 Malicious Email Activity
104.193.173.60	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	CA TO-S-2019-0852 Malicious Email Activity
104.194.10.157	32	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	UDP: Host Sweep (IP=157,US)
104.194.10.30	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=30,US)
104.194.11.10	32	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=10,US)
104.194.11.244	32	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	UDP: Host Sweep - Automated Block Report (IP=244,US)
104.194.206.15	24	KF	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	TCP: SYN Host Sweep (IP=15,US)
104.194.218.221	32	BMP	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	8316 HTTP Cross Site Scripting (String.fromCharCode) - TT# 20C02469 (IP=221,US)
104.194.218.236	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malware Activity
104.194.8.7	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=7,US)
104.194.8.70	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=70,US)
104.194.8.73	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	UDP: Host Sweep (IP=73,US)
104.194.87.101	32	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=101,US)
104.196.49.173	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Unauthorized Scanning (IP=173,US)
104.196.8.17	32	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=104,US)
104.196.8.173	32	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=173,US)
104.197.138.79	32	KF	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	8316 HTTP Cross Site Scripting (String.fromCharCode) - TT# 20C02592 (IP=79,US)
104.197.225.170	32	GM	None	2020-09-06 00:00:00	2020-12-06 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT # 20C03851 (IP=170,US)
104.197.98.229	32	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Generic ArcSight scan attempt (IP=229,US)
104.198.178.79	32	GM	None	2020-09-05 00:00:00	2020-12-05 00:00:00	None	Known Attack Tool User Agent V2/BOT: Muieblackcat Traffic Detected I - TT # 20C03840 (IP=79,US)
104.198.20.242	32	FT	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03626 (IP=242,US)
104.198.201.20	32	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=20,US)
104.198.202.52	32	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=52,US)
104.198.66.3	32	RW	None	2020-08-01 00:00:00	2020-11-01 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat - Sourcefire (IP=3,US)
104.199.18.96	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=96,US)
104.199.204.143	32	GM	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	ABC Generic ArcSight scan attempt (IP=143,US)
104.199.33.113	32	GM	None	2020-01-08 00:00:00	2020-04-08 00:00:00	None	Illegal user - Failed Logons (IP=113,US)
104.199.62.223	32	RB	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2/20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02679 (IP=223,US)
104.199.96.47	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=47,CA)
104.20.208.21	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malicious Email Activity
104.20.42.87	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
104.200.102.25	24	KF	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	Command Injection (IP=25,BB)
104.200.110.210	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logon (IP=210,BB)
104.200.134.250	32	GM	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	TCP: SYN Host Sweep (IP=250,US)
104.200.137.62	24	RW	None	2020-05-14 00:00:00	2020-08-14 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=62,SG)
104.200.153.78	32	GM	None	2020-01-08 00:00:00	2020-02-08 00:00:00	None	Known Attack Tool User Agent/ 20451: HTTP: OpenVAS Vulnerability Scanner - 20C01383 (IP=78,US)
104.200.34.157	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
104.201.100.94	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=94,US)
104.202.85.252	32	BMP	None	2020-03-15 00:00:00	2020-06-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=252,US)
104.203.229.15	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malicious Email Activity
104.203.93.58	32	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Generic ArcSight scan attempt (IP=58,US)
104.206.145.40	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
104.206.226.158	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
104.206.96.19	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
104.207.131.93	32	RB	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03758 (IP=93,DE)
104.207.148.32	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=32,US)
104.207.246.239	32	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Misc Activity - FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - SourceFire (IP=239,US)
104.210.154.242	32	BMP	None	2020-11-04 00:00:00	2020-02-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=242,US)
104.210.219.217	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - TT# 20C02937 (IP=217,US)
104.211.3.58	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=58,US)
104.214.115.196	32	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=196,US)
104.215.189.217	24	CR	None	2020-05-25 00:00:00	2020-06-25 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=217,SG)
104.215.248.63	24	BMP	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6r Web Attacks (IP=SG,63)
104.218.51.220	32	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	US TO-S-2019-0985 Malicious Email Activity
104.218.52.164	32	DT	None	2020-04-23 00:00:00	2020-07-22 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02553 (IP=164,US)
104.218.63.119	24	GM	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=119,CA)
104.219.248.58	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0747 Malicious Email Activity
104.219.248.60	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
104.219.251.107	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
104.219.96.136	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
104.221.228.26	32	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	UDP: Host Sweep (IP=26,US)
104.222.46.104	32	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=104,US)
104.222.46.138	32	GM	None	2020-04-15 00:00:00	2020-07-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=138,US)
104.222.46.17	32	BMP	None	2020-05-01 00:00:00	2020-07-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=17,US)
104.222.46.22	32	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=22,US)
104.222.46.23	32	GM	None	2020-04-15 00:00:00	2020-07-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=23,US)
104.222.46.29	32	BMP	None	2020-05-01 00:00:00	2020-07-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=29,US)
104.222.46.67	32	BMP	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=67,US)
104.222.46.72	32	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=72,US)
104.222.46.78	32	BMP	None	2020-05-01 00:00:00	2020-07-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=78,US)
104.222.46.84	32	GM	None	2020-04-15 00:00:00	2020-07-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=84,US)
104.222.46.86	32	GM	None	2020-04-15 00:00:00	2020-07-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=86,US)
104.222.46.94	32	BMP	None	2020-05-01 00:00:00	2020-07-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=94,US)
104.223.130.2	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=2,US)
104.223.169.10	32	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	UDP: Host Sweep (IP=10,US)
104.223.170.50	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3269 COLS-NA-TIP-20-0206 (IP=50,US)
104.223.6.148	24	jkc	None	2016-06-17 05:00:00	2020-03-17 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=148,US) | updated by KF with reason HTTP: Blind SQL Injection - Timing (IP=75,US)
104.223.9.115	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=115,US)
104.223.94.122	32	BMP	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	SQL injection - 6hr Web Attacks (IP=122,US)
104.223.94.242	32	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt (IP=242,US)
104.223.95.10	32	RW	None	2020-04-16 00:00:00	2020-05-16 00:00:00	None	Self-Report / IP block request - TT# 20C02527 (IP=10,US)
104.223.95.197	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0363.01 Malware Activity
104.224.175.33	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	Unaffiliated TO-S-2019-0608 Malware Activity
104.225.220.185	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
104.227.252.2	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=2,NL)
104.227.34.234	32	KF	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_6 hr web attacks (IP=234,US) | updated by CR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt _Sourcefire (IP=234,CA)
104.233.164.171	32	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	TCP: SYN Host Sweep (IP=171,US)
104.233.226.246	32	RR	None	2019-10-18 00:00:00	2020-01-16 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=246,US)
104.233.226.62	32	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Illegal user_Failed Logon (IP=62,US)
104.233.73.34	24	RR	None	2017-11-28 06:00:00	2020-01-24 00:00:00	None	ET SCAN ZmEu Scanner User-Agent Inbound (IP=34,CA) | updated by jky with reason CA TO-S-2018-0502 Malware activity | updated
104.236.112.52	32	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Failed password_6 hr Failed Logons (IP=52 US)
104.236.142.200	32	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=200,US)
104.236.176.175	32	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=175,US)
104.236.186.248	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	Unaffiliated TO-S-2019-0640.01 Malware Activity
104.236.218.223	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Web Application Activity
104.236.22.133	32	RB	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	Failed password_6 hr Failed Logons (IP=133,US)
104.236.224.69	32	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password for invalid user - Failed Logons (IP=69,US)
104.236.226.9	32	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Invalid user - Failed Logons (IP=9,US)
104.236.226.93	32	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password for invalid user - Failed Logons (IP=93,US)
104.236.236.92	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
104.236.244.98	32	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=98,US)
104.236.245.14	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
104.236.246.93	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
104.236.25.157	32	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=157,US)
104.236.250.155	32	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=155,US)
104.236.252.162	32	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=162,US)
104.236.28.167	32	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=167,US)
104.236.37.149	24	CR	None	2018-07-23 05:00:00	2020-05-24 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=149,FR) | updated by RR Block was inactive. Reactivated on 20200224 with reason HTTP: SQL Injection - Exploit II - Web Attacks (IP=149,US)
104.236.48.227	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=227,US)
104.236.63.99	32	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=99,US)
104.236.72.187	32	RB	None	2019-01-20 00:00:00	2020-02-19 00:00:00	None	Illegal user (IP=187,US) | updated by BP Block was inactive. Reactivated on 20191119 with reason Authentication Failed - 6hr Failed Logon (IP=187,US)
104.236.78.228	32	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password - Failed Logon (IP=228,US)
104.236.80.32	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=32,US)
104.236.81.204	32	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	Illegal User - 6hr Logons (IP=204, US)
104.237.130.237	32	CR	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=237,US)
104.237.133.235	32	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=235,US)
104.237.154.148	32	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=148,US)
104.237.155.39	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=39,US)
104.237.159.50	32	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=50,US)
104.237.196.117	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=117,US)
104.237.230.214	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=214,US)
104.237.233.31	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malware Activity
104.237.234.31	32	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	UDP: Host Sweep - ARCSight Sauron (IP=31,US)
104.237.86.157	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malware Activity
104.237.86.183	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malware Activity
104.238.111.218	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
104.238.116.19	32	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=19,US)
104.238.120.30	32	BMP	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=30,US)
104.238.120.60	32	RB	None	2020-06-06 00:00:00	2020-09-04 00:00:00	None	SQL HTTP URI blind injection attempt_6 hr web attack (IP=60,US)
104.238.124.211	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
104.238.170.217	24	RR	None	2017-01-09 06:00:00	2020-03-18 00:00:00	None	ET SCAN Potential SSH Scan (IP=217,GB) | updated by dbc with reason GB TO-S-2019-0508 Malware Activity
104.238.187.204	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	GB TO-S-2020-0190 Malware Activity
104.238.187.204	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	GB TO-S-2020-0190 Malware Activity
104.238.187.204	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	GB TO-S-2020-0190 Malware Activity
104.238.187.204	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	GB TO-S-2020-0190 Malware Activity
104.238.187.204	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	GB TO-S-2020-0190 Malware Activity
104.238.187.204	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	GB TO-S-2020-0190 Malware Activity
104.238.188.153	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	GB TO-S-2020-0047 Malicious Email Activity
104.238.188.33	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	GB TO-S-2020-0065 Malicious Web Application Activity
104.238.189.0	24	jky	None	2016-12-23 06:00:00	2020-03-18 00:00:00	None	GB TO-S-2017-0352 Foreign intrusion set activity | updated by dcg with reason FR TO-S-2018-0908 associated with Malicious Web
104.238.190.244	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	FR TO-S-2020-0056 Malware Activity
104.238.191.29	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	GB TO-S-2020-0190 Malware Activity
104.238.191.29	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	GB TO-S-2020-0190 Malware Activity
104.238.191.29	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	GB TO-S-2020-0190 Malware Activity
104.238.191.29	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	GB TO-S-2020-0190 Malware Activity
104.238.191.29	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	GB TO-S-2020-0190 Malware Activity
104.238.220.49	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=49,US)
104.238.222.122	32	KF	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	UDP: Host Sweep (IP=122,US)
104.238.81.58	32	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=58,US)
104.238.93.163	32	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=163,US)
104.238.94.90	32	wmp	None	2020-09-24 00:00:00	2020-12-23 00:00:00	None	HIVE Case #3974 COLS-NA-TIP-20-0301 (IP=90,US)
104.238.97.56	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
104.24.0.105	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=105,US)
104.24.100.165	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
104.24.102.107	32	wmp	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=107,US)
104.24.102.56	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
104.24.102.65	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
104.24.103.151	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
104.24.104.115	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	US TO-S-2019-0800 Malicious Email Activity
104.24.104.171	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
104.24.105.245	32	wmp	None	2020-07-29 00:00:00	2020-10-29 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=245,US)
104.24.107.192	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	US TO-S-2019-0634 Malicious Email Activity
104.24.108.198	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=198, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
104.24.108.49	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
104.24.109.59	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
104.24.111.48	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	US TO-S-2019-0608 Malicious Email Activity
104.24.111.63	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
104.24.112.194	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malware Activity
104.24.112.221	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
104.24.113.216	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=216,US)
104.24.116.117	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
104.24.116.41	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
104.24.117.189	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malicious Email Activity
104.24.119.101	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
104.24.120.138	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malicious Email Activity
104.24.120.163	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Web Application Activity
104.24.120.56	32	alj	None	2018-11-28 06:00:00	2020-01-22 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected (1:25459:15) (ip=56,us) | updated by RWB Block was inactive. Reactivated on 20191024 with reason FILE-PDF Multiple products incomplete JP2K image geometry potent
104.24.122.56	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=56, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
104.24.123.61	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
104.24.125.139	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
104.24.125.241	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
104.24.125.97	32	wmp	None	2020-07-29 00:00:00	2020-10-29 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=97,US)
104.24.126.164	32	dbc	None	2019-03-13 00:00:00	2020-03-13 00:00:00	None	US TO-S-2019-0492 Malware Activity
104.24.127.146	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
104.24.127.164	32	dbc	None	2019-03-13 00:00:00	2020-03-13 00:00:00	None	US TO-S-2019-0492 Malware Activity
104.24.20.71	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
104.24.8.78	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
104.24.96.18	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
104.24.97.18	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
104.24.98.89	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
104.24.99.79	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
104.243.244.0	24	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	AR TO-S-2020-0187 Malicious Web Application Activity
104.243.245.179	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	MX TO-S-2019-0972 Malicious Email Activity
104.243.41.97	32	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=97,US)
104.243.43.0	24	ABC	None	2016-10-09 05:00:00	2020-04-08 00:00:00	None	Generic ArcSight scan attempt | updated by dbc with reason US TO-S-2019-0577 Malicious Email Activity
104.244.73.126	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0212.01 Malicious Web Application Activity
104.244.73.126	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	US TO-S-2020-0206 Malicious Web Application Activity
104.244.73.193	32	DT	None	2020-06-24 00:00:00	2020-07-24 00:00:00	None	Known Attack Tool User Agent V2 / UDS-WhatWeb_RC8766 - TT# 20C03278 (IP=193,LU)
104.244.73.198	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=198,US)
104.244.74.47	24	DT	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=47,LU)
104.244.74.78	24	EDBT	None	2017-09-30 05:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt (IP=78,LU) | updated by RWB with reason Attempted Denial of Service - PROTOCOL-DNS DNS query amplification attempt - Failed Logon (IP=98,LU)
104.244.74.98	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	Attempted Denial of Service - PROTOCOL-DNS DNS query amplification attempt - Failed Logon (IP=98,LU)
104.244.74.98	32	BMP	None	2020-01-13 00:00:00	2020-02-13 00:00:00	None	Unauthorized Access-Probe - TT# 20C01436 (IP=98,US)
104.244.74.98	32	CR	None	2020-01-13 00:00:00	2020-02-13 00:00:00	None	Unauthorized Access-Probe- TT# 20C01436 (IP=98,US)
104.244.75.210	24	EDBT	None	2018-02-06 06:00:00	2020-01-24 00:00:00	None	ET SCAN Potential SSH Scan (IP=210,LU) | updated by dbc with reason LU TO-S-2019-0351 Malicious Email Activity
104.244.75.253	32	RW	None	2020-03-05 00:00:00	2020-06-05 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=253,US)
104.244.76.13	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0212.01 Malicious Web Application Activity
104.244.76.13	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	US TO-S-2020-0206 Malicious Web Application Activity
104.244.76.26	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0212.01 Malicious Web Application Activity
104.244.76.26	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	US TO-S-2020-0206 Malicious Web Application Activity
104.244.76.69	32	BMP	None	2020-07-15 00:00:00	2020-10-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=69,US)
104.244.77.101	32	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	UDP: Host Sweep (IP=101,US)
104.244.77.11	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0212.01 Malicious Web Application Activity
104.244.77.11	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	US TO-S-2020-0206 Malicious Web Application Activity
104.244.77.150	32	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	UDP: Host Sweep (IP=150,US)
104.244.77.22	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02741 (IP=22,US)
104.244.78.176	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	LU TO-S-2019-0938 Malicious Email Activity
104.244.78.213	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=213,US)
104.244.78.231	24	RW	None	2020-07-19 00:00:00	2020-10-17 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=231,LU)
104.244.79.127	32	KF	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=127,US)
104.244.79.160	32	RR	None	2020-05-09 00:00:00	2020-08-07 00:00:00	None	Unauthorized Access-Probe - TT# 20C02695 (IP=160,LU)
104.245.147.82	24	EDBT	None	2017-08-05 05:00:00	2020-02-20 00:00:00	None	ET SCAN Potential SSH Scan | updated by RB with reason Authentication Failed (IP=82,CA) | 2019-04-03 | 2017-11-03 | updated by KF Block was inactive. Reactivated on 20191122 with reason Authentication Failed (IP=82,CA)
104.245.16.71	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
104.247.221.104	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
104.247.75.57	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
104.247.75.8	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
104.248.113.162	32	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Web Attacks (IP=162,US)
104.248.117.234	32	CR	None	2019-01-10 06:00:00	2020-02-01 00:00:00	None	Illegal user (IP=234,US) | updated by RB with reason Failed password_6 hr Failed Logons (IP=234,US) | 2020-02-01 | 2019-04-10
104.248.125.17	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=17,US)
104.248.129.120	24	GM	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP vBulletin decodeArguments PHP object injection attempt - Sourcefire (IP=120,DE)
104.248.134.217	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=217,DE)
104.248.135.111	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=111,US)
104.248.142.96	24	BMP	None	2020-01-28 00:00:00	2020-05-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=96,DE) | updated by RB Block expiration extended with reason OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt_Sourcefi
104.248.145.163	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=163,SG)
104.248.145.235	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	SG TO-S-2019-0546 Malicious Email Activity
104.248.151.241	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=241,SG)
104.248.159.69	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password_6 hr Failed Logons (IP=69,SG)
104.248.16.244	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=244,US)
104.248.17.204	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0212.01 Malicious Web Application Activity
104.248.17.204	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity
104.248.171.54	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	GB TO-S-2019-0926 Malicious Email Activity
104.248.174.13	32	RR	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - TT# 20C03896 (IP=13,US)
104.248.177.188	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malware Activity
104.248.181.156	32	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=156,US)
104.248.187.179	32	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logon (IP=179,US)
104.248.187.231	32	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=231,US)
104.248.202.182	32	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C00777 (IP=182,US)
104.248.204.140	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malicious Web Application Activity
104.248.205.67	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=67,NL)
104.248.215.53	32	GM	None	2020-03-05 00:00:00	2020-06-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=53,US)
104.248.220.85	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
104.248.227.130	32	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=130,US)
104.248.238.198	32	RR	None	2020-09-12 00:00:00	2020-12-11 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - Web Attacks (IP=198,US)
104.248.239.117	32	RB	None	2020-06-11 00:00:00	2020-09-11 00:00:00	None	31188 HTTP vBulletin Authentication Bypass Vulnerability - TT# 20C03133 (IP=117,US) | updated by RB Block expiration extended with reason HTTP: SQL Injection - Exploit II - 6 hr web attacks (IP=117,US)
104.248.254.60	32	RR	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=60,US)
104.248.255.89	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=89,DE)
104.248.45.167	32	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=167,US)
104.248.50.87	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
104.248.58.71	32	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=71,US)
104.248.63.231	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=231,US)
104.248.65.1	32	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=1,US)
104.248.65.180	32	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=180,US)
104.248.7.100	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=100,US)
104.248.71.34	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	US TO-S-2020-0109.01 Malicious Web Application Activity
104.248.71.69	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malicious Web Application Activity
104.248.78.23	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
104.248.90.77	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=77,NL)
104.248.93.171	24	RB	None	2020-06-04 00:00:00	2020-09-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=171,NL)
104.25.121.16	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malware Activity
104.25.125.4	32	dbc	None	2019-01-15 06:00:00	2020-01-15 06:00:00	None	US TO-S-2019-0321 Malware Activity
104.25.181.19	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
104.25.23.21	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	US TO-S-2020-0012 Malicious Email Activity
104.25.44.22	32	wmp	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	HIVE Case #3071 COLS-NA-TIP-20-0188 (IP=22,US)
104.25.85.12	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malicious Email Activity
104.250.127.57	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
104.250.187.82	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=82,PK)
104.250.97.147	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	Unaffiliated TO-S-2019-0608 Malware Activity
104.254.235.72	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
104.254.244.100	32	RR	None	2020-08-16 00:00:00	2020-11-14 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03723 (IP=100,US)
104.255.196.87	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
104.26.0.80	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malware Activity
104.26.1.53	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
104.26.1.80	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malware Activity
104.26.2.89	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	US TO-S-2020-0187 Malicious Email Activity
104.27.128.212	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
104.27.129.35	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
104.27.129.45	32	wmp	None	2020-07-29 00:00:00	2020-10-29 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=45,US)
104.27.130.142	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	Unaffiliated TO-S-2019-0409 Malicious Email Activity
104.27.130.244	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
104.27.131.20	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
104.27.132.106	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
104.27.132.13	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malware Activity
104.27.132.5	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
104.27.133.227	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
104.27.133.5	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
104.27.134.155	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malicious Email Activity
104.27.136.167	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=167,US)
104.27.136.226	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
104.27.136.7	32	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	US TO-S-2019-0985 Malicious Email Activity
104.27.138.183	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=183,US)
104.27.138.205	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
104.27.139.160	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
104.27.139.228	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	US TO-S-2019-0634 Malicious Email Activity
104.27.139.59	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
104.27.140.35	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3361 COLS-NA-TIP-20-0227 (IP=35,US)
104.27.140.40	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
104.27.140.48	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
104.27.140.93	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
104.27.141.202	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
104.27.141.40	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
104.27.142.113	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=113,US)
104.27.142.228	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malware Activity
104.27.143.243	32	wmp	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=243,US)
104.27.144.118	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
104.27.144.180	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	US TO-S-2020-0109.01 Malicious Email Activity
104.27.145.180	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
104.27.146.198	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=198,US)
104.27.146.201	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
104.27.146.87	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malware Activity
104.27.147.157	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0610 Malicious Email Activity
104.27.149.100	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
104.27.149.141	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
104.27.150.22	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
104.27.151.131	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
104.27.152.224	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
104.27.154.156	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	US TO-S-2020-0047 Malicious Email Activity
104.27.154.238	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
104.27.154.34	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
104.27.155.182	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
104.27.157.161	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=161,US)
104.27.157.221	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0382 Malicious Email Activity
104.27.158.189	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malware Activity
104.27.160.52	32	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity
104.27.162.66	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
104.27.163.152	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
104.27.167.175	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
104.27.169.14	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
104.27.169.216	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	CA TO-S-2019-0604 Malicious Email Activity
104.27.170.21	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
104.27.170.222	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
104.27.172.37	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
104.27.173.213	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
104.27.173.231	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=231, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
104.27.174.237	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
104.27.175.152	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
104.27.175.254	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
104.27.177.66	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
104.27.179.195	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
104.27.180.115	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
104.27.180.169	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
104.27.180.199	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
104.27.181.164	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
104.27.181.69	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=69,US)
104.27.182.118	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
104.27.182.141	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
104.27.183.178	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
104.27.186.239	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0781 Malicious Email Activity
104.27.187.116	32	RR	None	2019-12-10 00:00:00	2020-03-12 00:00:00	None	Malware Object Download - Case #1536 (IP=116,US)
104.27.188.18	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=18,US)
104.27.188.80	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
104.27.189.18	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=18,US)
104.27.189.87	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0734.01 Malicious Email Activity
104.27.191.238	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
104.28.0.227	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
104.28.0.234	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
104.28.0.46	32	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	US TO-S-2019-0985 Malware Activity
104.28.1.218	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malware Activity
104.28.1.45	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0781 Malicious Email Activity
104.28.1.46	32	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	US TO-S-2019-0985 Malware Activity
104.28.1.62	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0610 Malicious Email Activity
104.28.11.91	32	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity
104.28.12.168	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
104.28.12.196	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
104.28.13.100	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
104.28.14.102	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	US TO-S-2019-0608 Malicious Email Activity
104.28.14.244	32	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	US TO-S-2019-0985 Malicious Email Activity
104.28.14.28	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
104.28.15.57	32	wmp	None	2020-08-17 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3560 COLS-NA-TIP-20-0259 (IP=57,US) | updated by wmp Block expiration extended with reason HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=57,US)
104.28.15.82	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	US TO-S-2020-0187 Malicious Email Activity
104.28.18.175	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
104.28.2.165	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=165,US)
104.28.20.113	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
104.28.20.178	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malware Activity
104.28.20.86	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
104.28.21.135	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
104.28.21.15	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
104.28.21.178	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
104.28.21.64	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=64,US)
104.28.22.117	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malware Activity
104.28.24.182	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	US TO-S-2020-0187 Malicious Web Application Activity
104.28.25.132	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
104.28.26.91	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
104.28.29.28	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
104.28.3.150	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=150,US)
104.28.3.19	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	CA TO-S-2019-0626.01 Malicious Email Activity
104.28.30.102	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
104.28.30.3	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
104.28.31.56	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
104.28.4.31	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=31,US)
104.28.4.61	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malicious Email Activity
104.28.7.26	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
104.28.8.240	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
104.28.9.127	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
104.28.9.240	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
104.31.65.177	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
104.31.65.231	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
104.31.66.143	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	US TO-S-2020-0187 Malicious Email Activity
104.31.67.189	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
104.31.67.49	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malware Activity
104.31.69.211	32	dbc	None	2019-02-27 00:00:00	2020-02-27 00:00:00	None	US TO-S-2019-0444 Malware Activity
104.31.69.215	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malware Activity
104.31.70.184	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
104.31.70.96	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
104.31.71.115	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
104.31.71.217	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
104.31.74.112	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malicious Email Activity
104.31.74.118	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
104.31.74.218	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	US TO-S-2019-0800 Malicious Email Activity
104.31.74.33	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	US TO-S-2019-0409 Malicious Web Application Activity
104.31.75.152	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=152, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
104.31.75.33	32	dbc	None	2019-02-15 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0409 Malicious Web Application Activity | updated by dbc with reason US TO-S-2019-0420 Malware Activity
104.31.78.196	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
104.31.79.97	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
104.31.81.154	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=154,US)
104.31.81.172	32	wmp	None	2020-06-24 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3109 COLS-NA-TIP-20-0192 (IP=172,US) | updated by wmp Block expiration extended with reason HIVE Case #3708 TO-S-2020-0766 (IP=172,US)
104.31.81.214	32	wmp	None	2020-07-10 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3269 COLS-NA-TIP-20-0206 (IP=214,US) | updated by wmp Block expiration extended with reason HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=214,US) | updated by wmp Block expiration extended with reason HIVE Case #3708 TO-S-2020-0766 (IP=214,US)
104.31.81.233	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0747 Malicious Email Activity
104.31.81.44	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
104.31.81.87	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
104.31.82.126	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
104.31.82.193	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=193,US)
104.31.82.226	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
104.31.83.126	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
104.31.84.16	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
104.31.84.240	32	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Malicious Activity - HIVE Case (IP=240,US)
104.31.84.82	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
104.31.85.2	32	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	EXPLOIT-KIT Rig Exploit Kit redirection attempt - SourceFire (IP=2,US)
104.31.86.131	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
104.31.86.182	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
104.31.86.52	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=52,US)
104.31.88.114	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=114,US)
104.31.88.142	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
104.31.89.142	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
104.31.90.158	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malicious Email Activity
104.31.90.5	32	dbc	None	2019-12-19 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity | updated by dbc Block expiration extended with reason US TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malicious Email Activity
104.31.92.27	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malicious Email Activity
104.31.93.164	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
104.31.93.187	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=187,US)
104.31.93.251	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malware Activity
104.31.93.26	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malware Activity
104.37.0.104	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0781 Malicious Email Activity
104.37.213.98	32	RB	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C01360 (IP=98,CN)
104.37.47.7	32	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=7,US)
104.37.86.17	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
104.37.86.33	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malicious Email Activity
104.40.225.250	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	NL TO-S-2019-0640.01 Malware Activity
104.41.34.80	32	RW	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02729 (IP=80,BR)
104.41.59.91	24	KF	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=91,BR)
104.41.59.91	32	DT	None	2020-09-30 00:00:00	2020-12-30 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C04029 (IP=91,US)
104.42.137.111	32	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=111,US)
104.42.151.170	32	JC	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat - 48 Hour Block (IP=170,US)
104.42.75.240	32	DT	None	2020-09-18 00:00:00	2020-12-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=240,US)
104.43.132.174	32	KF	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02778 (IP=174,US)
104.43.168.210	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 020420-00072 (IP=210,US)
104.43.195.99	32	DT	None	2020-06-16 00:00:00	2020-07-16 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT# 20C03194 (IP=99,US)
104.43.244.104	32	RR	None	2020-06-19 00:00:00	2020-09-17 00:00:00	None	SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt - TT# 20C03232 (IP=104,US)
104.43.244.57	32	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	HTTP: HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02923 (IP=57,CN)
104.43.248.21	32	RR	None	2020-09-19 00:00:00	2020-12-19 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03934 (IP=21,US)
104.45.194.130	32	DT	None	2020-06-12 00:00:00	2020-07-12 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - Web Attacks (IP=130,US)
104.8.245.82	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=82,US)
104.91.167.36	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	US TO-S-2019-0613 Malware Activity
104.93.19.224	32	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt - SourceFire (IP=224,US)
104.96.1.47	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	GB TO-S-2019-0546 Malware Activity
105.112.181.118	24	BMP	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=118,NG)
105.112.24.53	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=53,NG)
105.112.24.53	24	RW	None	2020-01-09 00:00:00	2020-04-09 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=53,NG)
105.112.84.87	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=87,NG)
105.145.34.107	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=107 MA)
105.155.17.40	24	DT	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=40,FR)
105.155.178.12	24	KF	None	2020-03-15 00:00:00	2020-06-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=12,MA)
105.155.22.74	24	RR	None	2020-07-11 00:00:00	2020-10-09 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attack (IP=74,MA)
105.155.222.149	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=149,MA )
105.155.30.167	24	DT	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=167,MA)
105.156.245.90	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=90,MA)
105.156.29.125	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=125,MA)
105.157.16.7	24	CR	None	2018-12-12 06:00:00	2020-02-09 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (IP=7,MA) | updated by KF with reason Generic ArcSight scan attempt (IP=191,MA)
105.157.20.138	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=138,MO)
105.157.25.13	24	RB	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_6 hr web attacks (IP=13,MA)
105.157.76.12	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SQL 1 = 1 - possible sql injection attempt_12 hr web attacks (IP=12 MA)
105.159.19.242	24	BMP	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - 6r Web Attacks (IP=MA,242)
105.159.93.58	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=58,MA)
105.160.0.0	14	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	KE TO-S-2019-0420 Malware Activity
105.184.104.227	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=227,ZA)
105.184.13.218	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=218,ZA)
105.184.139.121	24	RR	None	2020-01-20 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=121,ZA) | updated by RWB with reason Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,RU)
105.184.162.235	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=35,ZA)
105.184.200.227	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=227,ZA)
105.184.217.183	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
105.184.219.60	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
105.184.35.71	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
105.184.75.206	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=206,ZF)
105.186.128.90	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=90,ZA)
105.186.162.45	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=45,ZA)
105.186.167.118	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=118,ZA)
105.186.252.33	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=33,ZA)
105.186.254.198	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=198,ZA)
105.187.200.242	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=242,ZA)
105.191.53.150	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Authentication Failed - Failed Logons (IP=150,MA)
105.191.94.227	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=227,MO)
105.199.58.107	24	GM	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=107,EG)
105.225.139.44	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=44,ZA)
105.225.147.13	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=13,ZF)
105.225.194.197	24	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr Web Attacks (IP=197,ZA)
105.225.238.249	24	KF	None	2020-01-20 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=249,ZA) | updated by KF Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=249,ZA)
105.225.57.229	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=229,ZA)
105.226.149.43	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=43,ZA)
105.226.176.242	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=242,ZF)
105.226.225.134	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	Failed password_Failed Logon (IP=34,ZA)
105.226.241.188	24	RR	None	2020-01-20 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=188,ZA) | updated by RB Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=188 ZA)
105.227.64.94	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=94,ZF)
105.228.68.236	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=236,ZA)
105.228.68.236	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=236 ZA)
105.228.68.236	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=236,ZA)
105.235.28.90	24	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Failed password - Failed Logons (IP=90,CI)
105.242.239.166	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=166,ZA)
105.246.30.30	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
105.246.55.36	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=36,ZA)
105.4.3.34	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	ZA TO-S-2019-0420 Malicious Email Activity
105.66.129.165	24	RR	None	2020-05-17 00:00:00	2020-08-16 00:00:00	None	FIREEYE Web: Infection Match - HIVE Case - 2816 (IP=165,MA) | updated by BMP Block expiration extended with reason SERVER-WEBAPP Ruby on Rails render file directory traversal attempt - SourceFire (IP=165,MA)
105.66.2.49	24	RR	None	2020-05-19 00:00:00	2020-08-17 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (1:49503:1) - SourceFire (IP=49,MA)
105.66.2.49	24	RW	None	2020-05-20 00:00:00	2020-08-18 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM - ABC Report (IP=49,MA)
105.71.150.177	24	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	FIREEYE Web: Infection Match - Hive Case 2815 (IP=177,MA)
105.73.80.91	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=91,MA)
106.110.223.253	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=253,CN)
106.110.3.172	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=172,CN)
106.110.48.211	32	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02942 (IP=211,CN)
106.110.49.14	32	CR	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02887 (IP=14,CN)
106.110.49.196	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03008 (IP=196,CN)
106.110.49.23	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02969 (IP=23,CN)
106.110.49.25	32	DT	None	2020-05-26 00:00:00	2020-08-26 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C02921 (IP=25,CN)
106.110.49.54	32	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C02947 (IP=54,CN)
106.110.9.208	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C02965 (IP=208,CN)
106.110.9.249	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02971 (IP=249,CN)
106.110.9.70	24	DT	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - SourceFire - (IP=70,CN)
106.110.90.200	24	KF	None	2020-01-07 00:00:00	2020-04-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=200,CN)
106.110.92.70	24	GM	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=70,CN)
106.111.142.115	24	RR	None	2019-05-25 00:00:00	2020-04-02 00:00:00	None	APP-DETECT failed FTP login attempt - 6 hr Failed Logons (IP=115,CN) | updated by RR with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=62,CN)
106.111.176.159	32	CR	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03464 (IP=159,CN)
106.111.176.215	32	BMP	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C02927 (IP=215,CN)
106.111.176.41	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02968 (IP=41,CN)
106.111.75.35	24	KF	None	2020-07-01 00:00:00	2020-09-29 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=35,CN)
106.12.10.194	24	RR	None	2018-12-22 06:00:00	2020-01-04 00:00:00	None	Illegal user (IP=194,CN) | updated by RB with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_12 hr web attacks (IP=203 CN) | 2020-01-04 | 2019-03-22
106.12.100.179	24	RR	None	2018-12-20 06:00:00	2020-01-16 00:00:00	None	Failed password for invalid user (IP=179,CN) | updated by RB with reason Illegal user_6 hr Failed Logons (IP=119 CN) | 2020-01-16 | 2019-03-20
106.12.102.143	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password_Faield Logon (IP=43,CN)
106.12.105.193	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password - Failed Logon (IP=193,CN)
106.12.106.239	24	RB	None	2019-05-17 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_Sorucefire (IP=239,CN) | updated by RR with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=239,CN) | updated by KF with
106.12.106.78	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=78,CN)
106.12.107.17	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Invalid user - Failed Logon (IP=17,CN)
106.12.109.89	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=89,CN)
106.12.11.233	24	RR	None	2018-08-14 05:00:00	2020-03-06 00:00:00	None	Illegal user (IP=233,CN) | updated by GM with reason Invalid user - Failed Logons (IP=160,CN)
106.12.111.2	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=2,CN)
106.12.112.49	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Web Attacks (IP=49,CN)
106.12.113.54	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=54,CN)
106.12.114.111	24	CR	None	2019-01-10 06:00:00	2020-03-03 00:00:00	None	Illegal user (IP=111,CN) | updated by RR with reason Invalid user - Failed Logons (IP=2,CN)
106.12.117.138	24	DT	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=138,CN)
106.12.119.148	24	BP	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Invalid user - 6hr Logons (IP=148,CN)
106.12.122.138	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password_6 hr Failed Logons (IP=138,CN)
106.12.128.24	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=24,CN)
106.12.129.213	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=213,CN)
106.12.13.187	24	RR	None	2018-09-22 05:00:00	2020-02-11 00:00:00	None	HTTP: test-cgi Directory Listing (IP=187,CN) | updated by GM with reason Failed password - Failed Logons (IP=247,CN)
106.12.130.109	24	RB	None	2018-12-12 06:00:00	2020-02-02 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=109,CN) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=235,CN)
106.12.131.50	24	RR	None	2019-02-01 00:00:00	2020-01-31 00:00:00	None	Failed password for invalid user (IP=,CN) | updated by GM with reason Invalid user - Failed Logons (IP=5,CN)
106.12.134.23	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=23,CN)
106.12.137.236	24	CR	None	2019-06-24 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=236,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=17 CN) | 2020-01-04 | 2019-09-2
106.12.138.192	24	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=192 CN)
106.12.139.232	24	KF	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=232,CN)
106.12.14.107	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=107,CN)
106.12.140.138	24	RB	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=138,CN)
106.12.142.52	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=52,CN)
106.12.143.205	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=5,CN)
106.12.145.157	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=157,CN)
106.12.148.180	32	RB	None	2020-06-28 00:00:00	2020-09-26 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03305 (IP=180,CN)
106.12.148.201	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password_6 hr Failed Logons_CPC (IP=201 CN) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
106.12.15.232	24	CR	None	2019-06-10 00:00:00	2020-02-02 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=232,CN) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=230,CN) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=230,CN)
106.12.152.38	32	RR	None	2020-06-30 00:00:00	2020-09-28 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03335 (IP=38,CN)
106.12.152.38	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SQL Injection (IP=38,CN)
106.12.156.220	24	RR	None	2018-12-20 06:00:00	2020-01-06 00:00:00	None	Failed password for invalid user (IP=220,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=233,CN)
106.12.159.235	24	KF	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Failed password_6 Hr Failed Logons (IP=235,CN) | updated by RW with reason Authentication Failed - 6hr Failed Logon(IP=235,CN)
106.12.160.31	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	HTTP: SQL Injection Attempt Detected - WebAttacks (IP=31,CN)
106.12.161.231	24	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	TCP: SYN Host Sweep (IP=231,CN)
106.12.17.105	24	GM	None	2019-05-26 00:00:00	2020-01-09 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=105,CN) | updated by GM with reason INDICATOR-SCAN PHP backdoor scan
106.12.176.3	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Failed password - Failed logons (IP=3,CN)
106.12.177.51	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	Invalid user - Failed Logons (IP=51,CN)
106.12.178.82	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password - Failed Logons (IP=82,CN)
106.12.179.165	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=165,CN)
106.12.18.252	24	GLM	None	2018-10-20 05:00:00	2020-03-07 00:00:00	None	Illegal user (IP=252,CN) | updated by GM with reason Invalid user - Failed Logons (IP=225,CN)
106.12.181.34	24	RR	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Failed password - Failed Logons (IP=34,)
106.12.183.164	32	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability(CVE-2019-16759) - TT# 20C03037 (IP=164,CN)
106.12.185.58	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=58,CN)
106.12.186.74	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=74,CN)
106.12.187.27	32	DT	None	2020-06-17 00:00:00	2020-09-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03209 (IP=27,CN)
106.12.19.185	24	CR	None	2018-09-24 05:00:00	2020-02-04 00:00:00	None	FIREEYE Web: Malware Callback Detected (IP=185,CN) | updated by RR with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=103,CN)
106.12.192.248	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=248,CN)
106.12.193.39	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=39,CN)
106.12.193.57	24	KF	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03362 (IP=57,CN)
106.12.194.165	24	BMP	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=165,CN)
106.12.197.85	24	RB	None	2018-12-28 06:00:00	2020-01-29 00:00:00	None	Illegal user (IP=85,CN) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=248,CN) | updated by GM with reason Failed password - Failed Logons (IP=119,CN)
106.12.2.26	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	Failed password_6 hr Failed Logons (IP=26,CN)
106.12.201.74	24	alj	None	2018-11-26 06:00:00	2020-02-01 00:00:00	None	MALWARE-BACKDOOR JSP webshell | updated by RB with reason Failed password_6 hr Failed Logons (IP=101,CN) | 2020-02-01 | 2019-02-25
106.12.203.146	24	GLM	None	2018-12-20 06:00:00	2020-01-10 00:00:00	None	Illegal user (IP=146,CN) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=248,CN)
106.12.204.156	24	BMP	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=156,CN)
106.12.205.95	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=95,CN)
106.12.207.126	24	GLM	None	2018-12-20 06:00:00	2020-02-04 00:00:00	None	Illegal user (IP=126,CN) | updated by RR with reason Failed password - Failed Logons (IP=88,CN)
106.12.209.197	32	RR	None	2020-06-15 00:00:00	2020-09-13 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03176 (IP=197,CN)
106.12.209.59	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=59,CN)
106.12.21.193	24	KF	None	2018-09-26 05:00:00	2020-01-15 00:00:00	None	Illegal user (IP=193,CN) | updated by CR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=254,CN)
106.12.211.134	24	RR	None	2018-12-20 06:00:00	2020-02-01 00:00:00	None	Failed password for invalid user (IP=134,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=175,CN) | 2020-02-01 | 2019-03-20
106.12.214.12	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user (IP= 12 , CN )
106.12.214.128	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user (IP= 128 , CN )
106.12.216.170	24	RR	None	2019-01-19 00:00:00	2020-04-21 00:00:00	None	Failed password for invalid user (IP=170,CN) | updated by RWB with reason Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=,CN)
106.12.217.39	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=39,CN)
106.12.218.167	24	wmp	None	2019-01-04 06:00:00	2020-03-13 00:00:00	None	authentication bypass attempt (IP=167,CN) | updated by RB with reason HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=153,CN) | 2020-03-13 | 2019-04-04
106.12.221.86	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
106.12.24.108	24	RR	None	2018-12-22 06:00:00	2020-02-18 00:00:00	None	Illegal user (IP=108,CN) | updated by RR with reason Failed password - Failed Logons (IP=1,CN)
106.12.25.203	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=203,CN)
106.12.26.167	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password (IP=167,CN)
106.12.27.132	24	RR	None	2017-11-29 06:00:00	2020-02-27 00:00:00	None	Illegal user (IP=132,CN) | updated by RR with reason Illegal user (IP=133,CN) | updated by RB with reason Invalid user_6 hr Failed Logons (IP=46,CN) | 2020-02-27 | 2019-03-03
106.12.28.23	24	RB	None	2019-06-24 00:00:00	2020-02-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=23,CN) | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=23,CN) | 2020-02-07 | 2019-09-22
106.12.30.122	24	CR	None	2018-12-27 06:00:00	2020-01-10 00:00:00	None	Illegal user (IP=122,CN) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=221,CN)
106.12.32.227	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password (IP=227,CN)
106.12.33.50	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=50,CN)
106.12.35.126	24	RR	None	2018-12-21 06:00:00	2020-03-16 00:00:00	None	Illegal user (IP=126,CN) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=253,CN)
106.12.35.253	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	HTTP: ThinkPHP CMS GetshellVulnerability (IP=253,CN)
106.12.36.176	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Illegal user - sourcefire (IP=176,CN)
106.12.4.109	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=109,CN)
106.12.40.185	24	GM	None	2019-10-07 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=185,CN)
106.12.47.216	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password - Failed Logons (IP=216,CN)
106.12.49.244	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user (IP= 244 , CN )
106.12.5.35	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password - Failed Logons (IP=35,CN)
106.12.51.201	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_SourceFire (IP=1,CN)
106.12.55.214	24	FT	None	2020-09-26 00:00:00	2020-12-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=214,CN)
106.12.59.201	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=201,CN)
106.12.6.136	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=136,CN)
106.12.6.136	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=136,CN)
106.12.60.185	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=185,CN)
106.12.60.53	32	GM	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03484 (IP=53,CN)
106.12.68.192	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password - Failed Logons (IP=192,CN)
106.12.7.179	24	CR	None	2019-06-11 00:00:00	2020-01-27 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=179,CN) | updated by KF with reason Failed Password_6 Hr Failed Logons (IP=75,CN) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=75,CN)
106.12.74.222	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password_6 hr Failed Logons (IP=222,CN)
106.12.76.91	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password - 6hr Logon (IP=91,CN)
106.12.77.15	24	DT	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=15,CN)
106.12.78.25	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=25,CN)
106.12.79.57	24	RR	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=57,CN)
106.12.82.70	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=70,CN)
106.12.85.14	24	RR	None	2018-12-20 06:00:00	2020-01-02 00:00:00	None	Failed password for invalid user (IP=14,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=69,CN) | 2020-01-02 | 2019-03-20
106.12.86.240	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=240,CN)
106.12.88.165	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=165,CN)
106.12.89.252	24	CR	None	2018-11-20 06:00:00	2020-01-26 00:00:00	None	Hello Peppa Scan (IP=252,CN) | updated by KF with reason Failed Password_6 Hr Failed Logons (IP=171,CN)
106.12.9.107	24	RR	None	2018-10-07 05:00:00	2020-01-29 00:00:00	None	Illegal user (IP=107,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=49 CN) | 2020-01-29 | 2019-01-05
106.12.90.45	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=45,CN)
106.12.92.88	24	RR	None	2018-12-20 06:00:00	2020-01-29 00:00:00	None	Illegal user (IP=88,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=88 CN) | 2020-01-29 | 2019-03-20
106.12.93.25	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	Invalid user_Failed Logon (IP=25,CN)
106.12.94.65	24	KF	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=65,CN)
106.12.96.252	24	CR	None	2018-09-20 05:00:00	2020-01-03 00:00:00	None	Trojan.Qadars (IP=252,CN) | updated by RB with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_12 hr web attacks (IP=76,CN) | 2020-01-03 | 2018-12-19
106.12.97.114	24	CR	None	2018-12-01 06:00:00	2020-01-31 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=114,CN) | updated by GM with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=164,CN)
106.12.99.111	24	alj	None	2018-11-29 06:00:00	2020-02-26 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (1:39058:1) (ip=111,cn) | updated by RB with reason HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=30,CN) | 2020-02-26 | 2019-02-28
106.121.181.109	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=109,CN)
106.123.47.173	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=173,CN)
106.124.131.186	24	RR	None	2018-05-23 05:00:00	2020-02-24 00:00:00	None	Illegal user (IP=186,CN) | updated by RR with reason Failed password - Failed Logons (IP=70,CN)
106.124.137.108	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=108,CN)
106.124.142.64	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=64,CN)
106.124.36.120	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_failed Logon (IP=20,CN)
106.124.37.0	24	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection (IP=0,)
106.13.0.122	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=122,CN)
106.13.1.140	24	GLM	None	2018-11-28 06:00:00	2020-03-05 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=140,CN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=214,CN)
106.13.102.73	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=73,CN)
106.13.104.140	24	KF	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=140,CN)
106.13.107.106	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=106,CN)
106.13.109.19	24	RB	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	Invalid user_6 hr Failed Logons (IP=19,CN)
106.13.11.225	24	GLM	None	2019-01-09 06:00:00	2020-02-01 00:00:00	None	Illegal user (IP=225,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=127,CN) | 2020-02-01 | 2019-04-09
106.13.114.54	24	DT	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=54,CN)
106.13.115.174	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=174,CN)
106.13.117.156	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Command Injection Attempt (IP=156,CN)
106.13.119.163	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	Failed password_6 hr Failed Logons (IP=163,CN)
106.13.120.176	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logon (IP=176,CN)
106.13.123.29	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Invalid user - Failed Logon (IP=29,CN)
106.13.124.202	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Command Injection Attempt (IP=202,CN)
106.13.125.84	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logon (IP=84,CN)
106.13.127.238	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=238,CN)
106.13.128.71	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Failed password - Failed Logons (IP=71,CN)
106.13.130.66	24	RWB	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user - Failed Logon (IP=66,CN) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=66,CN)
106.13.133.37	24	CR	None	2019-06-03 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_CIRT Web Attacks - Prior 6 hours (IP=37,CN) | updated by GM with reason attempt SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=69,CN)
106.13.134.161	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Invalid user - Failed Logons (IP=161,CN)
106.13.135.215	24	RB	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=215,CN)
106.13.136.5	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr web attacks (IP=5,CN)
106.13.137.195	32	RB	None	2020-08-01 00:00:00	2020-10-30 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03595 (IP=195,CN)
106.13.137.54	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=54,CN)
106.13.138.250	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=50,CN)
106.13.14.198	24	RR	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logons (IP=198,CN)
106.13.140.110	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password (IP=110,CN)
106.13.142.247	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=247,CN)
106.13.144.78	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=78,CN)
106.13.146.194	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=194,CN)
106.13.147.110	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=110,DE)
106.13.148.97	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Illegal user - Failed Logons (IP=97,CN)
106.13.162.75	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=75,CN)
106.13.163.130	24	RB	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 hr web attacks (IP=130,CN)
106.13.164.254	24	RB	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=254 CN) | updated by RW Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=254,CN)
106.13.164.254	32	BMP	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02826 (IP=205,CN)
106.13.167.123	32	RR	None	2020-06-15 00:00:00	2020-09-13 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03175 (IP=123,CN)
106.13.168.150	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=150,CN)
106.13.173.141	24	RB	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password_6 hr Failed Logons (IP=141,CN)
106.13.176.254	24	RR	None	2020-01-20 00:00:00	2020-04-21 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=254,CN) | updated by RB Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=254 CN)
106.13.180.120	32	CR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03040 (IP=120,CN)
106.13.186.127	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password - Failed Logons (IP=127,CN)
106.13.187.21	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=21,CN)
106.13.188.158	24	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=159,CN)
106.13.19.92	24	DT	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=92,CN)
106.13.190.144	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Failed password - Failed Logons (IP=144,CN)
106.13.199.113	24	RR	None	2020-08-11 00:00:00	2020-11-09 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=113,CN)
106.13.20.170	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password_6 hr Failed Logons (IP=170,CN)
106.13.201.84	24	RB	None	2019-10-18 00:00:00	2020-01-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=84 CN)
106.13.202.114	24	20200120	None	None	2020-01-20 00:00:00	None	Illegal user - Fail Logins (IP=114,CN) | updated by 20200120 Block was inactive. Reactivated on RWB with reason Illegal user - Fail Logins (IP=114,CN) | updated by RWB Block was inactive. Reactivated on 20191022 with reason Illegal user - Fail Login
106.13.204.251	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password_6 Hr Failed Logons (IP=251,CN)
106.13.210.18	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=18,CN)
106.13.216.108	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_12 hr Web attacks (IP=108,CN)
106.13.217.92	24	GM	None	2020-03-13 00:00:00	2020-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=92,CN)
106.13.219.171	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	Failed password_6 hr Failed Logons (IP=171,CN)
106.13.220.170	24	RR	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=170,CN)
106.13.222.115	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Failed password for invalid user - Failed Logon (IP=115,CN)
106.13.223.195	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=195,CN)
106.13.228.253	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Attempted User Privilege Gain - SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=253,CN)
106.13.230.79	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=79,CN)
106.13.231.171	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=171,CN)
106.13.232.17	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Web Attacks(IP=17,CN)
106.13.234.197	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=197,CN)
106.13.236.136	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=136,CN)
106.13.239.128	24	RB	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Failed password_6 hr Failed Logons (IP=128,CN)
106.13.24.47	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=47,CN)
106.13.26.40	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password_6 hr Failed Logons (IP=40,CN)
106.13.28.98	24	RW	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6 hr web attacks (IP=98,CN)
106.13.29.4	24	KF	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=4,CN)
106.13.3.174	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=174,CN)
106.13.33.5	24	RR	None	2018-12-22 06:00:00	2020-01-15 00:00:00	None	Illegal user (IP=5,CN) | updated by RW with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=80,CN)
106.13.33.80	32	RR	None	2020-07-18 00:00:00	2020-10-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03499 (IP=80,CN)
106.13.33.80	32	KF	None	2020-05-29 00:00:00	2020-08-27 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C02994 (IP=80,CN)
106.13.34.50	24	RR	None	2018-12-13 06:00:00	2020-01-31 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=50,CN) | updated by GM with reason Invalid user - Failed Logons (IP=212,CN)
106.13.35.234	24	RR	None	2020-07-18 00:00:00	2020-10-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=234,CN)
106.13.36.103	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Failed password - 6hr Logon (IP=103,CN)
106.13.36.103	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Failed password - 6hr Logon (IP=103,CN)
106.13.37.7	24	wmp	None	2018-12-12 06:00:00	2020-01-26 00:00:00	None	authentication bypass vulnerability (IP=7,CN) | updated by GM with reason Illegal user - Failed Logons (IP=61,CN)
106.13.39.154	24	RR	None	2019-01-04 06:00:00	2020-01-03 00:00:00	None	Illegal user (IP=154,CN) | updated by RW with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 hr web attacks (IP=23,CN)
106.13.4.150	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=150,CN)
106.13.4.221	32	GM	None	2020-06-23 00:00:00	2020-08-23 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03261 (IP=221,CN)
106.13.42.52	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Invalid user_6 hr Failed Logons (IP=52,CN)
106.13.44.137	24	RR	None	2019-02-28 00:00:00	2020-01-07 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=137,CN) | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_6 hr web attacks (IP=34,CN) | 2020-01-07 | 2019-05-29
106.13.45.22	24	RB	None	2019-01-11 06:00:00	2020-03-01 00:00:00	None	Illegal user (IP=22,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=240,CN) | 2020-03-01 | 2019-04-11
106.13.48.248	32	DT	None	2020-07-24 00:00:00	2020-10-24 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03550 (IP=248,CN)
106.13.49.133	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=133,CN)
106.13.5.170	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password for invalid user - sourcefire (IP=170,CN)
106.13.51.110	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=110,CN)
106.13.52.247	24	GLM	None	2019-01-17 00:00:00	2020-02-12 00:00:00	None	Illegal user (IP=247,CN) | updated by GM with reason Invalid user - Failed Logons (IP=234,CN)
106.13.53.58	24	JKC	None	2019-01-07 06:00:00	2020-03-03 00:00:00	None	WPC REGIONAL Fireeye multiple alerts MPS (IP=58, CN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=16,CN)
106.13.54.214	24	GLM	None	2019-01-18 00:00:00	2020-02-13 00:00:00	None	Illegal user (IP=214,CN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=29,CN)
106.13.54.29	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=29,CN)
106.13.58.36	24	JKC	None	2019-02-04 00:00:00	2020-01-19 00:00:00	None	PHP AK47 injection attack (IP=36, CN) | updated by KF with reason Command Injection Attempt (IP=36,CN)
106.13.59.70	24	RR	None	2019-01-04 06:00:00	2020-01-30 00:00:00	None	Illegal user (IP=70,CN) | updated by RR with reason Failed password - Failed Logons (IP=16,)
106.13.6.61	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr web attacks (IP=61,CN)
106.13.62.247	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=247,CN)
106.13.65.210	24	RWB	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Failed password - Failed Logon (IP=210,CN) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=210,CN)
106.13.68.27	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=27,CN)
106.13.70.29	24	CW	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	Authentication Failed_Failed Logon (IP=29,CN)
106.13.72.190	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=190,CN)
106.13.74.93	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=93,CN)
106.13.78.76	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=76,CN)
106.13.8.213	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=213,CN)
106.13.81.18	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password for invalid user - Failed Logons (IP=18,CN)
106.13.83.26	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=26,CN)
106.13.84.25	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Invalid user - Failed Logons (IP=25,CN)
106.13.86.18	24	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=18,CN)
106.13.87.120	24	RW	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=120,CN)
106.13.88.214	32	DT	None	2020-05-04 00:00:00	2020-08-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02608 (IP=214,CN)
106.13.88.44	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=44,CN)
106.13.89.134	24	RR	None	2020-08-13 00:00:00	2020-11-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=134,CN)
106.13.9.147	24	RR	None	2019-03-02 00:00:00	2020-02-19 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=147,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=153,CN) | 2020-02-19 | 2019-05-31
106.13.96.210	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user_Failed Logon (IP=10,CN)
106.13.98.56	24	GM	None	2019-05-24 00:00:00	2020-02-06 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=56,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=148 CN) | 2020-02-06 | 2019-08-24
106.13.99.187	24	RR	None	2019-06-15 00:00:00	2020-03-08 00:00:00	None	HTTP: SQL Injection Attempt detected - 6 hr Failed Logons (IP=187,CN) | updated by GM with reason Invalid user - Failed Logons (IP=221,CN)
106.192.128.0	17	kmw	None	2019-02-04 00:00:00	2020-02-14 00:00:00	None	IN TO-S-2019-0382 Malware Activity | updated by dbc with reason IN TO-S-2019-0400 Malicious Email Activity
106.192.192.46	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	IN TO-S-2019-0382 Malicious Email Activity
106.193.99.4	24	BMP	None	2020-06-24 00:00:00	2020-09-22 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=4,IN)
106.197.12.110	24	RR	None	2020-07-09 00:00:00	2020-10-07 00:00:00	None	SERVER-WEBAPP Apache Tomcat FileStore directory traversal attempt - Web Attack (IP=110,IN)
106.2.16.14	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=14,CN)
106.200.249.47	24	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	Authentication Failed - Failed Logons (IP=47,IN)
106.201.16.181	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=181,IN)
106.203.157.38	24	RW	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=38,IN)
106.206.4.70	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	APP-DETECTfailed FTP login attempt - Failed Logon (IP=70,IN)
106.207.120.0	24	kmw	None	2019-02-04 00:00:00	2020-02-14 00:00:00	None	IN TO-S-2019-0382 Malware Activity | updated by dbc with reason IN TO-S-2019-0400 Malicious Email Activity
106.207.120.34	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	IN TO-S-2019-0382 Malicious Email Activity
106.212.148.191	24	RR	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=191,IN)
106.225.162.51	24	DT	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=51,CN)
106.225.211.193	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Failed password for invalid user - Failed Logon (IP=193,CN)
106.225.222.99	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=99,no ISC data)
106.241.16.105	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=105,KR)
106.245.160.140	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=140,KR)
106.246.250.202	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Invalid user - Failed Logon (IP=202,KR)
106.248.228.114	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Illegal user - Failed Logons (IP=114,KR)
106.248.41.245	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Failed password -Failed Logons (IP=245,KR)
106.249.25.61	24	DT	None	2020-06-16 00:00:00	2020-09-16 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - Sourcefire (IP=61,KR)
106.250.53.37	24	RR	None	2019-04-29 00:00:00	2020-01-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=37,KR) | updated by ABC with reason Command Injection Attempt (IP=37,KR)
106.250.53.37	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason KR TO-S-2020-0212.01 Malicious Web Application Activity
106.250.53.40	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason KR TO-S-2020-0212.01 Malicious Web Application Activity
106.251.67.78	24	KF	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	Failed password - 6 Hr Failed Logons (IP=78,KR)
106.252.169.48	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Illegal user_Failed Logon (IP=48,KR)
106.253.177.150	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=150,KR)
106.255.84.110	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=110,KR)
106.3.135.27	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password_6 hr Failed Logons (IP=27 CN)
106.3.148.186	24	RW	None	2020-06-05 00:00:00	2020-09-07 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=186,CN) | updated by KF Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=186,C
106.3.43.155	32	RR	None	2020-07-26 00:00:00	2020-10-24 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03565 (IP=155,CN)
106.36.7.138	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) -SoureFire (IP=138,CN)
106.37.170.130	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=130,CN)
106.37.223.54	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password_6 hr Failed Logons (IP=54,CN)
106.38.0.67	24	RR	None	2020-08-23 00:00:00	2020-11-21 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=67,CN)
106.38.29.195	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_Web Attacks (IP=195,CN)
106.39.148.213	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=213,CN)
106.39.149.35	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	UDP: Host Sweep - ARCSight Sauron (IP=35,CN)
106.39.177.175	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Illegal user - 6hr Logons (IP=175,CN)
106.39.35.162	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=162,CN)
106.39.44.11	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	Illegal user - Failed Logons (IP=11,CN)
106.39.67.76	24	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=76,CN)
106.39.68.76	24	ABC	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=76,CN)
106.39.7.98	24	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	UDP: Host Sweep - Automated Block Calculations (IP=98,CN)
106.45.1.164	24	FT	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=164,CN)
106.47.30.53	24	RB	None	2018-11-25 06:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt (IP=53,CN) | updated by RR with reason Generic ArcSight scan attempt (IP=37,CN)
106.51.0.40	24	RB	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	Failed password_6 hr Failed Logons (IP=40,IN)
106.51.136.224	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Illegal user - 6hr Logons (IP=224,IN)
106.51.138.172	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password_6 hr Failed Logons (IP=172,IN)
106.51.140.121	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=121,IN)
106.51.148.49	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user - Failed Logons (IP=49,IN)
106.51.230.74	24	RR	None	2017-01-02 06:00:00	2020-02-20 00:00:00	None	ET SCAN Potential SSH Scan (IP=74,IN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=190,IN)
106.51.246.42	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=42,IN)
106.51.73.204	24	GLM	None	2018-12-16 06:00:00	2020-02-08 00:00:00	None	Illegal user (IP=204,IN) | updated by GM with reason Invalid user - Failed Logons (IP=201,IN)
106.51.78.188	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Web Attacks (IP=188,IN)
106.51.80.198	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Invalid user - Failed Logons (IP=198,IN)
106.51.98.159	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=159,IN)
106.52.100.85	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Failed password - Failed Logons (IP=85,CN)
106.52.106.61	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=61,CN)
106.52.107.81	32	RW	None	2020-02-03 00:00:00	2020-03-03 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01587 (IP=81,CN)
106.52.11.52	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=52,CN)
106.52.116.101	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=101,CN)
106.52.120.180	24	KF	None	2020-06-27 00:00:00	2020-09-25 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=180,CN)
106.52.128.121	24	RB	None	2020-04-30 00:00:00	2020-07-29 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_Sourcefire (IP= 121,CN)
106.52.13.126	24	KF	None	2020-01-14 00:00:00	2020-10-18 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=126,CN) | updated by RR Block was inactive. Reactivated on 20200720 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4)
106.52.135.166	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=166,XX)
106.52.138.149	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=149,XX)
106.52.162.153	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=153,CN)
106.52.165.194	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=194,CN)
106.52.170.228	24	DT	None	2020-08-15 00:00:00	2020-11-13 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=228,CN)
106.52.172.146	24	KF	None	2020-06-10 00:00:00	2020-09-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=146,CN)
106.52.174.139	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user - Failed Logons (IP=139,CN)
106.52.174.51	24	KF	None	2020-06-27 00:00:00	2020-09-25 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03298 (IP=51,CN)
106.52.177.60	24	KF	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=60,CN)
106.52.179.234	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=234,CN)
106.52.18.180	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=180,CN)
106.52.192.28	24	GM	None	2019-06-20 00:00:00	2020-01-09 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=28,CN) | updated by GM with reason SERVER-WEBAPP Joomla
106.52.194.72	24	BP	None	2019-11-20 00:00:00	2020-02-20 00:00:00	None	Authentication Failed (IP=72,CN)
106.52.195.183	24	GM	None	2019-10-07 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=183,CN)
106.52.198.174	32	GM	None	2020-09-22 00:00:00	2020-12-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=174,CN)
106.52.198.174	24	DT	None	2020-09-23 00:00:00	2020-12-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=174,CN)
106.52.2.165	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=165,CN)
106.52.204.187	24	RR	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=187,CN)
106.52.209.124	24	RB	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=124,CN)
106.52.217.2	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=2,CN)
106.52.219.88	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=88,CN)
106.52.231.91	24	ABC	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	Generic ArcSight scan attempt (IP=91,CN)
106.52.234.191	24	KF	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Failed password_6 Hr Failed Logons (IP=191,CN) | updated by RW with reason Authentication Failed - 6hr Failed Logon(IP=191,CN)
106.52.235.202	24	RW	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr Web Attack (IP=202,CN)
106.52.24.215	24	RWB	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user - Failed Logon (IP=215,CN) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=215,CN)
106.52.242.107	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=107,CN)
106.52.245.31	24	CW	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	Authentication Failed_Failed Logon (IP=31,CN)
106.52.25.204	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=204,CN)
106.52.31.108	24	GM	None	2020-01-16 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=108,CN) | updated by RB Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=108 CN)
106.52.35.207	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=207,CN)
106.52.4.35	24	RR	None	2019-10-18 00:00:00	2020-01-16 00:00:00	None	Command Injection Attempt (IP=35,CN)
106.52.45.220	24	RR	None	2020-06-30 00:00:00	2020-09-28 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=220,CN)
106.52.47.170	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=170,CN)
106.52.57.120	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=120,CN)
106.52.6.248	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=248,CN)
106.52.64.130	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=130,CN)
106.52.68.193	24	RR	None	2019-06-04 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 hr Web Attacks (IP=,CN) | updated by BMP Block was inactive. Reactivated on 20191222 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution atte
106.52.68.193	32	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02702 (IP=193,CN)
106.52.73.202	24	CR	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=202,CN)
106.52.81.37	24	BMP	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=37,CN)
106.52.84.57	24	GM	None	2019-11-18 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=57,CN)
106.52.85.95	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=95,XX)
106.52.94.95	24	RR	None	2020-08-16 00:00:00	2020-11-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=95,CN)
106.52.96.44	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password (IP=44,CN)
106.53.10.29	24	CR	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attack (IP=29,CN)
106.53.108.72	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - sourcefire (IP=72,CN)
106.53.116.39	24	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=39,CN)
106.53.17.135	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=135,CN)
106.53.171.252	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Command Injection Attempt (IP=252,XX)
106.53.18.226	24	GM	None	2019-10-01 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=226,CN)
106.53.181.242	24	RW	None	2020-07-19 00:00:00	2020-10-19 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=242,CN)
106.53.235.76	24	RR	None	2020-07-25 00:00:00	2020-10-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=76,CN)
106.53.236.137	24	RW	None	2020-07-26 00:00:00	2020-10-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=137,CN)
106.53.24.60	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=60,XX)
106.53.240.171	24	GM	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=171,CN)
106.53.242.23	24	GM	None	2020-09-25 00:00:00	2020-12-25 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=23,CN)
106.53.253.229	24	FT	None	2020-11-04 00:00:00	2020-02-02 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=229,CN)
106.53.30.222	32	RB	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03702 (IP=222,CN)
106.53.40.79	24	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=79,CN)
106.53.41.112	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Attempted User Privilege Gain - SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=112,CN)
106.53.6.244	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=244,CN)
106.53.64.219	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=219,CN)
106.53.70.159	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=159,CN)
106.53.70.49	32	RB	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=49,CN)
106.53.70.49	24	RB	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=49,CN)
106.53.72.252	24	RB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=252,CN)
106.53.75.212	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password_6 hr Failed Logons (IP=212 CN)
106.53.75.245	32	RR	None	2020-07-25 00:00:00	2020-10-25 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 20C03556 (IP=245,CN)
106.53.86.242	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=242,CN)
106.53.88.247	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed logons (IP=247,CN)
106.53.92.202	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=202,CN)
106.53.96.73	24	CR	None	2019-12-27 00:00:00	2020-03-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - CIRT Web Attacks (IP=73,CN)
106.54.102.94	24	RB	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	Failed password_6 hr Failed Logons (IP=94,CN)
106.54.107.173	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=173,CN)
106.54.108.89	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=89,CN)
106.54.112.173	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password_Faield Logon (IP=73,CN)
106.54.113.227	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=227,CN)
106.54.114.213	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (IP=213,CN)
106.54.115.123	24	BP	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=123,CN)
106.54.120.44	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=44,CN)
106.54.120.49	32	RR	None	2020-05-30 00:00:00	2020-08-27 00:00:00	None	vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02998 (IP=49,CN)
106.54.121.34	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=34,CN)
106.54.124.250	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=250,CN)
106.54.126.63	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=63,CN)
106.54.131.197	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=197,CN)
106.54.132.65	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=65,CN)
106.54.137.185	24	CR	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=185,CN)
106.54.138.147	32	FT	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03659 (IP=147,CN)
106.54.138.59	24	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=59,CN)
106.54.14.174	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Command Injection Attempt (IP=174,XX)
106.54.141.8	24	RB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	Failed password_6 hr Failed Logons (IP=8,CN)
106.54.162.118	24	RR	None	2020-06-30 00:00:00	2020-09-28 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=118,CN)
106.54.163.201	24	DT	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=201,CN)
106.54.165.85	24	FT	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=235,BE)
106.54.185.132	24	DT	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=132,CN)
106.54.186.249	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=249,CN)
106.54.188.252	32	RW	None	2020-02-21 00:00:00	2020-03-21 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01791(IP=252,CN)
106.54.19.67	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password_6 hr Failed Logons (IP=67,CN)
106.54.192.228	24	GM	None	2019-10-14 00:00:00	2020-01-14 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=228,CN)
106.54.198.1	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=1,CN)
106.54.2.175	24	GM	None	2020-07-05 00:00:00	2020-10-05 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=175,CN)
106.54.201.152	24	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=152,CN)
106.54.202.66	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=66,CN)
106.54.203.121	24	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 hr Web Attacks (IP=121,CN)
106.54.209.13	24	RR	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Failed password - Failed Logons (IP=13,)
106.54.210.253	24	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=253,CN)
106.54.214.206	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=206,CN)
106.54.214.206	32	BMP	None	2020-06-13 00:00:00	2020-09-13 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03154 (IP=206,CN)
106.54.215.180	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - sourcefire (IP=180,CN)
106.54.220.178	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=178,CN)
106.54.221.108	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=108,CN)
106.54.223.169	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=169,CN)
106.54.225.51	24	RW	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 hr web attacks (IP=51,CN)
106.54.229.217	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=217,CN)
106.54.23.206	24	GM	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=206,CN)
106.54.231.157	24	RR	None	2020-02-14 00:00:00	2020-05-25 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=157,CN) | updated by KF Block expiration extended with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01824 (IP=157,CN)
106.54.240.81	24	BMP	None	2020-09-29 00:00:00	2020-12-28 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=81,CN)
106.54.247.182	24	RR	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=182,CN)
106.54.251.17	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=17,CN)
106.54.30.14	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=14,CN)
106.54.38.241	24	BMP	None	2020-03-26 00:00:00	2020-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=241,CN)
106.54.4.180	32	DT	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 20C02754 (IP=222,ES)
106.54.4.180	24	RB	None	2019-11-30 00:00:00	2020-05-13 00:00:00	None	HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=180,CN) | updated by KF Block expiration extended with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01713 (IP=180,CN)
106.54.43.154	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_6 hr web attacks (IP=154,CN)
106.54.47.111	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	TCP: SYN Host Sweep (IP=111,CN)
106.54.50.70	24	ABC	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	Generic ArcSight scan attempt (IP=70,CN)
106.54.56.45	24	DT	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=45,CN)
106.54.73.191	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=191,CN)
106.54.8.157	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=157,CN)
106.54.80.25	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=25,CN)
106.54.82.163	32	FT	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=163,CN)
106.54.97.214	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=214,CN)
106.55.11.100	24	RW	None	2020-08-14 00:00:00	2020-11-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=100,CN)
106.55.151.149	24	DT	None	2020-07-29 00:00:00	2020-10-28 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=149,CN)
106.55.161.188	24	RB	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=188,CN)
106.55.36.206	24	CR	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=206,CN)
106.55.63.234	24	RW	None	2020-09-14 00:00:00	2020-12-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=234,CN)
106.57.221.161	24	CR	None	2018-05-08 05:00:00	2020-04-10 00:00:00	None	Illegal user (IP=161,CN) | updated by BMP Block was inactive. Reactivated on 20200111 with reason Illegal user - 6hr Logons (IP=161,CN)
106.58.209.161	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	Illegal user - 6hr Logons (IP=161,CN)
106.75.10.192	32	BMP	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03453 (IP=192,CN)
106.75.10.4	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=4,CN)
106.75.109.223	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_6 hr web attacks (IP=223,CN)
106.75.120.140	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=140,CN)
106.75.122.202	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=202,CN)
106.75.123.95	32	GM	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	RAT: GhostRat Traffic Detected - TT# 20C03618 (IP=95,CN)
106.75.123.95	32	GM	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	RAT: GhostRat Traffic Detected - TT# 20C03618 (IP=95,CN)
106.75.123.95	24	RR	None	2019-05-17 00:00:00	2020-01-16 00:00:00	None	Malware Callback - FireEye Web (IP=95,CN) | updated by CR with reason Hive Case 1026/ MALWARE-CALLBACK (IP=95,CN)
106.75.128.239	24	RR	None	None	2020-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=239,CN)
106.75.129.166	24	RB	None	2019-03-31 00:00:00	2020-02-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=166,CN) | updated by RB with reason Command Injection Attempt (IP=166,CN) | 2020-02-01 | 2019-06-29 | updated by KF with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attem
106.75.132.85	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_Web attacks (IP=85,CN)
106.75.141.202	24	RB	None	2019-01-18 00:00:00	2020-02-07 00:00:00	None	Failed password for invalid user(IP=202,CN) | updated by RB with reason Failed password for invalid user_6 hr Failed Logons (IP=91,CN) | 2020-02-07 | 2019-04-18
106.75.15.142	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=142,CN)
106.75.154.226	24	CR	None	2018-08-12 05:00:00	2020-01-20 00:00:00	None	Illegal user (IP=226,CN) | updated by KF with reason HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=221,CN)
106.75.157.197	24	GM	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=197,CN)
106.75.16.194	24	EDBT	None	2017-05-21 05:00:00	2020-02-07 00:00:00	None	ET POLICY Suspicious inbound to Oracle SQL port 1521 (IP=194 CN) | updated by RB with reason MALWARE-BACKDOOR JSP webshell ba | updated by RB with reason Failed password_6 hr Failed Logons (IP=19,CN) | 2020-02-07 | 2019-03-10
106.75.168.107	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	Invalid user_Failed Logon (IP=7,CN)
106.75.169.24	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Illegal user - Failed Logons (IP=24,CN)
106.75.173.67	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password for invalid user - Failed Logons (IP=67,CN)
106.75.174.87	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=87,CN)
106.75.177.128	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=128,CN)
106.75.24.142	24	20200120	None	None	2020-01-20 00:00:00	None	Failed password - Fail Logins (IP=142,CN) | updated by 20200120 Block was inactive. Reactivated on RWB with reason Failed password - Fail Logins (IP=142,CN) | updated by RWB Block was inactive. Reactivated on 20191022 with reason Failed password - F
106.75.240.46	24	KF	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=46,CN)
106.75.244.62	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password_6 hr Failed Logons (IP=62,CN)
106.75.252.5	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=5,CN)
106.75.28.38	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=38,CN)
106.75.45.99	24	RW	None	2020-05-23 00:00:00	2020-08-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=99,CN)
106.75.47.137	24	BMP	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Illegal user - 6hr Failed Logon (IP=137,CN) | updated by GM Block expiration extended with reason Illegal user - Failed Logons (IP=137,CN)
106.75.55.50	24	RB	None	2018-12-09 06:00:00	2020-02-01 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=50,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=123,CN) | 2020-02-01 | 2019-03-09
106.75.58.66	24	RB	None	2020-03-17 00:00:00	2020-06-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability_6 hr web attacks (IP=66,CN) | updated by CR Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=66,DE)
106.75.6.229	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP= 229 , CN )
106.75.61.203	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN DNS version.bind
106.75.61.203	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=203,CN)
106.75.61.203	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=203,CN)
106.75.63.218	24	CR	None	2020-05-25 00:00:00	2020-06-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=218,CN)
106.75.7.109	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Malware-Callback - FE Web (IP=109,CN)
106.75.72.10	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=10,CN)
106.75.76.139	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP= 139 , CN )
106.75.77.74	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user - Failed Logons (IP=74,CN)
106.75.85.37	24	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=37,CN)
106.75.86.217	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=217,CN)
106.75.87.152	24	RB	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Failed password_6 hr Failed Logons (IP=152,CN)
106.75.91.43	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=43,CN)
106.75.93.253	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
106.81.217.182	24	KF	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=182,CN)
106.83.194.121	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=121,CN)
106.91.19.126	24	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=126,CN)
106.92.145.154	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=154,CN)
107.130.204.66	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=66,US)
107.140.253.187	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=187,US)
107.15.31.226	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=226,US)
107.150.96.0	21	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CN TO-S-2019-0608 Malware Activity
107.151.102.109	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malicious Web Application Activity
107.152.104.247	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malware Activity
107.155.152.14	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=14,US)
107.155.80.55	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	US TO-S-2019-0816 Malicious Email Activity
107.155.93.30	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
107.160.160.67	32	GLM	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	ABC Generic ArcSight scan attempt (IP=67,US)
107.160.240.229	32	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	UDP: Host Sweep - ARCSight Sauron (IP=229,US)
107.161.169.132	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=132,US)
107.161.178.82	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
107.161.182.74	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	US TO-S-2019-0816 Malicious Email Activity
107.161.23.204	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
107.161.80.55	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
107.167.2.81	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=81,US)
107.167.21.82	32	RW	None	2020-04-11 00:00:00	2020-05-11 00:00:00	None	Unauthorized Access-Probe - TT# 20C02500(IP=82,US)
107.167.78.14	32	ABC	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Generic ArcSight scan attempt (IP=14,US)
107.167.84.10	32	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	US TO-S-2019-0985 Application Vulnerability Exploit
107.167.87.74	32	FT SQL	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	HTTP URI blind injection attempt - SourceFire (IP=74,US)
107.170.109.82	32	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=82,US)
107.170.121.10	32	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=10,US)
107.170.199.180	32	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=180,US)
107.170.213.25	32	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	US TO-S-2019-0593 Malicious Email Activity
107.170.227.141	32	ABC	None	2018-03-28 05:00:00	2020-02-13 00:00:00	None	Generic ArcSight scan attempt (IP=141,US) | updated by RR with reason Invalid user - Failed Logons (IP=141,US)
107.170.237.63	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=63,US)
107.170.238.47	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=47,US)
107.170.244.110	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password - Failed Logons (IP=110,US)
107.170.249.6	32	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=6,US)
107.170.252.117	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malware Activity
107.170.65.115	32	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=115,US)
107.172.13.119	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
107.172.13.121	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
107.172.13.99	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
107.172.198.12	32	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	US TO-S-2019-0593 Malicious Email Activity
107.172.25.229	32	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Illegal user - 6hr Logon (IP=229,US)
107.173.104.150	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
107.173.125.119	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
107.173.140.173	32	RB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=173,US)
107.173.187.146	32	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=146,US)
107.173.222.105	32	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	HTTP: vBulletin 5.1.2 Unserialize Code Execution - TT# 20C01738 (IP=105,US)
107.173.35.208	32	RR	None	2020-05-29 00:00:00	2020-08-27 00:00:00	None	Known Attack Tool User Agent V2 / HTTP: SqlMap SQL Injection - Scanning I - TT# 20C02996 (IP=208,US)
107.173.49.208	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
107.174.14.10	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
107.174.212.197	32	dbc	None	2019-01-30 00:00:00	2020-01-30 00:00:00	None	US TO-S-2019-0370 Malicious Email Activity
107.174.217.139	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
107.174.222.236	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Web Application Activity
107.174.228.46	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
107.174.233.44	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malicious Email Activity
107.174.244.100	32	RR	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	Known Attack Tool User Agent V2 / 20086 HTTP Muieblackcat Security Scanner - TT# 20C02503 (IP=100,US)
107.174.244.114	32	RW	None	2020-04-12 00:00:00	2020-07-12 00:00:00	None	MALWARE-CNC or BOTNET HIT: MALWARE-CNC URI - known scanner tool muieblackcat (IP-114,/US)
107.175.113.156	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
107.175.128.157	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malware Activity
107.175.130.191	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	US TO-S-2019-0634 Malware Activity
107.175.189.180	32	wmp	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	McAfee NSM Report Default Credential Remote Code Execution (IP=180,US)
107.175.246.91	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	known scanner tool muieblackcat - MALWARE-CNC URI(IP=91,US)
107.175.36.137	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
107.175.36.151	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
107.175.36.158	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
107.175.89.162	32	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Unauthorized Access-Probe - TT# 20C01394 (IP=162,US)
107.178.104.10	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=10,US)
107.178.105.35	24	RR	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=35,US)
107.178.115.83	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Web Application Activity
107.179.43.130	32	CW	None	2020-01-12 00:00:00	2020-02-12 00:00:00	None	Unauthorized Access Attempt-TT# 20C01407 (IP=30,US)
107.180.0.228	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malicious Email Activity
107.180.1.254	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malicious Email Activity
107.180.10.40	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
107.180.108.10	32	RB	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=10,US)
107.180.111.23	32	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr Web Attacks (IP=23,US)
107.180.111.53	32	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=53,US)
107.180.111.54	32	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=54,US)
107.180.111.66	32	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=66,US)
107.180.116.27	32	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=27,US)
107.180.12.26	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0610 Malicious Email Activity
107.180.120.19	32	RW	None	2020-01-09 00:00:00	2020-02-09 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C01392 (IP=19,US)
107.180.120.38	32	BMP	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=38,US)
107.180.120.48	32	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	HTTP: Blind SQL Injection - Timing_6 hr web attacks (IP=48,US)
107.180.120.61	32	BMP	None	2020-06-01 00:00:00	2020-09-01 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6hr Web Attacks (IP=61,US)
107.180.121.50	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Immediate Inbound Network Block - TT# 20C00507 (IP=50,US)
107.180.122.28	32	CR	None	2019-12-04 00:00:00	2020-01-04 00:00:00	None	Self Report / SQL Injection - TT# 20C01096(IP=28,US)
107.180.122.42	32	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=42,US)
107.180.122.43	32	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SQL HTTP URI blind injection attempt - SourceFire (IP=43,US)
107.180.122.44	24	RR	None	None	2020-06-23 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=44,US)
107.180.122.51	32	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=51,US)
107.180.124.253	32	GM	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=253,US)
107.180.126.171	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malicious Email Activity
107.180.127.228	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
107.180.2.69	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
107.180.20.89	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
107.180.238.181	32	CR	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	FTCARSONMED_IPS Signature: Unauthorized Access-Probe/ UDP: Host Sweep - 20C02868 (IP=181,US)
107.180.238.90	32	CR	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02870 (IP=90,US)
107.180.24.242	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
107.180.26.70	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
107.180.26.75	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
107.180.26.78	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
107.180.26.93	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	US TO-S-2019-0926 Malicious Email Activity
107.180.27.233	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=233,US)
107.180.27.238	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	FR TO-S-2019-0610 Malicious Email Activity
107.180.4.34	32	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	US TO-S-2019-0985 Malicious Email Activity
107.180.40.143	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
107.180.40.57	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
107.180.41.126	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
107.180.41.53	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
107.180.41.84	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
107.180.43.3	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
107.180.44.156	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
107.180.46.146	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
107.180.46.155	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	US TO-S-2019-0613 Malicious Email Activity
107.180.46.158	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
107.180.46.231	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
107.180.46.234	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0734.01 Malicious Email Activity
107.180.46.243	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
107.180.47.61	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=61,US)
107.180.48.198	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
107.180.48.92	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
107.180.50.169	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
107.180.50.183	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
107.180.50.189	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	US TO-S-2020-0109.01 Malicious Email Activity
107.180.50.231	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=231, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
107.180.51.202	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
107.180.51.32	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
107.180.51.37	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
107.180.51.87	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	US TO-S-2019-0926 Malicious Email Activity
107.180.54.173	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
107.180.57.119	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
107.180.58.50	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	US TO-S-2019-0926 Malicious Email Activity
107.180.68.110	32	RR	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logons (IP=110,US)
107.181.170.128	32	RR	None	2020-09-21 00:00:00	2020-12-21 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=128,US) | updated by DT Block expiration extended with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03961 (IP=128,US)
107.181.173.9	32	BMP	None	2020-06-26 00:00:00	2020-09-24 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr Web Attacks (IP=9,US)
107.181.187.132	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Web Application Activity
107.181.189.36	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
107.181.189.43	24	BMP	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr Web Attacks (IP=43,CA)
107.182.187.88	32	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=88,US)
107.189.10.171	32	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=171,US)
107.189.10.180	32	ABC	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Generic ArcSight scan attempt (IP=180,US)
107.189.10.245	32	BMP	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=245,US)
107.189.11.150	32	GLM	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	ABC Generic ArcSight scan attempt (IP=150,US)
107.189.11.156	24	BMP	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=156,LU)
107.189.11.160	32	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=160,US)
107.189.11.50	32	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Generic ArcSight scan attempt (IP=50,US)
107.189.2.136	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	LU TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason LU TO-S-2019-0864 Malware Activity
107.189.2.161	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=161,LU)
107.189.3.218	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	LU TO-S-2019-0546 Malicious Email Activity
107.191.41.40	32	EDBT	None	2019-05-31 00:00:00	2020-06-07 00:00:00	None	IOC_ CTO19-150-HIVE-Case-334 (IP=40,US) | updated by dbc with reason US TO-S-2019-0723 Malware Activity
107.191.46.23	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	CA TO-S-2020-0088 Malicious Web Application Activity
107.191.47.20	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	FR TO-S-2020-0190 Malware Activity
107.191.50.218	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malicious Web Application Activity
107.191.62.247	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	FR TO-S-2020-0109.01 Malicious Web Application Activity
107.191.99.221	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=221,US)
107.191.99.95	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=95,US)
107.20.127.248	32	DT	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=248,US)
107.20.86.21	24	BMP	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=US,21)
107.21.114.48	24	RW	None	2020-05-31 00:00:00	2020-08-31 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=48,US)
107.21.67.100	32	RW	None	2020-06-05 00:00:00	2020-09-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=100,US)
107.23.203.75	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=75,US)
107.3.2.205	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malware Activity
107.4.144.108	32	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=108,US)
107.6.150.242	24	DT	None	2020-07-10 00:00:00	2020-10-08 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - SourceFire (IP=242,NL)
107.6.152.122	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	NL TO-S-2019-0488 Malicious Email Activity
107.6.153.154	24	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=154, NL) | updated by dbc with reason NL TO-S-2019-0626.01 Malicious Email Activity
107.80.215.164	32	alj	None	2018-11-27 06:00:00	2020-01-03 00:00:00	None	APP-DETECT failed FTP login | updated by GM with reason APP-DETECT failed FTP login attempt - Failed Logons (IP=164,US)
108.14.178.30	32	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Web Attacks(IP=30,US)
108.14.83.50	32	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=50,US)
108.160.134.30	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	JP TO-S-2019-0577 Malicious Email Activity
108.160.144.155	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
108.160.93.83	24	RB	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_Sourcefire (IP=83,CA)
108.161.135.157	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
108.161.137.23	32	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=23,US)
108.161.138.49	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
108.162.196.62	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=62,US)
108.162.207.118	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	US TO-S-2020-0187 Malicious Email Activity
108.162.4.138	32	KF	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=138,US) | updated by BMP Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=138,US)
108.163.169.202	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0212.01 Malware Activity
108.163.169.202	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	CA TO-S-2020-0206 Malware Activity
108.163.221.2	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	US TO-S-2019-0816 Malicious Email Activity
108.167.135.145	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malicious Email Activity
108.167.140.135	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
108.167.140.232	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
108.167.141.123	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
108.167.141.126	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
108.167.146.100	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
108.167.146.152	32	wmp	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HIVE Case #3374 COLS-NA-TIP-20-0228 (IP=152,US)
108.167.154.130	32	KF	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	SQL HTTP URI blind injection attempt (IP=130,US)
108.167.156.180	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
108.167.158.131	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
108.167.160.43	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
108.167.172.169	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
108.167.172.182	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0363.01 Malicious Email Activity
108.167.180.200	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malicious Email Activity
108.167.180.219	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	US TO-S-2019-0608 Malicious Email Activity
108.167.182.120	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3430 COLS-NA-TIP-20-0237 (IP=120,US)
108.167.183.58	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0734.01 Malicious Email Activity
108.167.188.132	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
108.167.188.188	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3289 COLS-NA-TIP-20-0211 (IP=188,US)
108.167.188.50	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malicious Email Activity
108.170.40.44	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
108.170.40.57	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0734.01 Malicious Email Activity
108.170.55.202	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
108.170.57.182	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malware Activity
108.170.60.156	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malicious Email Activity
108.174.158.107	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
108.174.195.25	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
108.174.56.140	32	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Illegal user - 6hr Logon (IP=140,US)
108.174.60.28	32	DT	None	2020-09-18 00:00:00	2020-12-17 00:00:00	None	SERVER-WEBAPP elFinder PHP connector arbitrary PHP file upload attempt - Sourcefire (IP=28,US)
108.175.157.12	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
108.177.111.132	32	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity
108.177.111.153	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=153,US)
108.177.111.84	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=84,US)
108.177.112.101	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=101,US)
108.177.112.153	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=153,US)
108.177.122.132	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malicious Email Activity
108.177.235.139	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malware Activity
108.178.42.114	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
108.179.193.129	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
108.179.200.33	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=33,US)
108.179.213.58	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
108.179.228.135	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=135,US)
108.179.230.28	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
108.179.232.254	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
108.179.232.68	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
108.179.234.142	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=142, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
108.179.235.109	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	DE TO-S-2019-0577 Malicious Email Activity
108.179.252.84	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
108.179.253.168	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
108.188.110.44	32	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=44,US)
108.188.199.237	32	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	Authentication Failed_Failed Logon (IP=37,US)
108.191.239.95	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=95,US)
108.24.54.235	24	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=235,BD)
108.28.124.224	32	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent - TT# 20C00041 (IP=224,US)
108.28.4.150	32	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=150,US)
108.29.136.81	32	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=81,US)
108.30.42.152	32	GM	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	Automated Block Calculations (IP=152,US) | unblocked: False Positive DrayTek and DD-WRT signature hits.
108.36.110.110	32	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=110,US)
108.41.20.112	32	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=112,US)
108.44.217.184	32	KF	None	2020-06-22 00:00:00	2020-09-20 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=184,US)
108.45.153.59	32	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=59,US)
108.51.59.206	32	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=206,US)
108.52.18.169	32	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=169,US)
108.58.41.139	32	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=139,US)
108.59.0.40	32	BMP	None	2020-06-26 00:00:00	2020-09-24 00:00:00	None	SQL use of sleep function in HTTP header - likely SQL injection attempt - SourceFire (IP=40,US) | updated by RR Block expiration extended with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=40,US)
108.59.12.100	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Web Application Activity
108.59.12.98	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	NL TO-S-2019-0351 Malicious Web Application Activity
108.59.12.99	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	NL TO-S-2019-0351 Malicious Web Application Activity
108.6.55.51	32	RW	None	2020-04-21 00:00:00	2020-07-21 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=51,US)
108.60.209.107	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=107,US)
108.60.228.18	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	BS TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason BS TO-S-2020-0212.01 Malicious Web Application Activity
108.61.123.71	24	MLJ	None	2017-01-11 06:00:00	2020-04-26 00:00:00	None	ET COMPROMISED Known Compromised or Hostile Host Traffic group 3 (IP=71,FR) | updated by dbc with reason FR TO-S-2019-0626.01
108.61.168.66	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AU TO-S-2020-0109.01 Malicious Web Application Activity
108.61.170.45	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	DE TO-S-2019-0658 Malware Activity
108.61.175.142	24	BMP	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - SourceFire (IP=142,GB)
108.61.175.142	24	RR	None	2020-03-05 00:00:00	2020-06-03 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - SourceFire (IP=142,GB)
108.61.176.155	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	FR TO-S-2020-0088 Malicious Web Application Activity
108.61.188.164	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	NL TO-S-2020-0109.01 Malicious Web Application Activity
108.61.189.174	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	NL TO-S-2019-0890.01 Malicious Email Activity
108.61.190.126	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	DE TO-S-2020-0109.01 Malicious Web Application Activity
108.61.190.76	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	DE TO-S-2020-0109.01 Malicious Web Application Activity
108.61.211.100	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	DE TO-S-2020-0047 Malicious Email Activity
108.61.211.110	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Web Application Activity
108.61.211.194	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	DE TO-S-2020-0088 Malicious Web Application Activity
108.61.221.167	24	jky	None	2016-12-27 06:00:00	2020-10-25 00:00:00	None	GB TO-S-2017-0357 Foreign CNE actors | updated by dbc with reason GB TO-S-2020-0065 Malicious Web Application Activity
108.61.221.208	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	GB TO-S-2020-0109.01 Malicious Web Application Activity
108.61.221.85	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	GB TO-S-2020-0109.01 Malicious Web Application Activity
108.61.223.27	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	JP TO-S-2019-0831 Malicious Email Activity
108.62.141.24	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malware Activity
108.62.141.9	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Web Application Activity
108.68.60.225	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02425 (IP=225,US)
109.102.158.14	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user - Failed Logons (IP=14,RO)
109.104.78.104	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	DE TO-S-2019-0816 Malicious Email Activity
109.104.79.48	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	GB TO-S-2019-1036 Malicious Email Activity
109.105.109.32	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	DE TO-S-2019-0400 Malicious Email Activity
109.106.180.80	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malicious Email Activity
109.106.180.81	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	NL TO-S-2019-0577 Malicious Email Activity
109.107.238.62	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=62,JO)
109.107.239.77	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=77,JO)
109.110.52.77	24	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - Failed Logons (IP=77,RU)
109.115.127.219	24	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	Authentication Failed - Failed Logons (IP=219,IT)
109.115.58.109	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=109,IT)
109.116.119.16	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt_Web attacks (IP=16,IT)
109.116.196.114	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malicious Web Application Activity
109.116.196.114	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity
109.116.222.186	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt_Sourcefire (IP=186 IT)
109.117.125.132	32	GM	None	2020-03-23 00:00:00	2020-06-23 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02200 (IP=132,US)
109.117.254.231	24	KF	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	Known Attack Tool User Agent - TT# 20C02174 (IP=231,IT)
109.117.53.134	24	RWB	None	2020-01-16 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=134,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=134,IT) | updated by RWB with reason Attempted Administ
109.12.217.42	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Failed password for invalid user -Failed Logons (IP=42,FR)
109.120.165.27	32	KF	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03105 (IP=27,RU)
109.121.136.19	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=19,BG)
109.121.242.168	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	BG TO-S-2019-0972 Malicious Web Application Activity
109.123.117.236	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=236,UK)
109.123.117.252	24	RW	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Generic ArcSight scan attempt (IP=252,GB)
109.123.218.182	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	CZ TO-S-2019-0610 Malicious Email Activity
109.123.223.243	24	sjl	None	2015-04-15 05:00:00	2020-02-21 00:00:00	None	ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack! (IP=243 CZ) | updated by dbc with reason CZ TO-S-2019-
109.123.64.129	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	GB TO-S-2019-0610 Malicious Email Activity
109.123.72.161	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	GB TO-S-2019-0577 Malicious Email Activity
109.123.86.55	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	GB TO-S-2019-0604 Malicious Email Activity
109.124.64.0	18	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	RU TO-S-2020-0006 Malicious Email Activity
109.125.129.242	24	RB	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=242,IR)
109.126.160.89	24	CR	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	Hive Case 1277 - Malware Callback (Trojan.Redaman (IP=89,BY
109.127.64.0	18	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	IQ TO-S-2019-0351 Malware Activity
109.128.110.142	24	GM	None	2019-11-13 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logons (IP=142,BE)
109.129.2.50	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	BE TO-S-2019-0508 Malware Activity
109.130.100.195	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=195,BE)
109.130.146.132	24	BMP	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01872 (IP=132,BE)
109.133.158.137	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=137,BE)
109.133.59.236	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Web attacks (IP=36,BE)
109.134.247.210	24	RR	None	2020-01-17 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=210,BE) | updated by RWB with reason Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,BE)
109.134.68.213	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malicious Web Application Activity
109.147.16.53	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malicious Web Application Activity
109.148.96.53	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=53,GB)
109.15.255.203	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malicious Web Application Activity
109.167.200.10	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password_6 hr Failed Logons_CPC (IP=10 RU) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
109.167.231.203	24	GED	None	2014-08-19 05:00:00	2020-01-16 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=203, RU) | updated by RW Block was inactive. Reactivated on 20191016 with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=203,RU)
109.168.105.167	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=167,IT)
109.169.86.13	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	GB TO-S-2019-1036 Malicious Email Activity
109.17.135.51	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malicious Web Application Activity
109.17.135.51	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity
109.170.1.58	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=58,RU)
109.171.78.61	24	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=61,RU)
109.173.0.0	17	jky	None	2016-12-23 06:00:00	2020-03-06 00:00:00	None	RU TO-S-2017-0352 Country block | updated by jky with reason TO-S-2017-0381 GRIZZLY STEPPE indicators from JAR 16-20296A | u | updated by RR with reason INDICATOR-SCAN SSH brute force login attempt - 6 hr Failed Logons (IP=71,RU) | updated by GM w
109.175.102.100	24	GM	None	2020-01-08 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=100,BA)
109.175.98.239	24	RB	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=239,BA)
109.18.168.169	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - Failed Logons (IP=169,FR)
109.184.88.76	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=76,RU)
109.190.153.178	32	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - 6hr Failed Logon (IP=178,FR) | updated by RW Block was inactive. Reactivated on 20191015 with reason Illegal user - 6hr Failed Logon (IP=178,FR)
109.190.43.165	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=165,FR)
109.192.150.230	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Authentication Failed - Failed Logons (IP=230,DE)
109.193.24.93	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=93,DE)
109.194.163.96	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=96,RU)
109.194.174.78	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
109.194.175.27	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=27,RU)
109.195.38.90	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=90,RU)
109.195.49.86	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Failed password for invalid user - Failed Logon (IP=,RU)
109.196.128.210	32	RW	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=210,US)
109.196.164.0	24	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	RU TO-S-2019-0864 Malicious Email Activity
109.196.172.211	24	KF	None	2020-05-24 00:00:00	2020-08-22 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=211,)
109.199.108.129	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=129, US) | updated by dbc with reason BG TO-S-2019-0626.01 Malicious Email Activity
109.199.123.185	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	BG TO-S-2019-0747 Malicious Email Activity
109.200.238.174	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt_Web Attacks (IP=74,UA)
109.200.24.62	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	GB TO-S-2019-0608 Malware Activity
109.201.140.103	32	RW	None	2020-08-25 00:00:00	2020-11-25 00:00:00	None	Unauthorized Access-Probe - TT# 20C03771 (IP=103,NL)
109.203.100.252	24	KF	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=252,GB)
109.207.113.126	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=126,UA)
109.208.22.220	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malicious Web Application Activity
109.219.50.170	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	Authentication Failed (IP=170,FR)
109.225.99.212	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malicious Web Application Activity
109.225.99.212	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity
109.226.16.251	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=251,IL)
109.227.63.3	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=3,HR)
109.228.159.19	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt - SourceFire (IP=19,SW)
109.228.165.217	24	KF	None	2020-03-09 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02087 (IP=217,SW)
109.228.47.112	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=112,DE)
109.228.58.49	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malicious Web Application Activity
109.228.61.243	24	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=109,GB)
109.228.74.16	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=16,ME)
109.232.216.69	24	CR	None	2018-02-05 06:00:00	2020-08-15 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (1:19439:9) (IP=69,TR) | updated by dbc with reason TR TO-S-2019-0890.01 Malicious Email Activity
109.232.217.173	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=173,TR)
109.232.227.6	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malware Activity
109.232.227.6	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-S-2020-0206 Malware Activity
109.232.64.71	24	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	Authentication Failed - 6hr Logons (IP=71, ES)
109.233.121.172	32	RW	None	2020-06-01 00:00:00	2020-09-01 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03021 (IP=172,IT)
109.233.123.250	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=250,IT)
109.234.163.59	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=59,FR)
109.234.166.110	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=110,FR)
109.234.38.100	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	NL TO-S-2020-0031 Malicious Email Activity
109.235.64.0	21	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	KT TO-S-2019-0546 Malicious Email Activity
109.236.81.173	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	NL TO-S-2019-0747 Malware Activity
109.236.81.210	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	NL TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason NL TO-S-2019-0864 Malware Activity
109.236.85.218	24	wla	None	2015-04-12 05:00:00	2020-04-26 00:00:00	None	TCP Port Sweep (IP=218, NL) | updated by jkc with reason ET SCAN Potential SSH Scan (IP=152, NL) | updated by jky with reaso
109.237.140.50	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	DE TO-S-2020-0065 Malicious Email Activity
109.237.209.214	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=214,NL)
109.237.218.45	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=45,NL)
109.237.91.41	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=41,UA)
109.244.38.18	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=18,CN)
109.244.96.201	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Invalid user -Failed Logons (IP=201,RU)
109.245.0.0	16	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	RS TO-S-2019-0952 Malware Activity
109.248.0.0	16	dcg	None	2018-05-24 05:00:00	2020-01-17 00:00:00	None	RU TO-S-2018-0786 Malicious web application activity | updated by RR with reason Generic ArcSight scan attempt (IP=201,RU)
109.248.200.74	24	CR	None	2020-08-29 00:00:00	2020-11-29 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=74,RU)
109.248.59.106	24	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=106,CZ)
109.251.94.3	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=3,UA)
109.253.0.0	16	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
109.29.226.186	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=186,FR)
109.48.170.29	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	Authentication Failed - 6hr Logons (IP=29,PT)
109.48.55.127	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=127,PT)
109.50.229.100	24	DT	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=100,PT)
109.6.107.150	32	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent - TT# 20C02029 (IP=150,US)
109.64.122.46	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	IL TO-S-2020-0056 Malicious Web Application Activity
109.64.71.64	24	RW	None	2020-01-16 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=64,IL) | updated by GM Block expiration extended with reason APP-DETECT failed FTP login attempt - Failed Logons (IP=64,IL)
109.66.75.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
109.67.84.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
109.68.215.0	24	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,RU)
109.69.48.49	24	GM	None	2020-08-30 00:00:00	2020-11-30 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=49,ES)
109.69.48.5	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02399 (IP=5,ES)
109.70.100.35	24	RR	None	2020-07-14 00:00:00	2020-10-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=35,AT)
109.71.214.74	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Invalid user - Failed Logon (IP=74,RU)
109.71.51.43	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=43,NL)
109.72.149.30	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=30,CA)
109.73.166.3	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	GB TO-S-2020-0047 Malicious Email Activity
109.73.237.221	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=221, US) | updated by dbc with reason BG TO-S-2019-0626.01 Malicious Email Activity
109.73.45.107	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=107,RU) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
109.74.128.0	20	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	RU TO-S-2019-0409 Malicious Email Activity
109.74.15.197	32	RW	None	2020-02-06 00:00:00	2020-03-06 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability(CVE-2019-16759) - TT# 20C01626(IP=197,SE)
109.74.197.184	32	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=184,US)
109.74.200.120	32	RW	None	2020-06-01 00:00:00	2020-09-01 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C03023 (IP=120,GB)
109.74.206.144	24	CR	None	2020-05-25 00:00:00	2020-06-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=144,GB)
109.74.7.71	24	RW	None	2020-09-18 00:00:00	2020-12-18 00:00:00	None	SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt - Sourcefire (IP=71,SE)
109.74.7.71	24	RW	None	2020-09-18 00:00:00	2020-12-18 00:00:00	None	SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt - Sourcefire (IP=71,SE)
109.8.44.239	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malicious Web Application Activity
109.86.115.208	32	RR	None	2020-06-01 00:00:00	2020-09-01 00:00:00	None	Possible SQLi attempt- TT# 20C03029 (IP=208,SG)
109.86.203.114	24	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode_Sourcefire (IP=114,UA)
109.87.102.71	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=71,UA)
109.87.115.220	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=220,UA)
109.87.140.95	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	Authentication Failed - Failed Logons (IP=95,UA)
109.88.149.35	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	DE TO-S-2019-0926 Malware Activity
109.88.151.83	24	CW	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	SERVER-WEBAPP Blueimp jQuery File
109.88.66.186	24	CW	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Invalid user_Failed Logon (IP=86,BE)
109.90.23.35	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Authentication Failed - 6hr Logons (IP=35,DE)
109.91.168.79	24	GM	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	Authentication Failed - Failed Logons (IP=79,DE)
109.92.35.23	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=23,RS)
109.95.159.1	24	RR	None	2018-12-30 06:00:00	2020-04-08 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=1,PO) | updated by dbc with reason PL TO-S-2019-0577 Malicious Email Activity
109.95.32.236	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=236,UK)
109.98.109.101	24	RR	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=101,RO)
110.10.189.64	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Failed password - Failed Logons (IP=64,KR)
110.136.171.155	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=155,ID)
110.136.88.250	24	BMP	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Authentication Failed - 6hr Logon (IP=250,ID)
110.136.99.246	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=246,ID)
110.138.149.216	24	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Illegal user (IP=216,ID)
110.141.234.220	24	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	Authentication Failed - Failed Logons (IP=220,AU)
110.144.31.118	24	RB	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Invalid user_6 hr Failed Logons (IP=118 AU)
110.144.64.144	24	RB	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=144 AU)
110.147.202.42	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=42,AU)
110.153.64.135	24	RWB	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=135,CN)
110.153.65.74	24	FT	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=74,CN)
110.153.66.208	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=208,CN)
110.153.67.238	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=238,CN)
110.153.69.195	24	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=195,CN)
110.153.70.93	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=93,CN)
110.153.71.142	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=42,CN)
110.153.72.6	24	RR	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=6,CN)
110.153.73.50	24	RB	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=50,CN)
110.153.74.164	24	RB	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=164,CN)
110.153.75.222	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=222,CN)
110.153.76.201	24	BMP	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=201,CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=201,CN)
110.153.77.122	24	RWB	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=122,CN)
110.153.78.149	24	RWB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=149,CN)
110.154.180.93	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=93,CN)
110.154.181.228	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=228,CN)
110.154.182.251	24	BMP	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=251,CN)
110.154.183.100	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP GPON Router
110.154.190.119	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=119,GB)
110.154.193.206	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=206,CN)
110.154.225.69	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=69,CN)
110.154.242.195	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=95,CN)
110.154.247.59	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=59,CN)
110.155.219.234	24	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=234,CN)
110.155.52.194	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=194,CN)
110.156.82.214	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=214,CN)
110.157.212.113	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=113,CN)
110.159.153.116	24	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Authentication Failed - Failed Logons (IP=116,MY)
110.159.18.188	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=188,MY)
110.164.139.210	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	Authentication Failed (IP=210,TH)
110.164.158.138	24	RB	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=138 TH)
110.164.180.211	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password for invalid user (IP=211,TH)
110.164.189.53	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=53,TH)
110.164.205.133	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=133,TH)
110.164.57.103	24	BMP	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	Illegal user - 6hr Logons (IP=103,TH)
110.164.58.10	32	BMP	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03964 (IP=10,TH)
110.164.91.36	24	wmp	None	2019-01-16 06:00:00	2020-01-24 00:00:00	None	authentication bypass vulnerability (IP=36,TH) | updated by GLM with reason ABC Generic ArcSight scan attempt (IP=241,TH)
110.168.146.33	24	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=33,CN)
110.168.251.170	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - Failed Logons (IP=170,TH)
110.17.183.18	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=18,CN)
110.170.148.135	24	RR	None	2019-05-30 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 hr Web Attacks (IP=135,TH) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=135,TH)
110.170.70.6	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=6,TH)
110.172.101.43	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=43,KR)
110.172.170.100	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=100,IN)
110.172.221.239	24	CR	None	2020-03-23 00:00:00	2020-06-23 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=239,CN)
110.173.58.66	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=66,HK)
110.177.180.100	24	FT	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=100,CN)
110.177.183.103	24	RR	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt (1:45073:2) - SourceFire (IP=103,CN)
110.177.80.217	24	RR	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=217,CN)
110.178.198.134	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=34,CN)
110.18.168.184	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=184,CN)
110.185.137.117	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=117,CN)
110.185.142.245	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=245,CN)
110.186.63.242	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=242,CN)
110.188.68.3	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=3,CN)
110.227.132.167	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=167,IN)
110.227.250.212	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=212,IN)
110.229.218.54	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=54,CN)
110.229.24.240	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=240,CN)
110.232.113.173	24	RW	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=173,AU)
110.243.243.39	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP=39,CN)
110.25.89.87	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=87,TW)
110.35.173.2	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=2,KR)
110.35.79.23	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=23,VN)
110.36.228.157	24	RW	None	2020-07-19 00:00:00	2020-10-19 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=157,PK)
110.38.2.11	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=11,PK)
110.4.119.117	24	GM	None	2020-09-16 00:00:00	2020-12-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=117,KR)
110.42.10.115	32	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02041 (IP=115,US)
110.42.4.3	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid user_Failed
110.42.9.121	24	RB	None	2020-06-28 00:00:00	2020-09-26 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=121,CN)
110.43.208.236	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=236,CN)
110.43.34.180	24	CR	None	2018-08-21 05:00:00	2020-01-30 00:00:00	None	Illegal user (IP=180,CN) | updated by RR with reason Failed password - Failed Logons (IP=48,)
110.43.37.200	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password - 6hr Logon (IP=200,CN)
110.43.42.43	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=43,CN)
110.43.51.236	24	RWB	None	2020-01-16 00:00:00	2020-08-24 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=236,CN) | updated by BMP Block was inactive. Reactivated on 20200526 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=236,CN)
110.43.54.236	32	BMP	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03965 (IP=236,CN)
110.44.117.232	24	GM	None	2020-09-09 00:00:00	2020-12-09 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=232,NP)
110.44.121.54	24	GM	None	2020-01-08 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=54,NP)
110.44.124.178	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=178,NP)
110.44.124.178	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=178,NP)
110.49.60.194	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	TH TO-S-2020-0212.01 Malicious Web Application Activity
110.49.60.194	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	TH TO-S-2020-0206 Malicious Web Application Activity
110.49.60.66	32	CR	None	2019-12-21 00:00:00	2020-01-21 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01199 (IP=66,US)
110.5.46.249	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Invalid user - Failed Logon (IP=249,JP)
110.5.74.42	24	RW	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt - Sourcefire (IP=42,IN)
110.52.215.86	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password (IP=86,CN)
110.72.251.22	32	DT	None	2020-09-15 00:00:00	2020-12-15 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03905 (IP=22,CN)
110.72.251.22	24	RB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_6 hr web attacks (IP=22,CN)
110.74.192.0	19	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	KH TO-S-2019-0952 Malware Activity
110.74.202.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	KH TO-S-2019-0626.01 Malware Activity
110.77.135.113	24	KF	None	2018-08-23 05:00:00	2020-02-14 00:00:00	None	Illegal user (IP=113,TH) | updated by dcg with reason TH TO-S-2018-1177 associated with malicious web activity | updated by RB with reason SQL use of sleep function with and - likely SQL injection_Sourcefire (IP=152,TH) | 2020-02-14 | 2019-09-25
110.78.164.201	24	RB	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=201,TH)
110.78.164.201	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=201,TH)
110.78.35.84	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	TH TO-S-2020-0212.01 Malicious Web Application Activity
110.78.35.84	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	TH TO-S-2020-0206 Malicious Web Application Activity
110.78.6.163	32	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00489 (IP=163,TH)
110.80.17.26	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=26,CN)
110.83.32.25	32	DT	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03532 (IP=25,CN)
110.87.13.174	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=174,CN)
110.90.94.206	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=206,CN)
110.93.207.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	PK TO-S-2020-0109.01 Malicious Email Activity
110.93.240.196	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=196,PK)
111.10.43.244	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=244,CN)
111.118.177.20	24	jkc	None	2015-08-18 05:00:00	2020-02-15 00:00:00	None	malware callback (IP=20, IN) | updated by dbc with reason IN TO-S-2019-0409 Malware Activity
111.118.188.0	24	jky	None	2016-12-21 06:00:00	2020-02-15 00:00:00	None	IN TO-S-2017-0338 Phishing emails | updated by dbc with reason IN TO-S-2019-0409 Malware Activity
111.118.212.86	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=86,IN)
111.118.215.174	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=174,IN)
111.118.215.96	24	djs	None	2014-12-31 06:00:00	2020-02-04 00:00:00	None	WEBAPP admin.php access (ip=96,IN) | updated by dbc with reason IN TO-S-2017-0089 Malware Callbacks - Malware Binary | updat
111.122.181.250	24	RB	None	2020-01-29 00:00:00	2020-05-03 00:00:00	None	Illegal user_6 hr Failed Logons (IP=250,CN) | updated by KF Block expiration extended with reason Illegal user (IP=250,CN)
111.125.136.0	21	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	IN TO-S-2019-0420 Correction to TO-S-2018-1040 Malicious Email Activity
111.125.199.85	24	CR	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	SMBv1 opord 2016-191F9 sid:1000011- Sourcefire (IP=85,IN)
111.125.66.234	24	CR	None	2019-12-04 00:00:00	2020-03-04 00:00:00	None	Failed password - 6 hr failed logon (IP=234,PH)
111.127.152.114	24	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=114,CN)
111.13.139.225	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=255,CN)
111.13.67.181	24	GM	None	2020-05-04 00:00:00	2020-08-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=181,CN)
111.14.215.186	24	RR	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	Authentication Failed - Failed Logons (IP=186,CN)
111.161.41.58	24	EDBT	None	2017-12-11 06:00:00	2020-02-19 00:00:00	None	ET SCAN Potential SSH Scan (IP=58,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=86,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=15
111.161.41.86	32	RB	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) TT# 20C036340 (IP=86,CN)
111.162.144.183	24	EDBT	None	2018-02-04 06:00:00	2020-02-05 00:00:00	None	ET POLICY Suspicious inbound to PostgreSQL port 5432 (IP=183,CN) | updated by RR with reason Generic ArcSight scan attempt (IP=237,CN)
111.163.24.46	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=46,CN)
111.163.26.238	24	KF	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=238,CN)
111.163.27.169	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=169,CN)
111.163.35.46	24	KF	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=46,CN)
111.164.172.89	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Illegal user - Failed Logons (IP=89,CN)
111.170.51.147	24	GLM	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	ABC Generic ArcSight scan attempt (IP=147,CN)
111.172.105.232	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=232,CN)
111.176.128.179	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=179,CN)
111.177.16.62	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=62,CN)
111.177.32.83	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Failed password - Failed Logons (IP=83,CN)
111.183.21.203	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=3,CN)
111.19.141.16	24	RW	None	2019-10-25 00:00:00	2020-01-25 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=16,CN)
111.19.162.80	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=80,CN)
111.19.179.154	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=154,CN)
111.193.82.115	24	CR	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	Timeout before authentication for - 6 hr Failed Logons (IP=115,CN)
111.194.21.233	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=233,CN)
111.194.81.31	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=31,CN)
111.196.244.253	24	GM	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	UDP: Host Sweep (IP=253,CN)
111.196.245.234	24	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	UDP: Host Sweep (IP=234,CN)
111.197.67.125	24	RR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=125,CN)
111.198.18.109	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	Failed password_6 hr Failed Logons (IP=109,CN)
111.198.54.177	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=177,CN)
111.199.184.71	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=71,CN)
111.199.187.97	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=97,CN)
111.199.191.154	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	UDP: Host Sweep (IP=154,CN)
111.20.55.66	24	RB	None	2019-05-19 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=66 CN) | updated by CW with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=66,CN)
111.20.56.246	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=246,CN)
111.200.242.26	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=26,CN)
111.200.52.85	24	RR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Illegal user - Failed Logons (IP=85,CN)
111.200.57.10	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	APP-DETECT failed FTP login attempt_6 Hr Failed Logons (IP=10,CN)
111.201.98.154	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=154,CN)
111.203.158.254	24	KF	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=254,CN)
111.203.196.62	24	RW	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	TCP: SYN Host Sweep (IP=62,CN)
111.205.28.196	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=196,CN)
111.205.6.222	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=222,CN) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
111.205.6.222	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=222,CN) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
111.206.250.235	24	KF	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	APP-DETECT failed FTP login attempt (1:13360:7) - SourceFire (IP=235,CN)
111.206.52.81	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=81,CN)
111.206.84.185	24	RR	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	UDP: Host Sweep - ARCSight Sauron (IP=185,CN)
111.21.223.98	24	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	UDP: Host Sweep (IP=98,CN)
111.21.99.22	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=22,CN)
111.221.45.73	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	SG TO-S-2019-0468 Malware Activity
111.223.252.93	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr web attacks (IP=93,ID)
111.224.221.49	24	EDBT	None	2018-02-06 06:00:00	2020-02-04 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=49,CN) | updated by RR with reason Generic ArcSight scan attempt (IP=139,CN)
111.225.204.32	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=32,CN)
111.225.223.45	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Invalid user - Failed Logons (IP=45,CN)
111.229.1.8	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=8,CN)
111.229.107.116	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=116,CN)
111.229.112.252	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=252 CN)
111.229.116.157	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=157,CN)
111.229.120.50	24	RR	None	2020-01-20 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=50,CN) | updated by RW Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=50,CN)
111.229.131.130	24	RB	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=130 CN)
111.229.147.125	24	RW	None	2020-03-09 00:00:00	2020-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=125,CN)
111.229.148.31	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	SQL Injection- ARCSight Sauron (IP=31,CN)
111.229.154.15	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=15,CN)
111.229.156.34	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP ThinkPHP
111.229.157.51	24	GM	None	2020-05-06 00:00:00	2020-08-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=51,CN)
111.229.163.122	24	KF	None	2020-02-02 00:00:00	2020-05-31 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01584 (IP=122,CN) | updated by KF Block expiration extended with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=122,CN)
111.229.165.93	24	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=93,CN)
111.229.167.200	24	BMP	None	2020-09-24 00:00:00	2020-12-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=200,CN)
111.229.172.74	24	RB	None	2020-07-16 00:00:00	2020-10-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr failed logon (IP=74,CN)
111.229.174.56	24	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	TCP: SYN Host Sweep (IP=56,CN)
111.229.176.152	24	BMP	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=152,CN)
111.229.177.47	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=47,XX)
111.229.178.246	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=246,CN)
111.229.179.235	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=235,CN)
111.229.180.146	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=146,XX)
111.229.184.106	24	RB	None	2020-09-21 00:00:00	2020-12-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=106,CN)
111.229.192.113	24	RR	None	None	2020-06-27 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=113,CN)
111.229.195.183	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=183,CN)
111.229.201.249	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=249,XX)
111.229.21.104	24	BMP	None	2020-11-04 00:00:00	2020-02-02 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=104,CN)
111.229.213.174	24	RB	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep_Sauron Report (IP=174,CN)
111.229.222.247	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=,CN)
111.229.231.63	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=63,CN)
111.229.232.29	24	RW	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	TCP: SYN Host Sweep (IP=29,CN)
111.229.235.10	24	RR	None	2020-06-26 00:00:00	2020-09-25 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=10,CN)
111.229.240.96	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=96,CN)
111.229.246.61	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Illegal user - 6hr Logons (IP=61,CN)
111.229.250.23	24	RR	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=23,CN)
111.229.251.171	24	KF	None	2020-05-31 00:00:00	2020-08-29 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=171,CN)
111.229.255.22	24	RR	None	2020-06-25 00:00:00	2020-09-23 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=22,CN)
111.229.28.18	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=18,CN)
111.229.37.242	24	CW	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web attacks (IP=42,CN)
111.229.38.228	24	RR	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=228,CN)
111.229.43.208	24	KF	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=208,CN)
111.229.50.144	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=144,CN)
111.229.52.198	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=198,CN)
111.229.53.250	24	RW	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=11,HK)
111.229.57.229	24	RB	None	2020-05-05 00:00:00	2020-08-03 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=229,CN)
111.229.58.199	24	RR	None	None	2020-06-28 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=199,CN)
111.229.62.151	24	KF	None	2020-06-27 00:00:00	2020-09-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=151,CN)
111.229.64.240	24	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=240,CN)
111.229.68.21	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=21,XX)
111.229.76.242	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=242,XX)
111.229.79.143	24	RB	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=143,CN)
111.229.82.13	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=13,XX)
111.229.83.52	24	BMP	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=52,CN)
111.229.88.212	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=212,CN)
111.229.94.218	24	RR	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=218,CN)
111.229.96.159	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=59,CN)
111.230.13.11	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=24,CN)
111.230.148.179	24	YM	None	2018-05-21 05:00:00	2020-02-11 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=179,CN) | updated by RR with reason Invalid user - Failed Logons (IP=82,CN)
111.230.151.11	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan
111.230.151.11	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=11,CN)
111.230.152.151	24	RB	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	Hello Peppa Scan (IP=151,CN)
111.230.174.239	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=239,CN)
111.230.182.13	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - sourcefire (IP=13,CN)
111.230.183.195	24	YM	None	2018-05-22 05:00:00	2020-02-08 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=195,CN) | updated by KF with reason Command Injection Attempt (IP=58,CN)
111.230.183.58	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01753 (IP=58,CN)
111.230.185.56	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=56,CN)
111.230.19.43	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logons (IP=43,CN)
111.230.192.23	24	CR	None	2018-08-24 05:00:00	2020-01-08 00:00:00	None	Failed password (IP=23,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=108,CN)
111.230.206.221	24	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=221,CN)
111.230.211.183	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=183,CN)
111.230.219.215	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=215,CN)
111.230.221.112	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=112,CN)
111.230.222.228	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=228,CN)
111.230.223.85	24	RB	None	2018-05-12 05:00:00	2020-03-04 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=85 CN) | updated by RR with reason Invalid user -Failed Logons (IP=94 ,CN)
111.230.226.66	24	RB	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability_6 hr web attacks (IP=66,CN)
111.230.229.137	24	RB	None	2018-05-19 05:00:00	2020-02-06 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=137,CN) | updated by RR with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=231,CN)
111.230.23.22	24	RR	None	2019-06-25 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 hr Web Attacks (IP=22,CN) | updated by KF with reason Command Injection Attempt (IP=22,CN) | updated by KF Block expiration extended with reason HTTP: SQL Injection Attem
111.230.237.170	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=170,CN)
111.230.240.223	24	RR	None	2019-01-04 06:00:00	2020-02-29 00:00:00	None	Failed password (IP=223,CN) | updated by RB with reason HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=57,CN) | 2020-02-29 | 2019-04-04
111.230.244.13	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=13,CN)
111.230.247.243	24	RB	None	2019-01-13 06:00:00	2020-01-31 00:00:00	None	Illegal user (IP=243,CN) | updated by GM with reason Invalid user - Failed Logons (IP=243,CN)
111.230.248.96	24	RR	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=96,CN)
111.230.248.96	32	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01557 (IP=96,CN)
111.230.249.181	24	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=181,CN)
111.230.252.149	24	CR	None	2018-11-29 06:00:00	2020-01-02 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=149,CN) | updated by KF Block was inactive. Reactivated on 20191004 with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=149,CN)
111.230.67.43	24	GLM	None	2018-10-04 05:00:00	2020-01-27 00:00:00	None	Illegal user (IP=43,CN) | updated by KF with reason HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=238,CN)
111.230.73.133	24	ABC	None	2018-06-19 05:00:00	2020-04-28 00:00:00	None	Generic ArcSight scan attempt (IP=133,XX) | updated by RB Block was inactive. Reactivated on 20200129 with reason Failed password_6 hr Failed Logons (IP=133,CN)
111.230.94.167	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=167,CN)
111.230.96.253	24	JKC	None	2019-02-13 00:00:00	2020-01-06 00:00:00	None	Mcafee IPS php driveby attack (IP=253, CN) | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=212,CN)
111.230.99.253	24	CR	None	2019-04-15 00:00:00	2020-01-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=253,CN) | updated by KF with reason HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=252,CN)
111.231.0.157	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=157,CN)
111.231.102.179	24	CR	None	2019-01-02 06:00:00	2020-02-02 00:00:00	None	Illegal user (IP=179,CN) | updated by KF with reason HTTP: SQL Injection Attempt Detected_Web Attacks (IP=35,CN)
111.231.103.192	24	DT	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=192,CN)
111.231.106.76	24	BMP	None	2020-01-15 00:00:00	2020-06-21 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=76,CN) | updated by GM Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web attacks (IP=76,CN) | not blocked because target does no
111.231.110.80	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=80,CN)
111.231.113.134	24	JKC	None	2019-01-10 06:00:00	2020-03-08 00:00:00	None	WPC REGIONAL Fireeye multiple alerts MPS (IP=134, CN) | updated by GM with reason Failed password - Failed Logons (IP=109,CN)
111.231.121.62	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=62,CN)
111.231.132.141	24	YM	None	2018-05-23 05:00:00	2020-02-13 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=141,CN) | updated by RR with reason Invalid user - Failed Logons (IP=94,CN)
111.231.132.94	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=94,CN)
111.231.135.220	24	GM	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=220,CN)
111.231.135.220	24	DT	None	2020-07-31 00:00:00	2020-10-31 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=220,CN)
111.231.137.12	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=12,CN)
111.231.138.136	24	RB	None	2019-01-18 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid user(IP=136,CN) | updated by CW Block was inactive. Reactivated on 20191201 with reason Failed password for invalid
111.231.142.223	24	RW	None	2020-08-01 00:00:00	2020-11-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=223,CN)
111.231.144.219	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=219,CN)
111.231.146.224	24	DT	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=224,CN)
111.231.162.81	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	HTTP: ThinkPHP CMS GetshellVulnerability (IP=81,CN)
111.231.188.68	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=68,CN)
111.231.190.181	24	RB	None	2018-06-29 05:00:00	2020-01-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=181,CN) | updated by RW with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=148,CN)
111.231.194.238	24	YM	None	2018-05-22 05:00:00	2020-01-23 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=238,CN) | updated by RR with reason INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=181,CN)
111.231.202.188	24	wmp	None	2018-11-09 06:00:00	2020-02-23 00:00:00	None	Hello Peppa Scan (IP=188,CN) | updated by BP with reason Failed password - Failed Logons (IP=159,CN)
111.231.203.234	24	RB	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep (IP=234,CN)
111.231.205.196	24	RB	None	2018-05-19 05:00:00	2020-01-04 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=196,CN) | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_Sourcefire (IP=63 CN) | 2020-01-04 | 2018-08-17
111.231.206.162	24	RW	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr web attacks (IP=162,CN)
111.231.207.136	24	RB	None	2018-05-13 05:00:00	2020-01-07 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=136,CN) | updated by RB with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=154,CN) | 2020-01-07 | 2018-08-11
111.231.21.168	24	RW	None	2020-05-13 00:00:00	2020-08-13 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=168,CN)
111.231.223.146	24	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=146,CN)
111.231.225.28	24	RB	None	2018-05-20 05:00:00	2020-01-16 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=28,CN) | updated by CR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourefire report (IP=7,CN)
111.231.227.135	24	RB	None	2018-05-13 05:00:00	2020-01-29 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=135,CN) | updated by GM with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=135,CN)
111.231.231.97	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Invalid user - Failed Logon (IP=97,CZ)
111.231.233.243	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=243,CN)
111.231.233.85	24	CR	None	2018-12-03 06:00:00	2020-02-20 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=85,CN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=243,CN)
111.231.237.245	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
111.231.239.143	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=143,CN)
111.231.248.104	24	ABC	None	2019-01-08 06:00:00	2020-03-28 00:00:00	None	Generic ArcSight scan attempt (IP=104,China) | updated by RB with reason HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=32,CN) | 2020-03-28 | 2019-04-08
111.231.249.84	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=84,CN)
111.231.253.241	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=241,CN)
111.231.53.91	24	CR	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=91,CN)
111.231.53.91	24	KF	None	2020-05-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - Sourcefire (IP=91,CN)
111.231.54.248	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=248,CN)
111.231.65.134	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr Web attacks (IP=134,CN)
111.231.69.18	24	BP	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Failed password for invalid user - 6hr Logons (IP=18,CN)
111.231.71.15	24	RB	None	2018-05-19 05:00:00	2020-01-27 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=15,CN) | updated by KF with reason Failed Password_6 Hr Failed Logons (IP=157,CN) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=157,CN)
111.231.72.39	24	RB	None	2018-11-24 06:00:00	2020-01-10 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=39 CN) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=72,CN)
111.231.75.185	24	RWB	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=185,CN)
111.231.82.143	24	RR	None	2019-02-11 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user (IP=143,CN) | updated by CW Block was inactive. Reactivated on 20191120 with reason Failed password_Failed Logon (IP=43,CN)
111.231.87.32	24	RR	None	None	2020-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=32,CN)
111.231.88.106	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Invalid user - Failed Logon (IP=106,CN)
111.231.89.197	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=197,CN)
111.231.9.129	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=129,CN)
111.231.91.130	24	RW	None	2020-04-24 00:00:00	2020-07-24 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=130,CN)
111.231.98.213	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Command Injection Attempt (IP=213,CN)
111.240.120.30	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=30,TW)
111.240.35.111	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=111,TW)
111.240.74.223	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=223,TW)
111.241.113.13	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=13,TW)
111.246.157.198	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=198,TW)
111.246.19.86	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	APP-DETECT failed FTP login attempt_6 hr Failed Logons (IP=86,TW)
111.249.112.71	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=71,TW)
111.250.2.224	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=224,TW)
111.250.87.32	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=32,TW)
111.252.107.163	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=163,TW)
111.252.26.56	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=56,TW)
111.253.165.222	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=222,TW)
111.254.14.31	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=31,TW)
111.254.42.240	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=240,TW)
111.255.162.17	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=17,TW)
111.26.172.222	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=222,no ISC data)
111.26.185.208	24	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=208,CN)
111.26.39.20	24	DT	None	2020-06-14 00:00:00	2020-09-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=20,CN)
111.29.27.97	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=97,CN)
111.31.249.0	24	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=0,CN)
111.35.151.38	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=38,CN)
111.35.158.66	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=66,CN)
111.35.45.42	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=42,CN)
111.38.17.179	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=179,CN)
111.38.25.114	24	EDBT	None	2017-07-22 05:00:00	2020-04-03 00:00:00	None	ET SCAN Potential SSH Scan (IP=114,CN) | updated by RB with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=89,CN) | 2020-04-03 | 2017-10-20
111.38.26.243	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=243,CN)
111.38.26.243	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=243,CN)
111.38.70.13	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=13,CN)
111.38.81.167	24	RW	None	2020-09-01 00:00:00	2020-12-01 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=167,CN)
111.39.9.251	24	RW	None	2019-11-25 00:00:00	2020-03-14 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=251,CN) | updated by KF Block expiration extended with reason Authentication Failed (IP=251,CN)
111.4.127.142	24	APP	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	- DETECT failed FTP login attempt - Failed Logons (IP=142,CN)
111.42.102.119	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=119,CN)
111.42.103.19	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=19,CN)
111.42.66.151	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command
111.42.67.54	24	RR	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=54,CN)
111.43.223.126	24	RB	None	2019-10-18 00:00:00	2020-01-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=126 CN)
111.43.37.2	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=2,no ISC data)
111.47.25.52	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Command Injection Attempt (IP=52,CN)
111.53.162.198	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=198,CN)
111.59.93.76	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Authentication Failed - Failed Logons (IP=76,CN)
111.61.100.163	24	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=163,CN)
111.61.107.87	24	MLJ	None	2018-03-02 06:00:00	2020-01-08 00:00:00	None	Authentication Failed (IP=87,CN) | updated by GM with reason Authentication Failed_Failed Logons(IP=90,CN) | updated by RR with reason Authentication Failed - Failed Logons (IP=91,CN)
111.61.109.157	24	CR	None	2018-08-12 05:00:00	2020-01-09 00:00:00	None	Authentication Failed (IP=157,CN) | updated by GM with reason Authentication Failed - Failed
111.61.112.212	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=212,CN)
111.61.115.18	24	GM	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	Authentication Failed - Failed Logons (IP=18,CN)
111.61.221.82	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=82,CN)
111.61.52.233	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=233,CN)
111.62.12.172	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=172,CN)
111.62.18.16	24	GM	None	2019-04-13 00:00:00	2020-06-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=16,CN) | updated by RR Block was inactive. Reactivated on 20200304 with reason TCP: SYN Host Sweep (IP=16,CN)
111.62.51.35	24	RB	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=35,CN)
111.67.12.221	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	AU TO-S-2019-0571 Malicious Email Activity
111.67.193.120	24	RR	None	2017-04-19 05:00:00	2020-02-06 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=120,CN) | updated by ABC with reason ET POLICY Suspicious inbound to mySQ | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=104
111.67.194.66	24	RW	None	2019-10-02 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6 hr web attacks (IP=66,CN)
111.67.195.215	24	CR	None	2017-12-09 06:00:00	2020-01-08 00:00:00	None	ET SCAN Potential SSH Scan (IP=215,CN) | updated by RR with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=142,CN)
111.67.196.125	24	wmp	None	2016-05-29 05:00:00	2020-01-04 00:00:00	None	Suspicious inbound to mySQL (IP=125,CN) | updated by RB with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=3,CN) | 2019-09-29 | 2016-08-29 | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execut
111.67.197.10	24	klb	None	2016-05-02 05:00:00	2020-02-14 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=10 CN) | updated by BLP with reason ET POLICY Suspicious inbound to mySQL | updated by RR with reason INDICATOR-SCAN PHP backdoor scan attempt -SourceFire (IP=73,CN) | updated by RW with reason S
111.67.199.180	24	KF	None	2019-05-03 00:00:00	2020-01-03 00:00:00	None	APP-DETECT failed FTP login attempt (IP=180,CN) | updated by RB with reason APP-DETECT failed FTP login attempt_6 hr Failed Logons (IP=27,CN) | 2020-01-03 | 2019-08-01
111.67.199.253	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=253,CN)
111.67.204.160	32	DT	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03380 (IP=160,CN)
111.67.205.228	32	RR	None	2020-06-17 00:00:00	2020-09-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03203 (IP=228,CN)
111.67.206.148	24	GM	None	2019-10-07 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=148,CN)
111.67.27.247	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	AU TO-S-2019-0747 Malicious Email Activity
111.67.28.14	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	AU TO-S-2020-0006 Malicious Email Activity
111.67.29.99	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	AU TO-S-2019-0608 Malicious Email Activity
111.68.102.20	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=20,PK)
111.68.107.82	24	djs	None	2014-08-13 05:00:00	2020-08-06 00:00:00	None	SSH Scans (ip=82,PK) | updated by RR with reason Illegal user (IP=37,PK) | updated by dbc with reason PK TO-S-2019-0864 Malware Activity
111.68.112.0	20	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	ID TO-S-2020-0088 Malware Activity
111.68.116.198	24	GM	None	2018-07-11 05:00:00	2020-04-08 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=198,ID) | updated by dbc with reason ID TO-S-2019-0577 Malicious Email Activity
111.68.124.42	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=42,ID)
111.68.46.68	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user - Failed Logons (IP=68,PH)
111.7.186.77	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Illegal user - 6hr Logon (IP=77,CN)
111.75.178.96	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=96,CN)
111.75.253.76	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=76,CN)
111.75.32.171	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=171,CN)
111.77.254.5	24	KF	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=5,CN)
111.79.104.237	24	RB	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=237,CN)
111.79.126.198	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=198,CN)
111.8.86.3	24	BMP	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=3,CN)
111.85.11.22	24	CR	None	2019-10-14 00:00:00	2020-01-14 00:00:00	None	Illegal user_6 hr Failed Logon (IP=22,CN)
111.85.182.30	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Failed password for invalid user -Failed Logons (IP=30,CN)
111.88.63.23	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Authentication Failed Failed_Failed Logon (IP=23,PK)
111.90.141.195	32	RWB	None	2019-12-13 00:00:00	2020-01-12 00:00:00	None	Signature: HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01158 (IP=195,MY)
111.90.144.0	21	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	MY TO-S-2019-0351 Malicious Web Application Activity
111.90.150.140	32	dbc	None	2020-08-04 00:00:00	2020-08-04 00:00:00	None	HIVE Case #3470 CTO-20-210 EUCOM JCC SR 101-20 (IP=140,Satellite)
111.90.159.28	24	RB	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt_Sourcefire (IP=28,MY)
111.92.189.14	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt_SourceFire (IP=14,KR)
111.92.189.45	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=45,KR)
111.92.240.0	22	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	KH TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason KH TO-S-2020-0212.01 Malicious Web Application Activity
111.93.206.26	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=26,IN)
111.93.242.226	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=226,IN)
111.93.246.171	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=171,IN)
111.93.4.174	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=174,IN)
112.101.113.155	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=155,CN)
112.102.214.241	24	RR	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	UDP: Host Sweep - ARCSight Sauron (IP=241,CN)
112.103.95.245	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=245,CN)
112.106.239.108	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	KR TO-S-2019-0613 Malware Activity
112.112.5.182	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=182,CN)
112.112.7.202	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=202,US)
112.114.102.236	32	KF	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	Immediate Inbound Network Block - TT# 20C00971 (IP=236,US)
112.114.103.147	32	RR	None	2019-12-18 00:00:00	2020-01-17 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01171 (IP=147,CN)
112.118.139.71	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_6 hr web attacks (IP=71,HK)
112.118.255.182	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=182,HK)
112.120.211.70	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=70,HK)
112.121.112.0	22	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,TW)
112.121.223.253	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=253,KR)
112.122.64.180	24	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr Web Attacks (IP=180,CN)
112.123.63.69	24	DT	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=69,CN)
112.123.90.26	24	RW	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6 hr web attacks (IP=26,CN)
112.124.108.175	32	DT	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=175,CN)
112.124.108.175	24	RB	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=175,CN)
112.124.24.109	24	GM	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=109,CN)
112.124.40.253	24	RR	None	2017-08-03 05:00:00	2020-02-21 00:00:00	None	INDICATOR-COMPROMISE Suspicious .top dns query (IP=253,CN) | updated by KF with reason INDICATOR-COMPROMISE Suspicious .top dn | updated by BP Block was inactive. Reactivated on 20191121 with reason INDICATOR-COMPROMISE suspicious .free tcp dns query (I
112.126.89.238	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=238,CN)
112.133.213.141	24	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - Web Attacks (IP=141,IN)
112.133.243.116	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=116,IN)
112.133.244.0	24	GLM	None	2016-10-22 05:00:00	2020-11-21 00:00:00	None	APP-DETECT failed FTP login attempt (IP=16,IN) | updated by GLM with reason PROTOCOL-FTP Bad login (IP=28,IN) | updated by dbc Block was inactive. Reactivated on 20191121 with reason IN TO-S-2020-0109.01 Malicious Email Activity
112.133.246.76	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
112.133.246.82	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
112.133.246.84	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
112.135.5.14	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed - 6hr Logons (IP=14,LK)
112.137.160.0	20	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	MY TO-S-2020-0065 Malicious Email Activity
112.140.185.151	24	dbc	None	2014-04-16 05:00:00	2020-01-14 00:00:00	None	Potential SSH Scan (ip=151,SG) | updated by jky with reason SG TO-S-2017-0840 Malicious activity | updated by CR with reason | updated by RR with reason Illegal user - Web Attacks (IP=64,SG)
112.140.185.64	32	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - 6hr Failed Logon (IP=64,SG) | updated by RW Block was inactive. Reactivated on 20191015 with reason Illegal user - 6hr Failed Logon (IP=64,SG)
112.140.187.89	24	RR	None	2020-08-11 00:00:00	2020-11-09 00:00:00	None	SQL HTTP URI blind injection attempt - SourceFire (IP=89,SG)
112.15.38.218	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=218,CN)
112.16.72.24	24	RW	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=24,CN)
112.161.203.170	24	RWB	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Invalid user - Failed Logon (IP=170,CN) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=170,KR)
112.161.241.30	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	Failed password for invalid user_Failed Logon (IP=30,KR)
112.162.176.39	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=39,KR)
112.162.191.160	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=160,KR)
112.168.101.11	24	KF	None	2018-08-20 05:00:00	2020-01-06 00:00:00	None	Authentication Failed (IP=11,KR) | updated by RR with reason Authentication Failed - Failed Logons (IP=133,KR)
112.17.119.125	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=125,CN)
112.17.123.56	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution _Web Attacks (IP=56,CN)
112.17.136.83	24	CR	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=83,CN)
112.17.158.193	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=193,CN)
112.17.78.218	24	RW	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Generic ArcSight scan attempt (IP=218,CN)
112.17.80.187	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=187,CN)
112.17.88.160	24	RB	None	2019-11-21 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=160,CN) | updated by KF Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) (IP=160,CH)
112.17.94.217	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=217,CN)
112.170.72.170	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=170,KR)
112.170.78.118	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=118,KR)
112.175.184.250	24	sjl	None	2014-11-12 06:00:00	2020-04-04 00:00:00	None	ET SCAN Potential SSH Scan (IP=250 KR) | updated by RR with reason ET SCAN LibSSH Based Frequent SSH Connections Likely BruteF
112.175.184.38	24	KF	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=38,KR)
112.175.232.155	24	RB	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Illegal user_6 hr Failed Logons (IP=155 KR) | 2020-01-21 | 2020-04-14
112.175.232.155	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Illegal user_6 hr Failed Logons (IP=155 KR)
112.175.232.169	24	KF	None	2019-01-20 00:00:00	2020-01-21 00:00:00	None	Illegal user (IP=169,KR) | updated by GM with reason Illegal user - Failed Logons (IP=155,KR)
112.175.50.180	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	KR TO-S-2020-0031 Malicious Email Activity
112.175.92.57	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	KR TO-S-2019-0604 Malware Activity
112.187.238.110	24	KF	None	2019-10-15 00:00:00	2020-01-13 00:00:00	None	APP-DETECT failed FTP login attempt_6 Hr Failed (IP=110,KR)
112.196.146.179	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
112.196.158.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
112.197.171.67	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Authentication Failed_Failed Logon (IP=67,VN)
112.197.174.157	24	RR	None	2019-05-30 00:00:00	2020-01-10 00:00:00	None	Authentication Failed - 6 hr Failed Logons (IP=157,VN) | updated by RR with reason Authentication Failed - Failed Logons (IP=157,VN)
112.197.192.5	32	dbc	None	2020-06-30 00:00:00	2020-09-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=5,VN)
112.205.212.63	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	PH TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason PH TO-S-2020-0212.01 Malicious Web Application Activity
112.21.188.250	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user - Failed Logons (IP=250,CN)
112.21.191.54	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=54,CN)
112.213.109.110	24	djs	None	2014-05-16 05:00:00	2020-01-10 00:00:00	None	SSH Scans (ip=HK) | updated by RR with reason ET POLICY Suspicious inbound to mySQL port 3306 (IP=159,HK) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_12 hr web attacks (IP=25 HK) | 2019-09-
112.213.126.113	24	CR	None	2019-12-21 00:00:00	2020-03-21 00:00:00	None	HTTP: SQL Injection Attempt Detected_6 hr Web Attack (IP=113,HK)
112.213.89.124	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=124,VN)
112.213.89.68	24	BMP	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr Web Attacks (IP=68,VN)
112.213.89.68	24	BMP	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr Web Attacks (IP=68,VN)
112.213.96.207	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=207,HK)
112.213.97.144	24	DT	None	2020-06-12 00:00:00	2020-09-12 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=144,HK)
112.213.97.144	24	DT	None	2020-06-12 00:00:00	2020-07-12 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=144,HK)
112.213.97.99	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=99,HK)
112.213.98.252	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability_Web Attacks (IP=52,HK)
112.214.136.5	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user_Failed Logon (IP=5,KR)
112.215.113.10	24	RR	None	2017-11-10 06:00:00	2020-03-10 00:00:00	None	Illegal user (IP=10,ID) | updated by GM with reason Failed password - Failed Logons (IP=10,ID)
112.215.141.101	24	RR	None	2018-06-27 05:00:00	2020-01-31 00:00:00	None	Authentication Failed (IP=101,ID) | updated by RB with reason Failed password_6 hr Failed Logons (IP=101,ID) | 2020-01-31 | 2018-09-25
112.216.119.230	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	APP-DETECT failed FTP login attempt_6 Hr Failed Logons (IP=230 KR)
112.217.150.1	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=1,KR)
112.217.150.113	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=113,KR)
112.217.196.74	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=74,KR)
112.217.207.130	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password - Failed Logons (IP=130,KR)
112.217.225.146	24	ABC	None	2018-05-03 05:00:00	2020-03-05 00:00:00	None	Generic ArcSight scan attempt (IP=146,KR) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=61,KR)
112.218.29.190	24	GM	None	2020-01-31 00:00:00	2020-05-24 00:00:00	None	Illegal user - Failed Logons (IP=190,KR) | updated by CW Block expiration extended with reason Illegal user_Failed Logon (IP=90,KR) | updated by CR Block expiration extended with reason Illegal user - 6 hr Failed Logon (IP=190,KR)
112.218.94.237	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	KR TO-S-2019-0658 Malware Activity
112.221.88.204	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	KR TO-S-2019-0351 Malware Activity
112.222.29.147	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Invalid user - Failed Logon (IP=147,KR)
112.225.191.156	24	CR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=156,CN)
112.229.85.1	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=1,CN)
112.23.143.218	24	RR	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Illegal user - Failed Logons (IP=218,CN)
112.230.44.36	24	CR	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=36,CN)
112.243.248.138	24	RR	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=138,CN) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=138,CN)
112.243.249.178	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=178,CN)
112.25.154.226	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=226,CN)
112.25.77.193	24	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=193,CN)
112.250.108.137	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=137,CN)
112.26.160.67	24	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=67,CN)
112.27.124.178	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=178,CN)
112.27.131.180	24	RR	None	None	2020-07-07 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=180,CN)
112.27.89.38	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=38,CN)
112.27.89.38	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=38 CN)
112.27.89.38	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=38,CN)
112.28.113.197	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=97,CN)
112.28.115.185	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=185,CN)
112.28.85.85	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=85,CN)
112.28.98.61	24	GM	None	2019-12-24 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=61,CN)
112.29.171.57	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Command Injection Attempt (IP=57,CN)
112.29.173.40	24	klb	None	2016-08-10 05:00:00	2020-02-24 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=40 CN) | updated by CR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_CIRT Web Attacks - Prior 6 hours (IP=209,CN) | updated by RR with reason SERVER-WEBA
112.3.24.113	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Generic ArcSight scan attempt (IP=113,CN)
112.30.128.82	32	KF	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Immediate Inbound Network Block - TT# 20C00921 (IP=82,US)
112.30.130.15	32	DT	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03260 (IP=15,CN)
112.30.133.241	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=241,CN)
112.33.12.100	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password for invalid user - Failed Logons (IP=100,CN)
112.33.13.124	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Failed password -Failed Logons (IP=124,CN)
112.33.16.34	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Invalid user - Failed Logon (IP=34,CN)
112.33.253.60	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=60,CN)
112.35.144.207	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password_6 hr Failed Logons (IP=207,CN)
112.35.26.209	24	EDBT	None	2017-08-06 05:00:00	2020-02-26 00:00:00	None	ET SCAN Potential SSH Scan (IP=209,CN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=43,CN)
112.35.30.107	32	RR	None	2020-07-25 00:00:00	2020-10-25 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 20C03557 (IP=107,CN)
112.35.44.125	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Invalid user - Failed Logons (IP=125,CN)
112.35.79.100	32	RB	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - (CVE-2019-16759) TT# 20C03637 (IP=100,CN)
112.35.79.100	24	GM	None	2019-06-20 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=100,CN) | updated by ABC with reason Command Injection Attempt (IP=100,CN)
112.4.88.74	24	GM	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	ABC Generic ArcSight scan attempt (IP=74,CN)
112.47.3.133	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Command Injection Attempt (IP=133,CN)
112.54.80.211	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=211,CN)
112.6.124.253	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=253,CN)
112.6.129.80	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Illegal user_Failed Logon (IP=80,CN)
112.64.170.178	24	RR	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password - Failed Logons (IP=178,CN)
112.64.199.58	24	RB	None	2019-11-08 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt_Sourcefire (IP=58 CN) | updated by KF with reason SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (IP=58,CN)
112.64.34.165	24	CR	None	2019-01-14 06:00:00	2020-02-24 00:00:00	None	Illegal user (IP=165,CN) | updated by RW Block was inactive. Reactivated on 20191124 with reason Authentication Failed - 6hr Failed Logon(IP=165,CN)
112.66.101.198	24	MLJ	None	2017-10-13 05:00:00	2020-04-17 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=198,CN) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=12,CN)
112.66.102.129	24	YM	None	2017-12-25 06:00:00	2020-02-04 00:00:00	None	ET POLICY Suspicious inbound to Oracle SQL port 1521 (IP=129,CN) | updated by RR with reason Generic ArcSight scan attempt (IP=134,CN)
112.66.96.100	24	RR	None	2017-12-05 06:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt (IP=100,CN) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=60,CN)
112.66.97.112	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=112,CN)
112.66.99.163	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=163,CN)
112.66.99.163	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=163,CN)
112.72.77.126	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=126,VN)
112.72.79.3	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=3,VN) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
112.72.93.32	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=32,VN)
112.78.0.0	20	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	VN TO-S-2019-0952 Malware Activity
112.78.117.119	32	wmp	None	2020-08-24 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3614 COLS-NA-TIP-20-0265 (IP=119,JP)
112.78.117.7	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	JP TO-S-2019-0631 Malicious Email Activity
112.78.164.230	24	CW	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web attacks (IP=30,ID)
112.78.167.11	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=11,ID)
112.78.2.119	24	djs	None	2014-12-31 06:00:00	2020-02-04 00:00:00	None	WEBAPP admin.php access (ip=119,VN) | updated by djs with reason USAA Phishing pdf callback maid=7950,7952 (ip=31,VN) | upda
112.78.43.98	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	ID TO-S-2019-0409 Malicious Email Activity
112.80.137.136	24	CR	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=136,CN)
112.81.5.152	24	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt - SourceFire (IP=152,CN)
112.85.122.20	24	RR	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Command Injection Attempt (IP=20,CN)
112.85.42.17	24	dbc	None	2014-03-23 05:00:00	2020-01-31 00:00:00	None	TCP Port Sweeps (ip=17,CN) | updated by CR with reason INDICATOR-SCAN SSH brute force login attempt (IP=150,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=178,CN) | 2020-01-31 | 2018-10-22
112.85.42.177	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=177,CN)
112.86.147.182	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP= 182 , CN )
112.87.185.158	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6hr web attacks (IP=158,CN)
112.91.149.134	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=134,CN)
112.91.150.123	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	Failed password for invalid user_Failed Logon (IP=23,CN)
112.91.254.2	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=2,CN)
112.94.189.101	24	RR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Illegal user - Failed Logons (IP=101,CN)
112.94.2.65	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=65,CN)
112.96.71.94	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	Illegal user (IP=94,CN)
112.97.214.63	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Failed password for invalid user - 6hr Logons (IP=63,CN)
113.10.158.176	32	RB	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00456 (IP=176,HK)
113.10.190.111	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=111,HK)
113.10.244.99	24	RB	None	2019-01-18 00:00:00	2020-01-27 00:00:00	None	Failed password for invalid user(IP=99,HK) | updated by GM with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=181,HK)
113.100.137.148	24	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=148,CN)
113.100.224.118	24	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=118,CN)
113.100.227.3	24	CW	None	2020-01-05 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=3,CN) | updated by CW Block expiration extended with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=3,CN)
113.104.189.184	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	Authentication Failed - Failed Logon (IP=184,CN)
113.107.110.150	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_12 hr web attacks (IP=150,CN)
113.107.111.90	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Command Injection Attempt (IP=90,CN)
113.107.219.103	24	GLM	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=103,CN)
113.107.244.124	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=124,CN)
113.11.254.213	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	SG TO-S-2019-0351 Malicious Web Application Activity
113.110.226.184	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=184,CN)
113.110.227.165	24	RW	None	2020-01-18 00:00:00	2020-04-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=165,CN) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=165,CN)
113.110.246.200	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=200,CN)
113.116.34.98	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Invalid user - Failed Logons (IP=98,CN)
113.124.149.24	24	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt - SourceFire (IP=24,CN)
113.125.25.73	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=73,CN)
113.125.40.242	24	RB	None	2020-09-21 00:00:00	2020-12-20 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=242,CN)
113.125.46.231	24	BMP	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=231,CN)
113.125.55.92	24	BMP	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=92,CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=92
113.125.60.208	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=208,CN)
113.128.199.196	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=196,CN)
113.133.176.204	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=204,CN)
113.133.224.147	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=147,CN)
113.134.156.74	24	RR	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=74,CN)
113.141.28.106	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user - Failed Logons (IP=106,CN)
113.141.66.2	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=2,CN)
113.141.70.100	24	dbc	None	2015-03-27 05:00:00	2020-03-10 00:00:00	None	TCP Host Sweeps (IP=100, CN) | updated by CR with reason Hello Peppa Scan (IP=78,CN) | updated by GM with reason Failed password - Failed Logons (IP=199,CN)
113.141.70.199	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	Failed password (IP=199,CN)
113.142.54.90	24	RR	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=90,CN)
113.142.58.76	24	RW	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Generic ArcSight scan attempt (IP=76,CN)
113.142.64.237	24	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	Illegal user (IP=237,CN)
113.142.71.4	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=4,CN)
113.142.72.2	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=2,CN)
113.157.201.152	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=152,JP)
113.173.39.152	32	GM	None	2019-12-18 00:00:00	2020-01-18 00:00:00	None	TO-S-2020-0210 / Pulse 221980-19 - 20C01184 (IP=152,US)
113.176.92.1	32	RW	None	2020-02-02 00:00:00	2020-03-02 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01579 (IP=1,VN)
113.193.139.62	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
113.193.146.35	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
113.193.199.185	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
113.193.226.3	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Illegal user - 6hr Logons (IP=3,IN)
113.193.243.35	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Illegal user_Failed Logon (IP=35,IN)
113.193.27.170	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=170,IN)
113.193.30.98	24	RR	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Failed password - Failed Logons (IP=98,)
113.199.40.2	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=2,KR)
113.20.101.210	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=210,VN)
113.200.121.186	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=186,CN)
113.200.161.160	24	RR	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	UDP: Host Sweep - ARCSight Sauron (IP=160,CN)
113.200.60.74	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password_6 hr Failed Logons (IP=74,CN)
113.201.63.78	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=78,CN)
113.203.208.0	20	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	PK TO-S-2020-0109.01 Malicious Email Activity
113.203.64.0	18	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	IR TO-S-2019-0890.01 Malicious Email Activity
113.204.228.66	24	GM	None	2019-11-13 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logons (IP=66,CN)
113.204.230.222	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=222,CN)
113.204.72.94	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=94,CN)
113.206.128.114	24	RW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=114,CN)
113.210.64.4	24	RR	None	2020-09-25 00:00:00	2020-12-25 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=4,MY)
113.22.163.236	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=236,VN)
113.22.166.86	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=86,VN)
113.22.166.86	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=86,VN)
113.22.170.212	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=212,VN)
113.22.170.212	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=212,VN)
113.22.170.229	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_failed Logon (IP=29,VN)
113.22.170.54	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=54,VN)
113.22.170.54	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=54,VN)
113.22.191.212	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=212,VN)
113.22.194.203	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=203,VN)
113.22.205.44	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=44,VN)
113.22.247.235	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=235,VN)
113.22.252.110	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=110,VN)
113.22.78.110	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=110,Vietnam)
113.220.113.167	24	RB	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=167 CN)
113.220.114.238	24	RR	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=238,CN)
113.220.115.97	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=97,CN)
113.220.116.42	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=42,CN)
113.220.117.90	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=90,CN)
113.220.17.160	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=60,CN)
113.220.18.1	24	CR	None	2020-01-06 00:00:00	2020-04-06 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=1,CN)
113.220.19.22	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=22,CN)
113.220.21.131	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=31,CN)
113.220.22.140	24	CR	None	2019-12-27 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=140,CN)
113.220.23.167	24	RB	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=167,CN)
113.220.24.76	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=76,CN)
113.220.25.65	24	BMP	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=65,CN)
113.220.26.128	24	CW	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt _SourceFire (IP=28,CN)
113.220.27.115	24	RWB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=115,CN)
113.220.28.13	24	GM	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=13,CN)
113.220.29.108	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=108,CN)
113.220.31.109	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=109,CN)
113.221.56.170	24	GM	None	2020-06-18 00:00:00	2020-08-18 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=170,CN)
113.225.117.59	24	RW	None	2020-05-31 00:00:00	2020-08-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=59,CN)
113.225.141.107	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=107,CN)
113.225.160.125	24	RR	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - Failed Logopns (IP=125,CN)
113.225.160.125	24	RR	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - Failed Logopns (IP=125,CN)
113.225.225.115	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=115,CN)
113.228.180.93	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=93,DZ)
113.228.85.108	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=108,CN)
113.229.178.210	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Sourcefire (IP=210,CN)
113.23.3.242	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=242 VN)
113.23.73.36	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=36,VN)
113.23.73.36	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=36,VN)
113.23.90.195	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=195,VN)
113.23.96.143	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=143,VN)
113.23.98.111	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=111,VN)
113.230.38.51	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=51,CN)
113.231.80.209	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=209,CN)
113.231.95.164	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=164,CN)
113.232.129.86	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=86,CN)
113.234.100.116	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=116,CN)
113.238.98.42	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=42,CN)
113.239.164.220	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=220,CN)
113.239.58.91	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=91,CN)
113.240.253.66	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-APACHE Apache Tomcat remote JSP file upload attempt (1:44531:3) (IP=66,CH)
113.242.18.173	24	CW	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=73,CN)
113.242.192.10	24	CW	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=10,CN)
113.242.208.118	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=118,CN)
113.243.1.166	24	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=166,CN)
113.243.102.200	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=200,CN)
113.244.230.1	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=1,CN)
113.245.101.116	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=16,CN)
113.245.104.5	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=5,CN)
113.245.105.137	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=37,CN)
113.245.106.224	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=224,CN)
113.245.111.110	24	RB	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_6 hr web attacks (IP=110 CN)
113.245.184.47	32	RR	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=47,CN)
113.245.209.70	24	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=70,CN)
113.245.216.69	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt _SourceFire (IP=69,CN)
113.245.217.16	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=16,CN)
113.245.72.196	24	RWB	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=196,CN)
113.245.75.90	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Web attacks (IP=90,CN)
113.245.79.149	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=149,CN)
113.245.97.155	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=55,CN)
113.246.117.224	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=24,CN)
113.246.124.250	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=250,CN)
113.246.16.209	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=209,CN)
113.246.182.15	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=15,CN)
113.246.26.176	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=176,CN)
113.246.45.218	24	RW	None	2019-12-19 00:00:00	2020-03-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=218,CN)
113.247.106.148	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=148,CN)
113.247.116.223	24	RB	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=223,CN)
113.247.117.249	24	CW	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=49,CN)
113.247.129.101	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=1,CN)
113.25.173.244	24	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=244,CN)
113.25.52.93	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=93,CN)
113.250.15.197	24	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=197,CN)
113.251.223.146	24	DT	None	2020-04-20 00:00:00	2020-07-19 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=146,CN)
113.252.109.122	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr Web attacks (IP=122,HK)
113.255.217.73	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=73,HK)
113.28.150.73	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=73,HK)
113.31.102.157	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=157,CN)
113.31.114.97	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=97,CN)
113.43.208.204	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	JP TO-S-2019-0926 Malicious Email Activity
113.52.118.144	24	BMP	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=144,MO)
113.52.97.0	24	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CN TO-S-2019-0952 Malware Activity
113.53.118.210	32	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01903 (IP=210,US)
113.53.230.146	24	djs	None	2015-02-24 06:00:00	2020-01-31 00:00:00	None	Webapp Setup.php access (ip=146,TH) | updated by RW with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 19C03085 (IP=34,US) | updated by RB with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution- TT# 20C
113.53.230.34	32	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - 20C01670 (IP=34,US)
113.53.230.34	32	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - 20C01670 (IP=34,US)
113.53.231.198	24	KF	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01852(IP=198,TH)
113.53.29.163	32	RR	None	2019-09-17 00:00:00	2020-12-26 00:00:00	None	performing traffic against HRC IP space - TT# 19C03275 (IP=163,TH) | updated by dbc Block was inactive. Reactivated on 20191223 with reason TH TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason TH T
113.57.114.33	24	RR	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (1:41697:2) - SourceFire (IP=33,CN)
113.57.53.132	24	GM	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	UDP: Host Sweep (IP=132,CN)
113.58.234.54	24	RR	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (1:41697:2) - SourceFire (IP=54,CN)
113.58.236.29	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=29,CN)
113.6.248.162	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=162,CN)
113.7.123.80	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=80,CN)
113.81.97.98	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=98,CN)
113.87.14.132	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	Illegal user - Failed Logons (IP=132,CN)
113.91.38.24	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Invalid user - Failed Logons (IP=24,CN)
113.96.135.238	24	RB	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=238,CN)
113.96.60.18	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=18,CN)
113.98.118.74	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=74,CN)
113.98.230.214	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Command Injection Attempt (IP=214,CN)
114.102.132.123	24	RW	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=123,CN)
114.102.133.27	24	DT	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=27,CN)
114.108.181.139	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=139,KR)
114.115.133.8	24	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=8,CN)
114.115.134.176	24	RR	None	2017-11-11 06:00:00	2020-01-26 00:00:00	None	Illegal user (IP=176,CN) | updated by RR with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=114,CN) | updated by RR with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=114,CN)
114.115.154.128	24	MLJ	None	2018-06-04 05:00:00	2020-04-04 00:00:00	None	ET SCAN Behavioral Unusually | updated by RB with reason HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability_6 hr web attacks (IP=71,CN) | 2020-04-04 | 2018-09-02
114.115.157.72	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan
114.115.157.72	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=72,CN)
114.115.203.196	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=196,CN)
114.115.207.190	24	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=190,CN)
114.115.213.143	24	RB	None	2020-03-09 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP Apache Struts remote code execution attempt_6 hr web attacks (IP=143,CN)
114.115.213.143	24	RB	None	2020-03-09 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP Apache Struts remote code execution attempt_6 hr web attacks (IP=143,CN)
114.115.215.23	24	RR	None	2019-04-22 00:00:00	2020-01-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=23,CN) | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=96,CN)
114.115.221.117	24	RB	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=117,CN)
114.115.241.156	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=156,CN)
114.116.103.215	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=215,CN)
114.116.114.219	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=219,CN)
114.116.125.242	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=242,CN)
114.116.126.77	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=77,CN)
114.116.141.49	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=49,CN)
114.116.142.238	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Command Injection Attempt (IP=238,CN)
114.116.155.184	24	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=184,CN)
114.116.16.193	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=193,CN)
114.116.211.57	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=57,CN)
114.116.218.227	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=227,CN)
114.116.224.67	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Command Injection Attempt (IP=67,CN)
114.116.229.87	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=87,CN)
114.116.23.6	24	RB	None	2018-12-29 06:00:00	2020-01-26 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=6,CN) | updated by RR with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=247,CN)
114.116.231.188	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=188,CN)
114.116.246.54	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=54,CN)
114.116.248.11	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=11,CN)
114.116.30.20	24	RB	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=20,CN)
114.116.52.101	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=101,CN)
114.116.78.59	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=59,CN)
114.116.83.125	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=125,CN)
114.116.96.10	24	GLM	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=10,CN)
114.118.1.130	24	YM	None	2018-04-02 05:00:00	2020-01-10 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=130,CN) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=130,CN) | updated by GM with reason INDICATOR
114.118.100.64	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=64,CN)
114.118.13.36	24	RR	None	2020-07-14 00:00:00	2020-10-12 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attack (IP=36,CN)
114.118.7.89	24	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - WebAttacks (IP=89,CN)
114.118.91.64	24	RR	None	2018-12-15 06:00:00	2020-02-13 00:00:00	None	Failed password for invalid user (IP=64,CN) | updated by RWB Block was inactive. Reactivated on 20191115 with reason Invalid user - Failed Logon (IP=64,CN)
114.118.97.195	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Illegal user (IP=195,CN)
114.119.41.97	24	RW	None	2020-05-04 00:00:00	2020-08-04 00:00:00	None	HTTP: php.cgi Buffer Overflow - 6hr web attacks (IP=97,CN)
114.122.5.195	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	Failed keyboard-interactive - 6hr Logons (IP=195,ID)
114.124.200.120	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Illegal user - 6hr Logons (IP=120,ID)
114.125.7.219	24	RR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - Failed Logons (IP=219,ID)
114.134.164.222	24	RB	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6 hr web attacks (IP=222,NZ)
114.141.191.238	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user_Faield Logon (IP=38,CN)
114.141.205.94	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	AU TO-S-2019-0769 Malicious Email Activity
114.141.50.171	24	KF	None	2019-10-28 00:00:00	2020-01-27 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=171,ID) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=171,ID)
114.143.107.194	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0212.01 Malicious Web Application Activity
114.143.107.194	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity
114.143.136.170	24	KF	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	Known Attack Tool User Agent V2 UDS-WhatWeb_RC8766 - TT# 20C02560 (IP=170,IN)
114.143.190.138	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
114.143.240.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
114.143.57.4	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	IN TO-S-2019-0430 Malware Activity
114.145.222.28	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt - SourceFire (IP=28,CN)
114.147.124.103	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	JP TO-S-2019-0532 Malware Activity
114.147.126.57	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	JP TO-S-2019-0747 Malicious Email Activity
114.151.171.245	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web attacks (IP=45,JP)
114.170.206.239	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	JP TO-S-2019-0852 Malicious Email Activity
114.189.13.77	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=77,JP)
114.198.235.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	PK TO-S-2019-0626.01 Malware Activity
114.198.237.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	PK TO-S-2019-0626.01 Malware Activity
114.200.196.55	24	BMP	None	2020-03-10 00:00:00	2020-06-08 00:00:00	None	BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt - SourceFire (IP=55,KR)
114.204.150.80	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	KR TO-S-2019-0351 Malware Activity
114.207.139.2	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user (IP= 2 , KR )
114.207.77.182	32	RB	None	2019-06-27 00:00:00	2020-08-06 00:00:00	None	TO-S-2019-0786 / SIGACT R-3029 - TT#19C02408 (IP=182,KR) | updated by dbc with reason KR TO-S-2019-0864 Malicious Email Activity
114.212.7.70	24	ABC	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	Command Injection Attempt (IP=70,CN)
114.215.122.26	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=26,CN)
114.216.201.119	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Illegal user_Failed Logon (IP=19,CN)
114.218.73.48	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=48,CN)
114.220.75.30	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password - 6hr Logon (IP=30,CN)
114.220.76.79	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password_6 hr Failed Logons (IP=79,CN)
114.220.94.53	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=53,CN)
114.221.13.110	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed logons (IP=110,CN)
114.224.169.163	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Attempted User Privilege Gain - SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=,CN)
114.226.218.179	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=79,CN)
114.226.56.228	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=228,CN)
114.226.85.196	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=196,CK)
114.227.134.39	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=39,CN)
114.227.169.135	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	APP-DETECT failed FTP login attempt_Failed Logon (IP=35,CN)
114.228.230.220	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=220,CN)
114.228.69.65	24	BMP	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	APP-DETECT failed FTP login attempt - 6hr Failed Logons (IP=65,CN)
114.231.5.20	24	RR	None	2019-12-20 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=20,CN) | updated by RWB Block expiration extended with reason Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection at
114.233.20.49	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=49,CN)
114.234.152.139	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=139,CN)
114.234.155.136	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=136,CN)
114.234.157.231	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=231,CN)
114.234.240.198	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=198,CN)
114.234.243.111	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=111,CN)
114.235.12.134	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=134,CN)
114.235.14.18	24	RWB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=18,CN)
114.235.18.9	24	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=9,CN)
114.235.181.92	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=92,CN)
114.235.208.193	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=193,CN)
114.235.209.162	24	dbc	None	2015-01-29 06:00:00	2020-04-09 00:00:00	None	Suspicious inbound to mySQL port 3306 (IP=162, CN) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=193,CN)
114.235.33.170	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=70,CN)
114.235.43.164	24	GM	None	2019-12-24 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=164,CN)
114.235.64.23	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=23,CN)
114.235.65.43	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=43,CN)
114.235.67.200	24	RR	None	2020-01-29 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=200,CN) | updated by KF Block expiration extended with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=200,CN)
114.236.149.133	24	RW	None	2020-05-23 00:00:00	2020-08-23 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=133,CN)
114.236.15.130	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=130,CN)
114.236.195.52	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=52,CN)
114.236.198.213	24	RB	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=213,CN)
114.236.224.214	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=214,CN)
114.236.231.42	24	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=42,CN)
114.236.234.52	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=52,CN)
114.236.238.3	24	RR	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	SQL generic sql with comments injection attempt - GET parameter - Web Attacks (IP=3,PK)
114.236.239.239	24	RW	None	2020-06-08 00:00:00	2020-09-08 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - Sourcefire (IP=239,CN)
114.236.24.219	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=219,CN)
114.236.64.178	24	RR	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=178,CN)
114.237.130.149	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=149,CN)
114.237.181.232	24	BMP	None	2020-03-21 00:00:00	2020-06-19 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=232,CN)
114.237.230.173	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt_Sourcefire (IP=173,CN)
114.238.85.183	24	CW	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=83,CN)
114.239.104.248	24	BMP	None	2020-01-11 00:00:00	2020-02-10 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01417 (IP=248,CN)
114.239.105.239	32	CW	None	2020-01-12 00:00:00	2020-02-12 00:00:00	None	Unauthorized Access Attempt-TT# 20C01410 (IP=39,CN)
114.239.105.38	32	CW	None	2020-01-12 00:00:00	2020-02-12 00:00:00	None	Unauthorized Access Attempt-TT# 20C01409 (IP=38,CN)
114.239.105.61	32	GM	None	2020-01-10 00:00:00	2020-02-10 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - 20C01398 (IP=61,US)
114.239.105.89	32	RR	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01454 (IP=89,CN)
114.239.105.89	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=89,CN)
114.239.106.57	24	GM	None	2019-07-17 00:00:00	2020-04-20 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - Sourcefire (IP=57,CN) | updated by RR with reason HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C01507 (IP=120,CN)
114.239.107.231	32	KF	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C01652 (IP=231,US)
114.239.107.82	24	RB	None	2018-08-01 05:00:00	2020-02-10 00:00:00	None	APP-DETECT failed FTP login attempt (IP=82,CN) | updated by KF with reason APP-DETECT failed FTP login attempt (IP=96,CN) | updated by GM with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - 20C01399 (IP=46,US)
114.239.12.162	24	RWB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=162,CN)
114.239.14.255	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=55,CN)
114.239.15.51	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=51,CN)
114.239.191.165	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=165,CN)
114.239.194.17	24	RB	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt-Sourcefire (IP=17,CN)
114.239.26.81	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=81,CN)
114.239.52.254	24	KF	None	2019-03-14 00:00:00	2020-03-24 00:00:00	None	APP-DETECT failed FTP login attempt (1:13360:6) (IP=254,CN) | updated by GM with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=17,CN)
114.239.53.231	24	CR	None	2020-01-20 00:00:00	2020-05-06 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - Sourcefire (IP=231,CN) | updated by RB Block expiration extended | not blocked because Target is an RWP address (www.mcclellan.army.mil), back-end web server runs ASP not PHP
114.239.74.46	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=46,CN)
114.24.141.1	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=1,TW)
114.24.15.144	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=144,TW)
114.24.207.97	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=97,TW)
114.241.94.106	24	BMP	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	HIVE Case #1699 FE WEB Malware Callback Detected (IP=106,CN)
114.242.236.140	24	RB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Failed password_6 hr Failed Logons (IP=140,CN)
114.242.248.140	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=140,CN)
114.242.34.8	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=8,CN)
114.244.115.194	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Invalid user - Failed Logons (IP=194,CN)
114.246.235.4	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=4,CN)
114.246.34.130	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	UDP: Host Sweep (IP=130,CN)
114.246.35.27	24	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	UDP: Host Sweep - Automated Block Report (IP=27,CN)
114.247.184.142	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	UDP: Host Sweep (IP=142,CN)
114.25.39.189	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Authentication Failed - 6hr Logon (IP=189,TW)
114.250.138.84	24	KF	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	UDP: Host Sweep (IP=84,CN)
114.250.139.250	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=250,CN)
114.251.216.241	24	MLJ	None	2017-08-31 05:00:00	2020-01-19 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=241,CN) | updated by KF with reason HTTP: SQL Injection Attempt Detected_Web Attacks (IP=146,CN)
114.253.132.125	24	GM	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=125,CN)
114.254.94.250	24	RW	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	UDP: Host Sweep (IP=250,CN)
114.255.140.98	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=98,CN)
114.255.160.161	24	RB	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=161,CN)
114.255.222.100	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=100,CN)
114.26.4.128	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=128,TW)
114.26.47.69	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=69,TW)
114.26.78.99	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=99,TW)
114.30.81.53	32	RW	None	2020-02-02 00:00:00	2020-03-02 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01577 (IP=53,ID)
114.31.34.176	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=176,KR)
114.31.72.19	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=19,AU)
114.32.11.122	24	RR	None	2019-03-11 00:00:00	2020-01-19 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=122,TW) | updated by KF with reason Immediate Inbound Network Block - TT# 20C00513 (IP=100,US)
114.32.113.224	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Illegal user - 6hr Logons (IP=224,TW)
114.32.200.206	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=206,TW)
114.32.209.239	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=239,CN)
114.33.147.201	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=201,TW)
114.33.194.223	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=223,TW)
114.33.200.62	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=62,TW)
114.33.239.180	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=180,TW)
114.33.29.188	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - 6hr web attacks (IP=188,TW)
114.34.224.196	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=196,TW)
114.35.127.109	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=109,TW)
114.35.198.235	24	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=235,TW)
114.35.39.197	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=197,TW)
114.36.121.130	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=130,TW)
114.37.216.224	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=224,TW)
114.38.15.213	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=213,TW)
114.38.171.9	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=9,TW)
114.38.241.55	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=55,TW)
114.38.42.54	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=54,TW)
114.39.157.215	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=215,TW)
114.39.182.75	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=75,TW)
114.39.19.141	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=141,TW)
114.39.30.182	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=182,TW)
114.39.46.55	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=55,TW)
114.40.182.146	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=146,TW)
114.40.24.244	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=244,TW)
114.40.27.3	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=3,TW)
114.40.52.212	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=212,TW)
114.40.57.178	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6hr web attacks (IP=178,TW)
114.41.136.203	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=203,TW)
114.43.190.39	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_Web Attacks (IP=39,TW)
114.43.79.149	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=149,CN)
114.45.164.185	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=185,TW)
114.45.167.125	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=125,TW)
114.45.33.92	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=92,TW)
114.45.84.156	24	djs	None	2015-08-10 05:00:00	2020-01-09 00:00:00	None	ftp login attempts (ip=156,TW) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=230,TW)
114.46.131.220	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=220,TW)
114.46.144.199	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=199,TW)
114.46.154.237	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=237,TW)
114.46.225.107	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=107,TW)
114.46.226.93	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=93,TW)
114.46.60.183	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=183,TW)
114.46.63.210	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=210,TW)
114.47.101.119	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=119,TW)
114.47.114.15	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=15,TW)
114.47.121.35	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=35,TW)
114.5.81.67	24	KF	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=67,ID)
114.55.169.2	24	RR	None	None	2020-07-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=2,CN)
114.55.43.141	24	RR	None	2020-07-19 00:00:00	2020-10-17 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=141,CN)
114.6.103.162	24	RR	None	2018-12-08 06:00:00	2020-03-15 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=162,ID) | updated by KF Block was inactive. Reactivated on 20191216 with reason HTTP: SQL Injection Attempt Detected(IP=162,ID)
114.6.196.70	24	GLM	None	2017-01-22 06:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP Setup.php access (IP=70,ID) | updated by dbc with reason ID TO-S-2019-0409 Malicious Email Activity
114.67.101.37	24	RB	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=37,CN)
114.67.102.188	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=188,CN)
114.67.104.138	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=138,CN)
114.67.109.108	24	CW	None	2020-02-01 00:00:00	2020-05-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web attacks (IP=8,CN) | updated by KF Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=108,CN)
114.67.112.90	24	GM	None	2020-03-08 00:00:00	2020-06-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=90,CN)
114.67.116.191	24	DT	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - SourceFire (IP=191,CN)
114.67.117.245	24	RR	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=245,CN)
114.67.122.175	24	KF	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=175,HK)
114.67.126.210	24	RR	None	2020-04-28 00:00:00	2020-07-27 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=210,CN)
114.67.205.127	24	BMP	None	2020-06-20 00:00:00	2020-09-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=127,CN)
114.67.225.19	24	CR	None	2018-07-10 05:00:00	2020-01-31 00:00:00	None	Illegal user (IP=19,CN) | updated by GM with reason Invalid user - Failed Logons (IP=36,CN)
114.67.230.210	24	YM	None	2018-05-18 05:00:00	2020-02-07 00:00:00	None	APP-DETECT failed FTP login attempt (IP=21,CN) | updated by KF with reason Failed password (IP=197,CN)
114.67.231.229	24	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=229,CN)
114.67.237.246	32	GM	None	2020-02-09 00:00:00	2020-09-23 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - 20C01657 (IP=246,US) | updated by RR Block was inactive. Reactivated on 20200625 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) -
114.67.237.246	32	GM	None	2020-02-09 00:00:00	2020-09-23 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - 20C01657 (IP=246,US) | updated by RR Block was inactive. Reactivated on 20200625 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) -
114.67.237.246	32	GM	None	2020-02-09 00:00:00	2020-09-23 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - 20C01657 (IP=246,US) | updated by RR Block was inactive. Reactivated on 20200625 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) -
114.67.237.246	24	ABC	None	2019-01-08 06:00:00	2020-01-03 00:00:00	None	Generic ArcSight scan attempt (IP=246,China) | updated by GM with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=246,CN)
114.67.239.17	24	RR	None	2018-12-31 06:00:00	2020-03-06 00:00:00	None	Illegal user (IP=17,CN) | updated by GM with reason Invalid user - Failed Logons (IP=5,CN)
114.67.248.130	24	DT	None	2020-08-15 00:00:00	2020-11-13 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=130,CN)
114.67.66.66	24	BMP	None	2020-03-10 00:00:00	2020-06-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=66,CN)
114.67.67.206	24	ABC	None	2018-06-20 05:00:00	2020-01-11 00:00:00	None	Generic ArcSight scan attempt (IP=206,CN) | updated by ABC with reason Command Injection Attempt (IP=209,CN)
114.67.72.55	24	YM	None	2018-06-20 05:00:00	2020-01-31 00:00:00	None	Illegal user (IP=55,CN) | updated by GM with reason Invalid user - Failed Logons (IP=229,CN)
114.67.73.11	24	KF	None	2020-04-27 00:00:00	2020-07-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=11,CN)
114.67.74.139	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=139,CN)
114.67.76.244	24	MLJ	None	2018-06-03 05:00:00	2020-03-08 00:00:00	None	ET WEB_SERVER Microsoft IIS Remote | updated by RR with reason Invalid user - Failed Logons (IP=63,CN)
114.67.76.63	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=63,CN)
114.67.77.150	24	GM	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=150,CN)
114.67.80.161	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=161,CN)
114.67.83.154	24	GM	None	2020-03-21 00:00:00	2020-06-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=154,CN)
114.67.84.151	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Illegal user - Failed Logons (IP=151,CN)
114.67.89.38	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=38,CN)
114.67.90.244	24	KF	None	2020-06-11 00:00:00	2020-09-09 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=244,CN)
114.67.92.37	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_6 hr web attacks (IP=37,CN)
114.67.93.79	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SQL Injection (IP=79,CN)
114.67.95.49	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password_6 hr Failed Logons (IP=49,CN)
114.70.93.64	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=64,KR)
114.72.144.240	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=240,AU)
114.75.186.69	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,AU)
114.80.178.221	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=221,CN)
114.84.150.13	24	RR	None	2019-11-22 00:00:00	2020-02-21 00:00:00	None	Failed password for invalid user - Failed Logons (IP=13,CN) | updated by KF Block expiration extended with reason Failed password (IP=13,CN)
114.88.122.235	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Illegal user - 6hr Logons (IP=235,CN)
114.88.162.126	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=126,CN)
114.89.137.195	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=195,CN)
114.97.225.120	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=120,CN)
114.97.225.120	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=120,CN)
114.97.225.120	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=120,CN)
114.97.234.92	24	RB	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=92,CN)
114.98.230.221	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=221,CN)
115.110.193.166	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	Authentication Failed (IP=166,IN)
115.110.207.116	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=116,IN)
115.112.143.190	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Failed password_Failed Logon (IP=90,IN)
115.112.176.198	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user - Failed Logons (IP=198,IN)
115.114.111.94	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
115.124.110.200	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=200,IN)
115.124.124.19	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=19,IN)
115.124.97.0	24	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	IN TO-S-2019-0551.02 Malicious Email Activity
115.127.74.226	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Authentication Failed - Failed Logons (IP=226,BD)
115.132.211.181	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=181,MY)
115.132.26.198	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
115.133.21.148	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=148,MY)
115.134.120.131	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=131,MY)
115.134.81.53	24	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Authentication Failed - 6hr Logon (IP=53,MY)
115.135.34.12	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt_SourceFire (IP=12,MY)
115.143.66.28	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Illegal user - 6hr Logons (IP=28,KR)
115.144.107.0	24	tjh	None	2015-11-10 06:00:00	2020-04-08 00:00:00	None	KR TO-S-2016-0080 | updated by jky with reason KR TO-S-2017-0108 malicious activity | updated by jky with reason SK TO-S-201
115.146.120.179	24	SQL	None	2018-06-06 05:00:00	2020-02-04 00:00:00	None	1 = 1 - possible sql injection | updated by kmw with reason VN TO-S-2019-0363.01 Malware Activity
115.146.123.150	24	dbc	None	2014-04-17 05:00:00	2020-01-19 00:00:00	None	Potential SSH Scan (ip=150, VN) | updated by EDBT with reason ET SCAN Potential SSH Scan (IP=162,VN) | updated by KF with reason Generic ArcSight scan attempt (IP=38,XX)
115.146.126.0	24	sym	None	2014-03-27 05:00:00	2020-04-09 00:00:00	None	SSH Scan (ip=240,CN) | updated by RR with reason Illegal user (IP=209,VN | updated by KF with reason INDICATOR-SCAN SSH brute force login attempt (IP=168,VN)
115.151.148.90	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	APP-DETECT failed FTP login attempt - sourcefire (IP=90,CN)"
115.153.95.243	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=243,CN)
115.155.1.121	24	BMP	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Failed password - 6hr Logon (IP=121,CN)
115.159.126.184	24	BMP	None	2020-01-15 00:00:00	2020-02-14 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01460 (IP=184,CN)
115.160.171.76	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=76,HK)
115.171.12.130	24	ABC	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=130,CN)
115.171.166.247	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=247,CN)
115.171.168.66	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=66,CN)
115.171.60.206	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=206,CN)
115.171.61.100	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=100,CN)
115.171.62.57	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=57,CN)
115.171.63.111	24	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=111,CN)
115.171.83.81	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	UDP: Host Sweep (IP=81,CN)
115.171.84.236	24	RB	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	UDP: Host Sweep - Automated Block Report (IP=236,CN)
115.178.222.26	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Authentication Failed - Failed Logons (IP=26,ID)
115.178.58.19	24	tpr	None	2015-08-02 05:00:00	2020-08-02 05:00:00	None	Cheeky Monkey C2 (ip=19, TH)
115.186.148.38	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
115.187.36.146	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
115.187.48.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
115.192.211.191	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=191,CN)
115.194.223.95	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=95,CN)
115.197.111.204	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=,CN)
115.204.110.148	24	RB	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=148,CN)
115.204.192.226	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Invalid user - Failed Logons (IP=226,CN)
115.205.112.71	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=71,CN)
115.209.134.34	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=34,CN) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
115.21.33.202	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0212.01 Malicious Web Application Activity
115.21.33.202	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	KR TO-S-2020-0206 Malicious Web Application Activity
115.213.189.87	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=87,CN)
115.215.86.191	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=191,CN)
115.217.78.199	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=199,CN)
115.218.178.87	32	RB	None	2020-08-17 00:00:00	2020-11-17 00:00:00	None	HTTP: PHP-FPM Remote Code Execution Vulnerability (CVE-2019-11043) - TT # 20C03730 (IP=87,CN)
115.219.138.195	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=195,CN)
115.220.10.48	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	Failed password - Failed Logons (IP=48,CN)
115.220.9.20	24	ABC	None	2019-10-14 00:00:00	2020-01-12 00:00:00	None	Command Injection Attempt (IP=20,CN)
115.221.66.110	24	RR	None	2019-03-24 00:00:00	2020-01-17 00:00:00	None	APP-DETECT failed FTP login attempt (IP=110,CN) | updated by RB with reason APP-DETECT failed FTP login attempt_6 hr Failed Logons (IP=251,CN) | 2020-01-17 | 2019-06-22
115.221.69.74	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=74,CN)
115.221.70.236	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=236,CN)
115.226.145.141	24	RR	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt - Web Attacks (IP=141,CN)
115.23.68.239	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=239,KR)
115.230.124.21	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Generic ArcSight scan attempt (IP=21,CN)
115.233.218.204	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	Unauthorized Scanning (IP=204,CN)
115.236.170.78	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=78,CN)
115.236.23.214	24	KF	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	TCP: SYN Host Sweep (IP=214,CN)
115.236.30.75	24	GM	None	2020-08-14 00:00:00	2020-11-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=75,CN)
115.236.31.83	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=83,CN)
115.236.33.226	24	jkc	None	2016-11-29 06:00:00	2020-01-26 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=226, CN) | updated by RR with reason Illegal user (IP=226,CN) | updated by RR with reason Generic ArcSight scan attempt (IP=149,CN)
115.236.61.202	24	YM	None	2018-05-07 05:00:00	2020-01-25 00:00:00	None	ET SCAN Potential SSH Scan (IP=202,CN) | updated by RR with reason Generic ArcSight scan attempt (IP=203,CN)
115.239.64.43	32	RR	None	2020-05-19 00:00:00	2020-08-17 00:00:00	None	FTKNOX_HRC_IPS - TT# 20C02848 (IP=43,CN)
115.239.65.150	32	GM	None	2020-07-23 00:00:00	2020-10-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03543 (IP=150,CN)
115.249.152.138	32	RR	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03897 (IP=138,IN)
115.249.205.29	24	RR	None	2018-12-08 06:00:00	2020-03-03 00:00:00	None	Failed password for invalid user (IP=29,IN) | updated by RWB Block was inactive. Reactivated on 20191204 with reason Failed password for invalid user - Failed Logon (IP=29 ,IN)
115.249.224.21	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Illegal user - 6hr Logons (IP=21,IN)
115.254.63.51	24	RR	None	2018-02-15 06:00:00	2020-01-23 00:00:00	None	Illegal user (IP=51,IN) | updated by KF with reason Illegal user (IP=51,IN) | updated by RR with reason Illegal user - Failed Logons (IP=52,IN)
115.43.109.131	32	BMP	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03245 (IP=131,HTW)
115.48.119.214	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	SERVER-WEBAPP GPON Routerauthentication bypass and command injection attempt (IP=214,CN)
115.48.217.106	32	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00948 (IP=106,CN)
115.48.75.116	24	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=116,CN)
115.49.247.107	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=7,CN)
115.49.74.95	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=95,CN)
115.49.77.102	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_failed Logon (IP=2,CN)
115.49.78.153	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=153,CN)
115.50.41.146	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=146,CN)
115.51.41.215	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=215,CN)
115.52.123.170	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=170,CN)
115.52.162.206	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=206,CN)
115.52.88.2	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=2,CN)
115.53.101.156	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=156,CN)
115.53.30.133	24	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=133,CN)
115.54.171.201	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=201,CN)
115.55.135.230	24	RR	None	2019-12-11 00:00:00	2020-03-10 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=230,CN)
115.55.166.123	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
115.55.36.69	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_12 hr web attacks (IP=69,CN)
115.55.66.139	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=39,CN)
115.55.99.64	24	BMP	None	2020-03-22 00:00:00	2020-06-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=64,CN)
115.56.115.188	24	RB	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_6 hr web attacks (IP=188 CN)
115.56.141.245	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=245,CN)
115.58.57.58	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web Attacks (IP=58,CN)
115.59.12.44	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=44,CN)
115.59.3.38	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=38,CN)
115.62.149.124	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=124,CN)
115.62.46.72	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr Web attacks (IP=72,CN)
115.63.190.229	24	RW	None	2019-10-02 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6 hr web attacks (IP=229,CN)
115.63.83.32	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_failed Logon (IP=32,CN)
115.64.122.153	32	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	2RCC Immediate Network Block TT# 20C01518 (IP=53,AU)
115.64.122.153	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SQL use of sleep function in HTTP header - likely SQL injection attempt - SourceFire (IP=153,AU)
115.64.52.182	24	RR	None	2020-01-17 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=182,AU) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=182,AU)
115.68.17.179	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	KR TO-S-2019-0634 Malicious Email Activity
115.68.220.10	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=10,KR) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
115.68.220.10	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=10,KR) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
115.68.95.199	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	KR TO-S-2019-0604 Malicious Email Activity
115.70.91.150	24	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=150,AU)
115.72.202.205	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=205,VN)
115.72.77.118	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=118,VN)
115.74.200.122	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Illegal user - Failed Logons (IP=122,VN)
115.74.202.223	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=223,Vietnam)
115.75.113.129	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=129,VN)
115.75.183.131	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=131,VN)
115.75.2.227	24	CR	None	2019-05-28 00:00:00	2020-03-07 00:00:00	None	Authentication Failed_6 hr Failed Logon (IP=227,VN) | updated by GM with reason Invalid user - Failed Logons (IP=189,VN)
115.76.110.90	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=90,VN)
115.76.45.229	24	RR	None	2020-01-18 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=229,VN) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=229,VN)
115.77.225.172	24	KF	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1) - SourceFire (IP=172,VN)
115.77.252.253	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=253,VN)
115.77.49.205	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=205,VN)
115.78.1.103	24	RB	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	FOX-SRT-IOC-XServer/Agent-Possible XServer Start SOCKS5 Proxy mode_Sourcefire (IP=103,VN)
115.78.128.79	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=79,VN)
115.78.225.242	24	RW	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=242,VN)
115.78.8.83	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=83,VN)
115.79.103.102	24	RW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=102,VW)
115.79.192.60	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=60,VN)
115.79.196.95	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=95,VN)
115.79.209.29	32	KF	None	2020-05-29 00:00:00	2020-08-27 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - TT# 20C02990 (IP=29,VN)
115.79.221.63	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=63,VN)
115.79.4.11	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Generic ArcSight scan attempt (IP=11,VN)
115.79.5.75	24	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Illegal user - Failed Logons (IP=75,VN)
115.84.180.0	22	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	VN TO-S-2019-0577 Malicious Email Activity
115.84.64.0	18	jky	None	2017-03-29 05:00:00	2020-02-02 00:00:00	None	LA TO-S-2017-0783 Malicious activity | updated by GLM with reason APP-DETECT failed FTP login attempt (IP=138,LA) | updated | updated by RW with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 19C03333 (IP=162,US) | upda
115.84.76.5	24	GM	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	Illegal users - Failed Logons (IP=5,LA)
115.87.236.74	24	RR	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Failed password - Failed Logons (IP=74,)
115.89.74.126	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason KR TO-S-2020-0212.01 Malicious Web Application Activity
115.90.244.154	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Invalid user - Failed Logon (IP=154,KR)
115.93.16.173	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	KR TO-S-2019-0508 Malware Activity
115.95.135.61	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=61,KR)
115.97.248.213	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=213,IN)
115.99.17.75	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=75,IN)
115.99.209.85	24	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=85,IN)
116.1.149.19	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=19,CN)
116.104.50.198	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=198,VN)
116.104.89.112	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=112,VN)
116.105.17.15	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=15,VN)
116.105.227.133	24	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=133,VN)
116.107.193.210	24	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - Failed Logons (IP=210,VN)
116.108.149.47	32	GM	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and CVE-2017-12617) - TT# 20C03476 (IP=47,VN)
116.108.149.47	24	RB	None	2020-07-16 00:00:00	2020-10-14 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Sourcefire (IP=47,VN)
116.109.98.58	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=58,VN)
116.111.99.99	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=99,VN)
116.112.127.204	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=204,CN)
116.112.189.8	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=8,CN)
116.112.202.139	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	UDP: Host Sweep (IP=139,CN)
116.113.182.88	24	RB	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=88 CN)
116.113.99.172	24	BMP	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=172,CN)
116.114.251.244	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Failed Logons (IP=244,CN)
116.114.95.230	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=30,CN)
116.117.157.69	24	GLM	None	2018-10-20 05:00:00	2020-04-28 00:00:00	None	Illegal user (IP=69,CN) | updated by GM Block was inactive. Reactivated on 20200128 with reason Failed password - Failed Logons (IP=69,CN)
116.118.104.85	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Authentication Failed_Failed Logon (IP=85,VN)
116.118.119.86	24	CR	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - Sourcefire (IP=86,VN)
116.118.54.8	24	KF	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=8,VN)
116.118.7.26	24	RR	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	Illegal user - Failed Logons (IP=26,VN)
116.12.46.154	24	RR	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=154,ID)
116.12.50.164	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	SG TO-S-2019-0468 Malicious Email Activity
116.12.50.72	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	SG TO-S-2020-0056 Malware Activity
116.140.34.68	32	wmp	None	2020-09-24 00:00:00	2020-12-23 00:00:00	None	HIVE Case #3974 COLS-NA-TIP-20-0301 (IP=68,CN)
116.16.120.49	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=49,CN)
116.16.121.14	24	RR	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=14,CN)
116.16.123.176	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=176,CN)
116.16.123.210	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=210,CN)
116.16.152.95	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=95,CN)
116.16.155.116	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=116,CN)
116.16.174.126	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=126,CN)
116.171.0.59	24	RR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Illegal user - Failed Logons (IP=59,CN)
116.177.181.50	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=50,CN)
116.177.35.99	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=99,CN)
116.178.224.29	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=29,CN)
116.192.177.197	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
116.192.179.76	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=76,CN)
116.193.168.170	32	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	TCP: SYN Host Sweep (IP=170,US)
116.196.104.100	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed logons (IP=100,CN)
116.196.116.141	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=141,CN)
116.196.117.154	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP= 154 , CN )
116.196.118.241	24	CR	None	2018-12-19 06:00:00	2020-01-18 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=241,CN) | updated by GM with reason Illegal user - Failed Logons (IP=104,CN)
116.196.67.208	24	YM	None	2018-04-04 05:00:00	2020-01-03 00:00:00	None	vulnerability 11 opord 2016-191F9 sid:1000071 (IP=208,CN) | updated by GM with reason INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=120,CN) | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks
116.196.78.211	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=211,CN)
116.196.81.21	24	alj	None	2018-11-26 06:00:00	2020-01-14 00:00:00	None	MALWARE-BACKDOOR JSP webshell | updated by CR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attack (IP=253,CN)
116.196.82.232	24	RB	None	2018-01-14 06:00:00	2020-01-21 00:00:00	None	ET SCAN Potential SSH Scan (IP=232,CN) | updated by RR with reason Failed password for invalid user (IP=146,CN) | updated by GM with reason Illegal user - Failed Logons (IP=52,CN)
116.196.83.174	24	RB	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Illegal user_6 hr Failed Logons (IP=174 CN) | 2020-04-14 | 2019-04-19
116.196.83.248	24	BMP	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=148,CN)
116.196.86.216	24	YM	None	2017-10-23 05:00:00	2020-01-10 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt (IP=216,CN) | updated by RR with reason SERVER-WEBAPP JBoss JMXInvok | updated by GM with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=113,CN)
116.196.87.71	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Invalid user - Failed Logons (IP=71,CN)
116.196.90.138	24	RB	None	2018-05-12 05:00:00	2020-02-02 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=138 CN) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=181,CN) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=181,CN)
116.196.94.108	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Invalid user -Failed Logons (IP=108,CN)
116.197.133.98	24	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - Failed Logons (IP=98,ID)
116.197.152.0	22	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
116.197.169.29	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=29,JP)
116.202.0.0	15	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	DE TO-S-2019-0532 Malicious Email Activity
116.202.234.171	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=171,DE)
116.202.235.13	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=13,DE)
116.202.42.154	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=154,DE)
116.203.102.107	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	DE TO-S-2019-0658 Malware Activity
116.203.109.212	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	DE TO-S-2019-0972 Malware Activity
116.203.140.77	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	DE TO-S-2019-0631 Malware Activity
116.203.244.223	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malware Activity
116.203.36.215	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	DE TO-S-2019-0532.01 Phishing Activity
116.203.36.91	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	DE TO-S-2020-0031 Malicious Email Activity
116.203.53.179	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	DE TO-S-2019-0400 Malicious Email Activity
116.203.73.240	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=240,DE)
116.204.187.245	32	RB	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01257 (IP=245,HK)
116.206.105.125	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	SC TO-S-2019-0420 Malicious Email Activity
116.206.137.65	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	MM TO-S-2019-0658 Malware Activity
116.206.176.43	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=43,CN)
116.206.196.254	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=254,ID)
116.206.230.0	24	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	CN TO-S-2019-0571 Malicious Email Activity
116.206.59.195	24	FT	None	2020-09-01 00:00:00	2020-12-01 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=195,BD)
116.206.94.215	24	KF	None	2020-05-04 00:00:00	2020-08-02 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=215,)
116.209.173.179	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=179,CN)
116.21.56.223	32	DT	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03530 (IP=223,CN)
116.212.155.149	24	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	Authentication Failed - Failed Logons (IP=149,KH)
116.212.155.149	24	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	Authentication Failed - Failed Logons (IP=149,KH)
116.212.155.149	24	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	Authentication Failed - Failed Logons (IP=149,KH)
116.213.40.223	24	RW	None	2020-04-12 00:00:00	2020-07-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=223,HK)
116.218.131.231	24	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	UDP: Host Sweep (IP=231,CN)
116.227.99.174	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP= 174 , CN )
116.228.105.86	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Command Injection Attempt (IP=86,CN)
116.228.110.108	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=108,CN)
116.230.48.59	24	GM	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Illegal user - Failed Logons (IP=59,CN)
116.233.188.98	24	CR	None	2019-12-04 00:00:00	2020-03-04 00:00:00	None	Failed password - 6 hr failed logon (IP=98,CN)
116.235.131.215	24	RR	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	Authentication Failed - Failed Logons (IP=215,CN)
116.236.105.170	24	GLM	None	2018-10-03 05:00:00	2020-06-27 00:00:00	None	Illegal user (IP=170,CN) | updated by RR Block was inactive. Reactivated on 20200329 with reason TCP: SYN Host Sweep- ARCSight Sauron (IP=170,CN)
116.236.178.105	24	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=105,CN)
116.236.185.64	24	RB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	Failed password_6 hr Failed Logons (IP=64,CN)
116.236.2.254	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=254,CN)
116.236.85.1	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=1,CN)
116.238.12.185	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
116.24.152.71	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password_Faield Logon (IP=71,CN)
116.240.128.54	24	RR	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=54,AU)
116.249.194.205	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=205,CN)
116.252.0.235	24	DT	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=235,CN)
116.255.157.137	24	BMP	None	2020-02-26 00:00:00	2020-05-26 00:00:00	None	HTTP: Apache Struts Remote Code Execution Vulnerability (CVE-2018-11776) - TT# 20C01835 (IP=218,JO)
116.30.196.57	24	BMP	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=57,CN)
116.31.105.198	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=198,CN)
116.40.207.27	24	BMP	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Authentication Failed - 6hr Logon (IP=27,KR)
116.48.136.210	24	KF	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=210,HK)
116.5.187.212	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=212,CN)
116.50.39.21	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=21,TW)
116.53.20.99	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	Authentication Failed - Failed Logon (IP=99,CN)
116.58.10.179	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	PK TO-S-2019-0351 Malware Activity
116.58.251.108	32	KF	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Immediate Inbound Network Block - TT# 20C01108 (IP=108,US)
116.6.45.114	24	MLJ	None	2017-06-08 05:00:00	2020-01-23 00:00:00	None	ET SCAN Potential SSH Scan (IP=114,CN) | updated by RR with reason Illegal user - Failed Logons (IP=180,CN)
116.62.212.95	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Timeout before authentication for_Faield Logon (IP=95,CN)
116.63.141.136	24	RR	None	2020-03-13 00:00:00	2020-06-11 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=136,CN)
116.63.33.198	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=198,CN)
116.63.66.42	24	FT	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=42,CN)
116.68.206.195	32	wmp	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	HIVE Case #3755 COLS-NA-TIP-20-0278 (IP=195,BD)
116.7.176.117	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=117,CN)
116.72.137.237	24	RB	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=237,IN)
116.72.16.15	24	RWB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Illegal user - Failed Logon (IP=15,IN)
116.72.85.78	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=78,IN)
116.74.110.48	24	KF	None	2019-10-15 00:00:00	2020-01-13 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_6 hr web attacks (IP=48,IN)
116.75.247.139	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
116.85.26.16	24	FT	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=CN,16)
116.85.43.100	24	DT	None	2020-06-14 00:00:00	2020-09-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=100,CN)
116.85.5.88	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=88,CN)
116.86.156.74	24	KF	None	2020-01-20 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=74,SG) | updated by RWB with reason Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,SG)
116.86.166.93	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Authentication Failed - Failed Logons (IP=93,SG)
116.86.249.228	24	RB	None	2020-04-22 00:00:00	2020-07-21 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - 6 hr web attacks (IP=228,SG)
116.86.56.88	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 020420-00063 (IP=88,SG)
116.89.12.18	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=18,SG)
116.89.242.65	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=65,CN)
116.90.165.0	24	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	ID TO-S-2020-0077 Malicious Email Activity
116.90.56.138	32	wmp	None	2020-08-03 00:00:00	2020-11-03 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=138,AU)
116.95.111.210	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=210,CN)
116.96.12.185	24	RB	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode_Sourcefire (IP=185,VN)
116.96.41.212	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=212,VN)
116.96.72.3	24	KF	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Illegal user (IP=3,VN)
116.97.117.123	24	RB	None	2018-12-01 06:00:00	2020-02-13 00:00:00	None	SQL use of sleep function with and - likely SQL injection (IP=123,VN) | updated by GM with reason SQL HTTP URI blind injection attempt - Web Attacks (IP=125,VN)
116.97.52.135	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=135,VN)
117.0.0.0	13	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	VN TO-S-2019-0972 Malicious Web Application Activity
117.102.105.180	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Illegal user - 6hr Logon (IP=180,ID)
117.102.113.154	24	BMP	None	2020-06-14 00:00:00	2020-09-12 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=154,IN)
117.102.76.46	24	RR	None	2020-07-28 00:00:00	2020-10-26 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=46,ID)
117.107.133.162	24	RR	None	2019-05-01 00:00:00	2020-04-25 00:00:00	None	Illegal user - 6 hr Failed Logons (IP=162,CN) | updated by GM Block was inactive. Reactivated on 20200125 with reason Failed password - Failed Logons (IP=162,CN)
117.111.14.119	32	dbc	None	2019-01-15 06:00:00	2020-01-15 06:00:00	None	KR TO-S-2019-0321 Malware Activity
117.119.86.144	24	RB	None	2020-01-29 00:00:00	2020-04-30 00:00:00	None	Failed password_6 hr Failed Logons (IP=144,CN) | updated by GM Block expiration extended with reason Failed password - Web Attacks (IP=144,CN)
117.121.214.50	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=50,TH)
117.121.42.27	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Command Injection Attempt (IP=27,CN)
117.121.97.24	24	GM	None	2017-10-10 05:00:00	2020-01-03 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (24,CN) | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=96,CN) | 2020-01-03 | 2017-01-10
117.122.219.138	24	RW	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	TCP: SYN Host Sweep (IP=138,CN)
117.132.151.22	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Authentication Failed_Failed Logon (IP=22,CN)
117.132.193.61	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=61,CN)
117.132.195.82	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_12 hr web attacks (IP=82,CN)
117.136.6.122	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_12 hr web attacks (IP=122,CN)
117.14.55.98	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=98,CN)
117.141.210.235	24	GM	None	2019-10-09 00:00:00	2020-01-09 00:00:00	None	SERVER-WEBAPP Joomla
117.148.167.245	24	KF	None	2018-12-11 06:00:00	2020-01-17 00:00:00	None	INDICATOR-COMPROMISE Suspicious .top dns query (1:43687:2) (IP=245,CN) | updated by KF with reason INDICATOR-COMPROMISE Suspic | updated by KF Block was inactive. Reactivated on 20191015 with reason INDICATOR-COMPROMISE Suspicious .top dns query (1:4368
117.149.20.18	24	RR	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=18,CN)
117.155.44.186	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=186,CN)
117.156.119.39	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Failed password - Failed Logon (IP=39,CN)
117.156.152.50	24	ABC	None	2018-01-06 06:00:00	2020-03-27 00:00:00	None	Generic ArcSight scan attempt (IP=50,CN) | updated by RB with reason HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=60,CN) | 2020-03-27 | 2018-04-06
117.156.36.30	24	RW	None	2020-09-14 00:00:00	2020-12-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=30,CN)
117.157.15.27	24	KF	None	2020-03-16 00:00:00	2020-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=27,CN)
117.158.166.12	24	RR	None	2020-09-02 00:00:00	2020-12-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=12,CN)
117.158.200.49	24	RR	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	Failed password - Failed Logons (IP=49,CN)
117.158.243.78	24	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=78,CN)
117.16.142.9	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	KR TO-S-2019-0634 Malware Activity
117.160.162.24	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=24,CN)
117.161.127.11	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=11,CN)
117.176.230.153	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=153,CN)
117.18.15.249	24	ABC	None	2019-01-08 06:00:00	2020-04-04 00:00:00	None	Generic ArcSight scan attempt(IP=249,Hong Kong) | updated by RB with reason HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=70,HK) | 2020-04-04 | 2019-04-08
117.18.228.159	24	FT	None	2020-09-26 00:00:00	2020-12-24 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=159,MM)
117.18.229.148	24	RW	None	2020-09-16 00:00:00	2020-12-16 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - Sourcefire (IP=148,MM)
117.18.4.91	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=91,XX)
117.18.5.62	24	RW	None	2020-04-24 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=62,HK)
117.18.5.68	32	RB	None	2020-08-01 00:00:00	2020-09-01 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03604 (IP=68,HK)
117.185.62.146	24	KF	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Failed password_6 Hr Failed Logons (IP=146,CN) | updated by RW with reason Authentication Failed - 6hr Failed Logon(IP=146,CN)
117.187.30.118	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=118,CN)
117.190.50.179	24	RR	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=179,CN)
117.192.0.0	13	jky	None	2016-11-08 06:00:00	2020-04-16 00:00:00	None	IN TO-S-2017-0153 India country block | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=104,IN)
117.196.30.158	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,IN)
117.197.223.17	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=17,IN)
117.198.119.254	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=254,IN)
117.198.98.149	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=149,IN)
117.199.214.134	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=134,IN)
117.199.43.47	24	CR	None	2019-12-21 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=47,CN)
117.2.160.0	20	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	VN TO-S-2019-0593 Malware Activity
117.200.75.23	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Failed password - Failed Logons (IP=23,IN)
117.205.197.100	24	RR	None	2020-01-21 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=100,IN) | updated by RWB with reason Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,IN)
117.205.22.195	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=195,IN)
117.205.9.178	24	RR	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Authentication Failed - Failed Logons (IP=178,IN)
117.208.5.172	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed_Failed Logon (IP=72,IN)
117.211.150.26	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=26,IN)
117.211.161.42	24	RR	None	2018-04-07 05:00:00	2020-02-23 00:00:00	None	Authentication Failed (IP=42,IN) | updated by RR with reason Authentication Failed (IP=42,IN) | updated by BP with reason Authentication Failed - Failed Logons (IP=171,IN)
117.211.162.189	24	RW	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Generic ArcSight scan attempt (IP=189,IN)
117.211.163.44	32	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=44,IN)
117.212.128.243	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=243,IN)
117.213.79.150	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=150,IN)
117.220.148.50	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=50,IN)
117.23.5.151	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=151,no ISC data)
117.230.32.227	24	KF	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	APP-DETECT failed FTP login attempt (1:13360:7) (IP=227,IN)
117.232.127.50	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Illegal user - Failed Logons (IP=50,IN)
117.232.127.51	24	KF	None	2018-10-20 05:00:00	2020-01-14 00:00:00	None	Illegal user (IP=51 IN) | updated by RR with reason Failed password - Failed Logons (IP=50,IN)
117.236.136.227	32	RB	None	2020-08-01 00:00:00	2020-09-01 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03605 (IP=68,HK)
117.239.94.193	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=193,IN)
117.24.12.108	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=108,CN)
117.245.71.47	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=47,IN)
117.247.104.51	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=51,IN)
117.247.152.22	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=22,IN)
117.247.190.142	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=142,IN)
117.247.60.107	24	RW	None	2019-12-19 00:00:00	2020-03-19 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=107,IN)
117.248.181.198	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=198,IN)
117.248.192.215	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Failed Logons (IP=215,IN)
117.25.174.99	24	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=99,CN)
117.254.32.49	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	KL KE Message U (IP=49,IN)
117.255.216.116	24	YM	None	2018-05-26 05:00:00	2020-02-20 00:00:00	None	Illegal user (IP=11,IN) | updated by dcg with reason IN TO-S-2018-1046 associated with malicious web application activity | updated by RR with reason Failed password - Failed Logons (IP=106,IN)
117.28.98.27	24	GLM	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	ABC Generic ArcSight scan attempt (IP=27,CN)
117.28.99.44	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=44,CN)
117.29.243.142	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Authentication Failed - Failed Logon (IP=142,CN)
117.30.196.136	24	RR	None	2020-01-21 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=136,CN) | updated by RWB with reason Web Application Attack - SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=,CN)
117.30.197.59	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=59,CN)
117.32.88.18	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=18,CN)
117.33.174.142	24	RB	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=142,CN)
117.36.192.150	24	jkc	None	2015-05-05 05:00:00	2020-01-13 00:00:00	None	TCP HOST SWEEPS (IP=150, CN) | updated by ABC with reason Command Injection Attempt (IP=85,CN)
117.36.6.20	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	APP-DETECT failed FTP login attempt (1:13360:7)_SourceFire (IP=20,CH)
117.37.203.105	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=105,CN)
117.37.203.105	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=105,CN)
117.41.235.120	24	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=120,CN)
117.48.203.198	24	BMP	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	HTTP: ThinkPHP CMS GetshellVulnerability - Web Attacks (IP=198,CN)
117.48.208.124	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=124,CN)
117.48.209.108	24	RR	None	2019-01-19 00:00:00	2020-02-06 00:00:00	None	Failed password for invalid user (IP=108,CN) | updated by RR with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=81,CN)
117.48.209.81	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_Web Attacks (IP=81,CN)
117.48.227.69	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=69,CN)
117.50.1.12	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=12,CN)
117.50.104.145	24	CW	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability_Web Attacks (IP=45,CN)
117.50.106.147	24	RR	None	2020-07-09 00:00:00	2020-10-07 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=147,CN)
117.50.11.192	24	BMP	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=192,CN)
117.50.116.75	24	BMP	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr Web Attacks (IP=75,CN)
117.50.124.121	24	RR	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=121,CN)
117.50.13.251	24	BMP	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=251,CN)
117.50.137.36	24	DT	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=36,CN)
117.50.17.253	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=253,CN)
117.50.2.47	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Invalid user -Failed Logons (IP=47,CN)
117.50.25.196	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password - Failed Logon (IP=196,CN)
117.50.3.142	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=142,CN)
117.50.34.192	24	KF	None	2020-05-24 00:00:00	2020-08-22 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=192,CN)
117.50.38.246	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password - Failed Logons (IP=246,CN)
117.50.39.19	24	KF	None	2020-06-12 00:00:00	2020-09-10 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=19,CN)
117.50.43.14	24	ABC	None	2019-01-08 06:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt(IP=14,China) | updated by CR with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_web attack (IP=191,CN)
117.50.44.111	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=111,CN)
117.50.46.176	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=176,CN)
117.50.49.11	24	CR	None	2018-11-16 06:00:00	2020-02-06 00:00:00	None	Hello Peppa Scan (IP=11,CN) | updated by GM with reason Invalid user - Failed Logons (IP=57,CN)
117.50.5.83	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=83,CN)
117.50.5.94	24	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=94,CN)
117.50.61.165	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=165,CN)
117.50.64.118	24	RB	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=117,CN)
117.50.67.254	24	RR	None	2019-04-01 00:00:00	2020-02-27 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=254,CN) | updated by RB with reason Invalid user_6 hr Failed Logons (IP=214,CN) | 2020-02-27 | 2019-06-30
117.50.69.76	24	CR	None	2018-11-29 06:00:00	2020-01-19 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=76,CN) | updated by RR with reason Illegal user - Failed Logons (IP=133,CN)
117.50.8.39	24	KF	None	2019-10-19 00:00:00	2020-01-18 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=39,CN) | updated by KF Block expiration extended with reason Command Injection Attempt (IP=39,CN)
117.50.82.22	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=22,CN)
117.50.84.85	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Failed password - Failed Logon (IP=85,HK)
117.50.94.229	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=229,CN)
117.50.95.121	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Failed password - Failed Logon (IP=121,CN)
117.50.96.239	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=239,CN)
117.50.97.216	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=216,CN)
117.50.98.207	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=207,CN)
117.51.146.97	24	KF	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=97,CN)
117.51.148.56	24	KF	None	2020-06-22 00:00:00	2020-09-20 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=56,CN)
117.51.149.169	24	RW	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=169,CN)
117.51.154.22	24	KF	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	TCP: SYN Host Sweep (IP=22,CN)
117.52.20.99	24	DT	None	2020-06-17 00:00:00	2020-09-15 00:00:00	None	BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX function call access - SourceFire (IP=99,KR)
117.52.89.197	24	KF	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (1:19439:10) - SourceFire (IP=197,KO) - SourceFire
117.53.153.30	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=30,MY)
117.53.155.57	32	RB	None	2020-01-07 00:00:00	2020-04-06 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01373 (IP=57,MY)
117.53.47.39	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=39,ID)
117.55.192.0	20	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AF TO-S-2020-0109.01 Malicious Email Activity
117.55.241.54	24	ged	None	2016-06-01 05:00:00	2020-02-05 00:00:00	None	APP-DETECT failed FTP login attempt (IP=54, IN) | updated by CR with reason Failed password for invalid user user (IP=2,IN) | updated by RR with reason Generic ArcSight scan attempt (IP=53,IN)
117.60.152.231	24	RW	None	2019-12-12 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=231,CN)
117.60.160.7	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03007 (IP=7,CN)
117.60.160.98	32	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C02938 (IP=98,CN)
117.60.166.18	24	BMP	None	2020-06-08 00:00:00	2020-08-08 00:00:00	None	Malware Object - Hive Case 2981 (IP=18,CN)
117.60.166.7	32	CR	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02933 (IP=7,CN)
117.60.195.148	24	RR	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=148,CN)
117.60.86.158	24	BMP	None	2020-05-26 00:00:00	2020-08-24 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - 6hr Web Attacks (IP=158,CN)
117.60.95.163	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02967 (IP=163,CN)
117.62.22.55	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	TCP: SYN Host Sweep (IP=55,CN)
117.63.129.129	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	APP-DETECT failed FTP login attempt (IP=129 CN)
117.65.78.242	24	RR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=242,CN)
117.66.243.77	24	RR	None	2017-11-10 06:00:00	2020-02-24 00:00:00	None	Illegal user (IP=77,CN) | updated by RR with reason Failed password for invalid user (IP=77,CN) | updated by BP Block was inactive. Reactivated on 20191126 with reason Failed password for invalid user - 6hr Logon (IP=77,CN)
117.67.110.23	24	RR	None	2020-08-22 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (1:54602:1) - SourceFire (IP=23,CN)
117.67.85.194	24	FT	None	2020-09-18 00:00:00	2020-12-18 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - Sourcefire (IP=194,CN)
117.68.171.124	24	FT	None	2020-07-31 00:00:00	2020-10-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- Web Attacks (IP=124,CN)
117.71.53.105	24	RR	None	2018-02-08 06:00:00	2020-02-29 00:00:00	None	Illegal user (IP=105,CN) | updated by RR with reason Failed password for invalid user (IP=105,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=105,CN) | 2020-02-29 | 2019-03-15
117.73.2.103	24	RR	None	2019-01-19 00:00:00	2020-02-14 00:00:00	None	Failed password for invalid user (IP=103,CN) | updated by RW Block was inactive. Reactivated on 20191114 with reason Authentication Failed - 6hr Failed Logon(IP=103,CN)
117.74.135.35	24	BMP	None	2020-07-28 00:00:00	2020-10-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=35,CN)
117.78.0.0	24	sym	None	2014-05-28 05:00:00	2020-01-04 00:00:00	None	Potential SSH Scan (ip=53,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=45 CN) | 2020-01-04 | 2014-08-28
117.78.10.116	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=116,CN)
117.78.11.113	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=113,CN)
117.78.24.35	24	CR	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - Sourcefire (IP=35,CN)
117.78.39.112	24	EDBT	None	2017-10-29 05:00:00	2020-03-24 00:00:00	None	Illegal user (IP=112,CN) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=13,CN)
117.78.39.13	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt _SourceFire (IP=13,CN)
117.78.39.13	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=13,CN)
117.80.127.149	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=149,CN)
117.80.212.11	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password_Failed Logon (IP=11,CN)
117.80.83.255	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=255,CN)
117.82.131.128	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=128,CN)
117.84.253.133	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=133,CN)
117.84.255.78	24	CR	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	APP-DETECT failed FTP login attempt_6 hr failed logon (IP=78,CN)
117.85.120.214	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=214,CN)
117.87.102.116	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=116,CN)
117.87.202.104	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=104,CN)
117.87.203.175	24	RWB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=175,CN)
117.87.204.37	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=37,CN)
117.87.205.113	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=113,CN)
117.87.206.213	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shellarbitrary command execution attempt (IP=213,CN)
117.87.228.23	24	CR	None	2020-01-20 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=23,CN)
117.87.239.215	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=215,CN)
117.87.36.175	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=75,CN)
117.87.39.13	24	RW	None	2019-12-25 00:00:00	2020-03-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=13,CN) | updated by RWB Block expiration extended with reason Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attem
117.87.8.196	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=196,CN)
117.90.18.28	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=28,CN)
117.90.206.110	24	RR	None	2020-01-18 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=110,CN) | updated by KF Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=110,CN)
117.90.32.49	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=49,CN)
117.90.86.165	24	RWB	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=165,CN)
117.92.247.56	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=56,CN)
117.93.108.51	24	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Illegal user - Failed Logons (IP=51,CN)
117.93.115.29	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=29,CN)
117.93.26.218	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=218,CN)
117.93.42.79	32	RR	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02931 (IP=79,CN)
117.93.42.86	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03007 (IP=86,CN)
117.93.42.88	32	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02939 (IP=88,CN)
117.93.42.90	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02961 (IP=90,CN)
117.93.42.92	32	KF	None	2020-05-23 00:00:00	2020-05-23 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C02892 (IP=92,CN)
117.93.42.93	32	DT	None	2020-05-26 00:00:00	2020-08-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02916 (IP=93,CN)
117.93.42.95	32	DT	None	2020-05-26 00:00:00	2020-08-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02919 (IP=95,CN)
117.93.86.238	24	DT	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - SourceFire - (IP=238,CN)
117.94.114.239	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=239,CN)
117.94.218.211	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Failed password_6 Hr Failed Logons (IP=211,CN)
117.94.226.223	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_SourceFire (IP=23,CN)
117.95.117.64	24	RR	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=64,CN)
117.95.149.194	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=194,CN)
117.95.154.72	24	KF	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=72,CN)
117.95.158.239	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=239,CN)
117.95.161.178	24	CW	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=78,CN)
117.95.174.137	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=137,CN)
117.95.180.168	24	CR	None	2020-01-06 00:00:00	2020-04-06 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=168,CN)
117.95.185.231	24	RR	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=231,CN)
117.95.196.238	24	BMP	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=238,CN)
117.95.203.134	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=134,CN)
117.95.228.244	32	RW	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C01862 (IP=244,CN)
117.95.228.69	24	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=69,CN)
117.95.229.145	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	Vulnerability - TT# 20C01768 (IP=145,CN)
117.95.230.172	24	KF	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C01764 (IP=172,CN)
117.95.231.38	24	KF	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C01763 (IP=38,CN)
117.95.57.22	24	RR	None	2020-01-21 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=22,CN) | updated by RWB with reason Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,CN)
117.97.154.80	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=80,IN)
117.97.162.126	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=126,IN)
118.0.141.77	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Web Attacks (IP=77,JP)
118.0.193.29	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt - Web Attacks (IP=29,JP)
118.100.126.116	24	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=116,MY)
118.101.192.81	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password for invalid user (IP=81,MY)
118.101.229.103	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=103,MY)
118.101.47.168	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=168,MY)
118.107.14.42	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Command Injection Attempt (IP=42,XX)
118.107.181.11	24	RB	None	2018-05-19 05:00:00	2020-04-12 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=11,HK) | updated by RB with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01448 (IP=151,HK)
118.107.233.29	24	RR	None	2018-12-13 06:00:00	2020-02-01 00:00:00	None	Failed password for invalid user (IP=29,MY) | updated by KF Block was inactive. Reactivated on 20191103 with reason Failed Password_6 Hr Failed Logons (IP=29,MY)
118.107.40.107	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=107,TW)
118.107.42.17	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=17,AU)
118.107.43.141	24	RW	None	2019-12-19 00:00:00	2020-03-19 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=141,HK)
118.113.12.5	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=5,CN)
118.116.122.59	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type)_SourceFire (IP=59,CN)
118.117.174.106	24	RR	None	2019-12-11 00:00:00	2020-03-11 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (1:46624:2) - SourceFire (IP=106,CN) | updated by RWB Block expiration extended with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web
118.118.47.72	24	RB	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt-Sourcefire (IP=72,CN)
118.120.0.0	14	jky	None	2016-10-28 05:00:00	2020-03-24 00:00:00	None	CN TO-S-2017-0116 Sality malware callback | updated by CW with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=66,CN)
118.121.196.25	24	RW	None	2020-09-14 00:00:00	2020-12-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=25,CN)
118.121.206.66	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Invalid user - Failed Logons (IP=66,CN)
118.125.186.189	24	DT	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=189,CN)
118.126.103.4	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=4,CN)
118.126.105.120	24	RR	None	2018-05-15 05:00:00	2020-01-31 00:00:00	None	ET SCAN ZmEu Scanner User-Agent Inbound (IP=120,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=120,CN) | 2020-01-31 | 2018-08-13
118.126.107.49	24	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	Web (HTTP) Attacks (IP=49,CN)
118.126.110.152	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web Attacks_Web Attacks (IP=52,CN)
118.126.64.217	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=217,CN)
118.126.65.175	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=175,CN)
118.126.92.89	24	RB	None	2020-01-07 00:00:00	2020-04-06 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability_6 hr web attacks (IP=89 CN)
118.126.93.11	24	RB	None	2018-05-13 05:00:00	2020-01-19 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=11,CN) | updated by KF with reason Command Injection Attempt (IP=177,CN)
118.126.94.215	24	KF	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=215,CN)
118.126.96.180	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=180,CN)
118.126.97.108	24	RR	None	2020-08-22 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=108,CN)
118.137.141.108	24	RW	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr web attacks (IP=108,ID)
118.141.208.166	24	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Authentication Failed - Failed Logons (IP=166,HK)
118.143.198.3	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=3,HK)
118.161.52.45	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=45,TW)
118.163.111.221	24	RWB	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Failed password - Failed Logon (IP=221,CN) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=221,TW)
118.163.178.146	24	RR	None	2018-05-09 05:00:00	2020-01-14 00:00:00	None	Timeout before authentication for (IP=146,TW) | updated by RR with reason Failed password - Failed Logons (IP=146,TW)
118.163.193.82	24	RR	None	2018-12-08 06:00:00	2020-01-24 00:00:00	None	Failed password for invalid user (IP=82,TW) | updated by CW Block was inactive. Reactivated on 20191026 with reason Illegal user_Failed Logon (IP=82,TW)
118.163.81.31	24	BMP	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=31,TW)
118.166.124.215	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=215,TW)
118.166.72.157	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=157,TW)
118.167.31.71	24	DT	None	2020-06-15 00:00:00	2020-09-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=71,TW)
118.167.46.14	24	RB	None	2020-06-30 00:00:00	2020-09-28 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr web attack (IP=14,TW)
118.168.2.138	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Sourcefire (IP=138,TW)
118.168.239.76	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Illegal user - Failed Logons (IP=76,TW)
118.169.34.53	24	RB	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=53,TW)
118.169.77.208	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=208,TW)
118.169.80.141	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=141,TW)
118.170.210.149	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=149,TW)
118.171.74.178	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=178,TW)
118.172.130.240	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=240,TH)
118.172.149.142	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - Failed Logons (IP=142,TH)
118.172.154.178	24	RR	None	2020-02-04 00:00:00	2020-05-08 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=178,TH) | updated by GM Block expiration extended with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=178,TH)
118.172.154.178	32	KF	None	2020-02-08 00:00:00	2020-09-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01654 (IP=178,US) | updated by DT Block was inactive. Reactivated on 20200617 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03206
118.172.191.21	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=21,TH)
118.172.194.226	24	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=226,TH)
118.172.204.20	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=20,TH)
118.172.255.151	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=151,TH)
118.172.48.83	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=83,TH)
118.172.71.140	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=140,TH)
118.173.113.121	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
118.173.37.24	24	RR	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=24,TH)
118.174.183.89	24	ABC	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	Command Injection Attempt (IP=89,TH)
118.174.198.168	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=168,TH)
118.174.198.168	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=168,TH)
118.174.21.41	24	RB	None	2019-05-21 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=41,TH) | updated by DT Block was inactive. Reactivated on 20200512 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=41,T
118.174.219.147	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Authentication Failed - Failed Logons (IP=147,TH)
118.174.89.189	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=189,TH)
118.174.89.189	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=189,TH)
118.174.89.189	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=89,TH)
118.175.240.21	24	ABC	None	2019-10-14 00:00:00	2020-01-12 00:00:00	None	Command Injection Attempt (IP=21,TH)
118.179.155.140	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=140,BD)
118.179.87.6	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=6,BD)
118.184.186.79	24	RR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Illegal user - Failed Logons (IP=79,CN)
118.184.216.249	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=249,CN)
118.185.5.203	24	GM	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	ABC Generic ArcSight scan attempt (IP=203,IN)
118.187.5.149	24	YM	None	2018-05-21 05:00:00	2020-02-20 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=149,CN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=37,CN)
118.189.162.199	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=199,SG)
118.189.172.132	24	RB	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attack (IP=132,SG)
118.189.200.125	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=125,SG)
118.190.205.156	32	nab	None	2020-09-21 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3940 PaloAlto Network scanning (IP=156,CN)
118.191.0.3	24	RW	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	Illegal user - 6hr Failed Logon (IP=3,CN)
118.192.66.79	24	RR	None	2019-01-19 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user (IP=79,CN) | updated by RR with reason Failed password - Failed Logons (IP=52,CN)
118.193.31.0	24	nab	None	2020-08-21 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3175 CTR-20-0920 SQL scanning (IP=31,HK)
118.200.15.73	24	DT	None	2020-04-23 00:00:00	2020-07-22 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=73,SG)
118.201.132.88	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=88,SG)
118.201.39.225	24	CR	None	2019-01-16 00:00:00	2020-02-20 00:00:00	None	Illegal user (IP=225,SG) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=225,SG)
118.213.95.50	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=50,CN)
118.219.52.203	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=203,KR)
118.23.165.11	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=11,JP)
118.233.38.156	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Failed Logons (IP=156,TW)
118.239.17.217	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=17,CN)
118.24.10.206	24	RR	None	2020-07-19 00:00:00	2020-10-17 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=206,CN)
118.24.101.221	24	CR	None	2018-08-20 05:00:00	2020-02-20 00:00:00	None	Illegal user (IP=221,CN) | updated by RR with reason Failed password - Failed Logons (IP=182,CN)
118.24.108.196	24	CR	None	2019-11-28 00:00:00	2020-02-28 00:00:00	None	Failed password - 6 hr Failed Logon (IP=196,CN)
118.24.111.62	24	RR	None	2018-11-25 06:00:00	2020-01-30 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=62,CN) | updated by RR with reason Failed password - Failed Logons (IP=71,)
118.24.117.239	24	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=239,CN)
118.24.120.2	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Failed password - Failed Logons (IP=2,CN)
118.24.121.240	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	Failed password_Failed Logon (IP=40,CN)
118.24.122.13	24	CR	None	2018-11-26 06:00:00	2020-02-20 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=13,CN) | updated by RR with reason Invalid user - Failed Logons (IP=36,CN)
118.24.126.243	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=243,CN)
118.24.127.66	32	BMP	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	HTTP: HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03520 (IP=66,CN)
118.24.129.151	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password - Failed Logons (IP=151,CN)
118.24.133.208	24	RB	None	2018-05-19 05:00:00	2020-01-10 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=208,CN) | updated by CR Block was inactive. Reactivated on 20191012 with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr Web attacks (IP=208,CN)
118.24.134.66	24	RB	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_6 hr web attacks (IP=66 CN)
118.24.138.148	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=148,CN)
118.24.139.84	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=84,CN)
118.24.142.110	24	RB	None	2018-05-12 05:00:00	2020-01-19 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=110 CN) | updated by KF with reason Command Injection Attempt (IP=141,CN)
118.24.143.110	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logon (IP=110,CN)
118.24.146.123	24	RR	None	2018-11-13 06:00:00	2020-02-07 00:00:00	None	Illegal user (IP=123,CN) | updated by RB with reason HTTP: ThinkPHP CMS Getshell Vulnerability_12 hr web attacks (IP=95,CN) | 2020-02-07 | 2019-02-11
118.24.147.75	24	RR	None	2018-08-18 05:00:00	2020-01-10 00:00:00	None	Illegal user (IP=75,CN) | updated by GM with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=252,CN)
118.24.149.248	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=248,CN)
118.24.153.45	24	RB	None	2019-01-18 00:00:00	2020-01-31 00:00:00	None	Failed password for invalid user(IP=45,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=230,CN) | 2020-01-31 | 2019-04-18
118.24.155.136	24	RW	None	2020-09-27 00:00:00	2020-12-27 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=136,CN)
118.24.158.42	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=42,CN)
118.24.165.163	24	RR	None	2019-01-19 00:00:00	2020-03-04 00:00:00	None	Failed password for invalid user (IP=16 | updated by RR with reason Invalid user -Failed Logons (IP=160,CN)
118.24.171.254	24	EDBT	None	2018-04-09 05:00:00	2020-01-13 00:00:00	None	ET SCAN Potential SSH Scan (IP=254,CN) | updated by ABC with reason Command Injection Attempt (IP=154,CN)
118.24.173.17	24	RB	None	2018-05-04 05:00:00	2020-03-06 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=17,CN) | updated by GM with reason Failed password - Failed Logons (IP=1,CN)
118.24.174.107	24	JKC	None	2019-01-07 06:00:00	2020-01-20 00:00:00	None	WPC REGIONAL Fireeye multiple alerts MPS (IP=107, CN) | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_Sourcefire (IP=175,CN) | 2020-01-20 | 2019-04-07
118.24.182.161	24	RB	None	2018-05-12 05:00:00	2020-02-04 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=161 CN) | updated by RB with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution- TT# 19C03391 (IP=72,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDa
118.24.187.125	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=125,CN)
118.24.188.213	24	GM	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	ABC Command Injection Attempt (IP=213,CN)
118.24.196.106	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=106,CN)
118.24.197.101	24	RB	None	2018-09-27 05:00:00	2020-01-30 00:00:00	None	vulnerability 11 opord 2016-191F9 sid:1000070 (IP=101,CN) | updated by RR with reason Failed password - Failed Logons (IP=243,)
118.24.198.151	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Command Injection Attempt (IP=151,CN)
118.24.2.218	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=218,CN)
118.24.20.105	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=105,CN)
118.24.205.177	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=177,CN)
118.24.206.136	24	RR	None	2020-09-19 00:00:00	2020-12-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=136,CN)
118.24.208.144	32	DT	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C04004 (IP=144,CN)
118.24.208.144	24	DT	None	2020-04-28 00:00:00	2020-07-28 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Aattacks (IP=144,CN)
118.24.208.67	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user - Failed Logons (IP=67,CN)
118.24.22.175	24	RB	None	2020-06-27 00:00:00	2020-09-25 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6hr web attacks (IP=175,CN)
118.24.221.190	24	RR	None	2018-12-08 06:00:00	2020-01-02 00:00:00	None	Failed password for invalid user (IP=190,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=245,CN) | 2020-01-02 | 2019-03-08
118.24.221.245	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=245,CN)
118.24.222.155	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=155,CN)
118.24.23.164	32	RR	None	2020-06-09 00:00:00	2020-09-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03112 (IP=164,CN)
118.24.23.164	24	CR	None	2018-12-05 06:00:00	2020-01-20 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=164,CN) | updated by KF with reason HTTP: SQL Injection Attempt Detected_Web Attacks (IP=164,CN)
118.24.234.176	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logons (IP=176,CN)
118.24.235.50	24	wmp	None	2018-11-09 06:00:00	2020-01-27 00:00:00	None	Hello Peppa Scan (IP=50,CN) | updated by KF with reason Command Injection Attempt (IP=213,CN)
118.24.250.167	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=167,CN)
118.24.28.47	24	RB	None	2018-12-12 06:00:00	2020-03-08 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=47,CN) | updated by RR with reason Failed password - Failed Logons (IP=39,CN)
118.24.3.193	24	RW	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=193,CN)
118.24.33.38	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logon (IP=38,CN)
118.24.36.219	24	GLM	None	2018-10-02 05:00:00	2020-02-18 00:00:00	None	Illegal user (IP=219,CN) | updated by GM with reason attempt HTTP: SQL Injection Attempt Detected - Web Attacks (IP=103,CN)
118.24.38.246	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=46,CN)
118.24.40.136	24	BP	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Failed password for invalid user - 6hr Logons (IP=136,CN)
118.24.44.51	24	RW	None	2020-04-19 00:00:00	2020-07-19 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=146,IN)
118.24.44.51	24	RW	None	2020-04-19 00:00:00	2020-07-19 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=51,CN)
118.24.49.49	24	RB	None	2018-05-12 05:00:00	2020-01-11 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=49 CN) | updated by ABC with reason Command Injection Attempt (IP=139,CN)
118.24.5.55	24	RB	None	2018-05-12 05:00:00	2020-01-26 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=55 CN) | updated by KF with reason Failed Password_6 Hr Failed Logons (IP=135,CN)
118.24.52.86	24	RB	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=86,CN)
118.24.54.178	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=178,CN)
118.24.57.240	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logons (IP=240,CN)
118.24.65.244	24	RR	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=244,CN)
118.24.67.234	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt _SourceFire (IP=234,CN)
118.24.7.128	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=128,CN)
118.24.72.96	24	RR	None	2018-08-18 05:00:00	2020-02-04 00:00:00	None	Illegal user (IP=96,CN) | updated by RR with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=48,CN)
118.24.8.97	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=97,CN)
118.24.81.96	24	YM	None	2018-05-21 05:00:00	2020-02-13 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=96,CN) | updated by RR with reason Invalid user - Failed Logons (IP=234,CN)
118.24.83.130	24	RB	None	2018-05-12 05:00:00	2020-03-08 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=130 CN) | updated by GM with reason Failed password - Failed Logons (IP=41,CN)
118.24.87.130	24	RB	None	2019-04-08 00:00:00	2020-01-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=130 CN) | updated by GM with reason Invalid user - Failed Logons (IP=168,CN)
118.24.89.174	24	RR	None	2018-11-25 06:00:00	2020-03-03 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=174,CN) | updated by RR with reason INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) -SoureFire (IP=150,CN)
118.24.9.20	24	RR	None	2019-04-07 00:00:00	2020-03-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=20,CN) | updated by GM with reason Invalid user - Failed Logons (IP=152,CN)
118.24.90.122	24	CR	None	2019-01-11 06:00:00	2020-01-31 00:00:00	None	Failed password for invalid user (IP=122,CN) | updated by RR with reason Failed password - Failed Logons (IP=64,CN)
118.24.93.254	24	RR	None	2018-08-14 05:00:00	2020-01-02 00:00:00	None	Illegal user (IP=254,CN) | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_Sourcefire (IP=165,CN) | 2020-01-02 | 2018-11-12
118.24.95.122	24	RB	None	2018-07-06 05:00:00	2020-02-18 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=122,CN) | updated by GLM with reason SERVER-ORACLE | updated by RR with reason Failed password for invalid user - Failed Logons (IP=153,CN)
118.24.96.112	24	GM	None	2019-05-28 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=112,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=9,CN)
118.24.97.147	24	CR	None	2019-06-24 00:00:00	2020-01-19 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=147,CN) | updated by KF with reason Command Injection Attempt (IP=147,CN)
118.24.97.147	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02814 (IP=147,CN)
118.24.99.163	24	RR	None	2019-01-14 06:00:00	2020-01-31 00:00:00	None	Illegal user (IP=163,CN) | updated by GM with reason Invalid user - Failed Logons (IP=163,CN)
118.243.20.203	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=203,JP)
118.25.0.193	24	RB	None	2019-03-10 00:00:00	2020-02-04 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=193,CN) | updated by RR with reason Command Injection Attempt (IP=193,CN)
118.25.0.193	32	CR	None	2020-05-26 00:00:00	2020-12-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02914 (IP=193,CN) | updated by RB Block was inactive. Reactivated on 20200917 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-1675
118.25.100.77	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=77,CN)
118.25.103.132	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=132,CN)
118.25.105.232	24	RR	None	2018-12-22 06:00:00	2020-02-16 00:00:00	None	Illegal user (IP=232,CN) | updated by RR with reason Invalid user - Failed Logons (IP=12,CN)
118.25.111.12	32	RR	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01675 (IP=12,CN)
118.25.111.12	24	RB	None	2018-05-12 05:00:00	2020-01-16 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=12 CN) | updated by RW Block was inactive. Reactivated on 20191016 with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=12,CN)
118.25.111.38	24	KF	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01793 (IP=38,CN)
118.25.111.38	32	GM	None	2020-06-08 00:00:00	2020-08-08 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03095 (IP=38,CN)
118.25.112.198	24	CR	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=198,CN)
118.25.122.248	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=248,CN)
118.25.125.1	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=189,CN)
118.25.128.92	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=92,CN)
118.25.129.11	24	CR	None	2019-01-09 06:00:00	2020-02-23 00:00:00	None	Illegal user (IP=11,CN) | updated by BP with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=1,CN)
118.25.133.121	24	CR	None	2019-01-07 06:00:00	2020-01-27 00:00:00	None	Illegal user (IP=121,CN) | updated by CR Block was inactive. Reactivated on 20191029 with reason Failed password 6 hr Failed Logon (IP=121,CN)
118.25.134.166	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=166 CN)
118.25.134.204	24	KF	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01795 (IP=204,CN)
118.25.138.186	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=186,CN)
118.25.142.138	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password - Failed Logons (IP=138,CN)
118.25.144.128	24	RW	None	2019-10-28 00:00:00	2020-01-28 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=128,CN)
118.25.145.67	24	RR	None	2020-07-11 00:00:00	2020-10-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=67,CN)
118.25.149.250	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=250,CN)
118.25.154.67	24	CR	None	2019-10-14 00:00:00	2020-01-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=67,CN)
118.25.156.20	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	Illegal user - Web Attacks (IP=20,CN)
118.25.16.233	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=233,CN)
118.25.17.32	24	RR	None	2020-01-03 00:00:00	2020-04-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=32,CN)
118.25.177.132	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=132,CN)
118.25.18.90	24	RR	None	2019-01-19 00:00:00	2020-02-01 00:00:00	None	Failed password for invalid user (IP=90,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=30,CN) | 2020-02-01 | 2019-04-19
118.25.190.156	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) TT# 20C01740 (IP=156,CN)
118.25.190.181	24	RR	None	2018-10-07 05:00:00	2020-01-03 00:00:00	None	Illegal user (IP=181,CN) | updated by RB with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_Sourcefire (IP=86,CN) | 2020-01-03 | 2019-01-05
118.25.190.86	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (IP=86,CN)
118.25.193.234	24	ALJ	None	2018-09-08 05:00:00	2020-01-02 00:00:00	None	Illegal user (ip=234,cn) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=22,CN)
118.25.195.244	24	RB	None	2019-01-18 00:00:00	2020-01-30 00:00:00	None	Failed password for invalid user(IP=244,CN) | updated by RW Block was inactive. Reactivated on 20191030 with reason Failed password - 6hr Failed Logon(IP=244,CN)
118.25.197.99	24	GM	None	2020-08-18 00:00:00	2020-11-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=99,CN)
118.25.198.154	24	RWB	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=154,CN)
118.25.211.189	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02966 (IP=189,CN)
118.25.211.189	32	FT	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C03688 (IP=189,CN)
118.25.227.13	24	wmp	None	2018-11-28 06:00:00	2020-01-14 00:00:00	None	authentication bypass vulnerability (IP=13,CN) | updated by CR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attack (IP=147,CN)
118.25.27.67	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=67,CN)
118.25.35.88	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=88,CN)
118.25.38.83	24	BMP	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=83,CN)
118.25.39.19	24	RB	None	2018-05-12 05:00:00	2020-01-04 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=19 CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=83 CN) | 2020-01-04 | 2018-08-10
118.25.42.134	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=134,CN)
118.25.44.84	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=84,CN)
118.25.46.60	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=60,CN)
118.25.5.231	24	klb	None	2016-06-30 05:00:00	2020-04-21 00:00:00	None	POLICY Suspicious inbound to MSSQL port 1433 (IP=231 CN) | updated by ABC with reason Generic ArcSight scan attempt (IP=174,ZZ | updated by RWB with reason Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=,CN)
118.25.53.11	32	RW	None	2020-09-27 00:00:00	2020-12-27 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03998 (IP=11,CN)
118.25.53.11	24	RR	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=11,CN)
118.25.55.153	32	RR	None	2020-09-14 00:00:00	2020-12-13 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03900 (IP=153,CN)
118.25.55.87	24	CR	None	2019-01-17 00:00:00	2020-02-01 00:00:00	None	Failed password for invalid user user (IP=87,CN) | updated by RB with reason HTTP: ThinkPHP CMS Getshell Vulnerability_12 hr web attacks (IP=153,CN) | 2020-02-01 | 2019-04-17
118.25.56.231	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_12 hr web attacks (IP=231,CN)
118.25.6.39	24	RR	None	2018-12-08 06:00:00	2020-04-14 00:00:00	None	Failed password for invalid user (IP=39,CN) | updated by RR with reason HTTP: ThinkPHP CMS Getshell Vulnerability (IP=17,CN)
118.25.62.49	24	RB	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerabilit - 6hr web attack (IP=49,CN)
118.25.63.114	24	YM	None	2018-06-18 05:00:00	2020-03-05 00:00:00	None	Illegal user (IP=114,CN) | updated by GM with reason Invalid user - Failed Logons (IP=57,CN)
118.25.63.57	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=57,CN)
118.25.70.166	24	MLJ	None	2018-06-10 05:00:00	2020-01-07 00:00:00	None	ET WEB_SERVER Microsoft IIS Remote | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_6 hr web attacks (IP=139,CN) | 2020-01-07 | 2018-09-08
118.25.70.71	32	CR	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - 20C02867 (IP=71,CN)
118.25.71.151	24	RR	None	2018-11-01 05:00:00	2020-01-17 00:00:00	None	Illegal user (IP=151,CN) | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=229,CN)
118.25.71.229	32	RB	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03084 (IP=229,CN)
118.25.73.12	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	SQL Injection- ARCSight Sauron (IP=12,CN)
118.25.73.12	24	RW	None	2020-04-07 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=12,CN)
118.25.73.12	24	RW	None	2020-04-07 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=12,CN)
118.25.73.12	24	RW	None	2020-04-07 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=12,CN)
118.25.73.12	24	RW	None	2020-04-07 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=12,CN)
118.25.75.199	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=199,CN)
118.25.79.133	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=133,CN)
118.25.80.59	24	RB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=59,CN)
118.25.91.200	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=200,CN)
118.25.92.221	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=221,CN)
118.25.94.228	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=228,CN)
118.25.95.61	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=61,CN)
118.25.96.30	24	RR	None	2019-01-25 00:00:00	2020-02-18 00:00:00	None	Illegal user (IP=30,CN) | updated by RR with reason Invalid user - Failed Logons (IP=30,CN)
118.25.97.43	32	JKC	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	Malicious IP Case # 3063 - IOC_ ISO CTOs 20-164, 20-165 (Ip= 43, CN)
118.25.99.101	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=101,CN)
118.250.122.125	24	FT	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	SQL use of sleep function with and likely SQL injection - Sourcefire (IP=125,CN)
118.250.50.204	24	CW	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=4,CN)
118.250.51.40	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=40,CN)
118.251.24.178	24	CR	None	2019-12-21 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=178,CN)
118.251.25.43	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=43,CN)
118.254.117.129	24	CW	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=29,CN)
118.254.168.34	24	CW	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt _SourceFire (IP=34,CN)
118.254.169.126	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=126,CN)
118.254.170.102	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=102,CN)
118.254.171.20	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shellarbitrary command execution attempt (IP=20,CN)
118.254.199.159	24	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=159,CN)
118.254.224.211	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=211,CN)
118.26.130.2	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=2,CN)
118.26.22.50	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Failed password - Failed Logons (IP=50,CN)
118.27.11.138	32	DT	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 20C02757 (IP=138,JP)
118.27.15.188	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=188,JP)
118.27.16.74	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=74,JP)
118.27.18.185	32	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02734 (IP=185,JP)
118.27.26.199	32	RW	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02726 (IP=199,US)
118.27.3.163	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Failed password for invalid user - Failed Logons (IP=163,JP)
118.27.31.188	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=188,JP)
118.27.34.45	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=45,JP)
118.27.34.58	24	KF	None	2020-05-07 00:00:00	2020-08-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02630 (IP=58,JP)
118.27.37.197	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	SQL HTTP URI blind injection attempt - SourceFire (IP=197,JP)
118.27.9.229	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Invalid user - 6hr Logon (IP=229,JP)
118.32.181.96	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=96,KR)
118.35.19.4	24	FT	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=4,KR)
118.38.68.37	24	RR	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - Failed Logons (IP=37,KR)
118.39.90.159	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=159,KR)
118.43.168.216	24	RR	None	2020-01-03 00:00:00	2020-04-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=216,KR)
118.45.237.229	32	CR	None	2020-06-16 00:00:00	2020-09-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03184 (IP=229,KR)
118.45.237.229	24	RR	None	2019-06-25 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 hr Web Attacks (IP=229,KR) | updated by KF Block was inactive. Reactivated on 20191008 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution att
118.67.223.30	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=30,BD)
118.67.244.60	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=60,IN)
118.68.10.42	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=42,VN)
118.68.115.76	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=76,VN)
118.68.153.113	24	GM	None	2020-09-12 00:00:00	2020-12-12 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=113,VN)
118.68.168.41	24	RR	None	2018-03-25 05:00:00	2020-02-23 00:00:00	None	SQL generic convert injection attempt - GET parameter (IP=41,VN) | updated by BP with reason Failed password - Failed Logons (IP=4,VN)
118.68.179.5	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=5,VN)
118.68.185.14	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=14,VN)
118.68.208.249	32	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=249,VN)
118.68.254.226	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=226,VN)
118.68.4.150	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=150,VN)
118.68.89.82	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=82,VN)
118.68.9.174	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=174,VN)
118.69.141.105	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=5,VN)
118.69.142.202	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=202,VN)
118.69.181.129	32	RR	None	None	2020-06-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=129,VN)
118.69.181.129	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	SQL Injection- ARCSight Sauron (IP=129,VN)
118.69.183.95	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=95,VN)
118.69.26.234	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=234,VN)
118.69.35.126	24	RR	None	2017-11-11 06:00:00	2020-03-18 00:00:00	None	Illegal user (IP=126,VN) | updated by dbc with reason VN TO-S-2019-0508 Malware Activity
118.69.55.61	24	GED	None	2014-08-23 05:00:00	2020-03-18 00:00:00	None	ET SCAN Potential SSH Scan (IP=61, VN) | updated by RR with reason APP-DETECT failed FTP login attempt (IP=12,VN) | updated by BP Block was inactive. Reactivated on 20191219 with reason Illegal user - 6hr Failed Logon (IP=61,VN)
118.69.64.250	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=250,VN)
118.70.113.1	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=1,VN)
118.70.117.156	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Web Attacks (IP=156,VN)
118.70.133.196	24	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=196,VN)
118.70.190.137	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=137,VN) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=137,VN)
118.70.240.41	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=41,VN)
118.70.43.51	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=51,VN)
118.70.67.38	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=38,VN)
118.70.68.27	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed - 6hr Logon (IP=27,VN)
118.70.80.81	24	CR	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=81,VN)
118.71.112.29	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=29,VN)
118.71.13.247	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=247 VN)
118.71.130.225	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=225,VN)
118.71.152.145	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=145,VN)
118.71.19.164	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=164,VN)
118.71.67.38	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=38,VN)
118.71.68.133	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=133,VN)
118.71.75.220	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=220,VN)
118.71.82.213	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=213,VN)
118.71.82.213	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=213,VN)
118.75.188.249	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=249,CN)
118.77.19.19	24	RW	None	2020-01-16 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=19,CN) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=19,CN)
118.89.103.173	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=173,CN)
118.89.115.224	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
118.89.120.135	24	RR	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=135,CN)
118.89.135.215	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Invalid user - Failed Logon (IP=215,CN)
118.89.144.148	24	YM	None	2017-12-25 06:00:00	2020-01-18 00:00:00	None	ET SCAN Potential SSH Scan (IP=148,CN) | updated by GLM with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command i | updated by RW with reason Web App Attack - Hive Case #1047 (IP=131,CN)
118.89.147.48	24	RB	None	2018-12-11 06:00:00	2020-01-08 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=48,CN) | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=48,CN)
118.89.148.234	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=234,CN)
118.89.149.56	24	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr Web Attacks (IP=56,CN)
118.89.156.217	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=217,CN)
118.89.160.141	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Invalid user - Failed Logon (IP=141,CN)
118.89.165.46	24	RR	None	2018-12-20 06:00:00	2020-12-13 00:00:00	None	Failed password for invalid user (IP=46,CN) | updated by RR Block was inactive. Reactivated on 20200914 with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=46,CN)
118.89.168.132	24	RWB	None	2020-01-16 00:00:00	2020-04-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=132,BU) | updated by RB Block expiration extended with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_6 hr web attacks (IP=132 CN)
118.89.186.178	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=178,CN)
118.89.191.145	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=145,CN)
118.89.191.62	24	GM	None	2020-06-25 00:00:00	2020-08-25 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=62,CN)
118.89.192.39	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=39,CN)
118.89.198.247	24	RR	None	2019-03-31 00:00:00	2020-01-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=247,CN) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=247,CN)
118.89.215.182	24	RW	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=182,CN)
118.89.224.141	24	KF	None	2019-08-29 00:00:00	2020-01-27 00:00:00	None	Authentication Failed (IP=141,CN) | updated by KF with reason Authentication Failed_6 Hr Failed Logons (IP=141,CN)
118.89.228.41	24	CR	None	2018-08-17 05:00:00	2020-05-26 00:00:00	None	Illegal user (IP=41,CN) | updated by RR with reason HTTP: ThinkPHP CMS Getshell Vulnerability (IP=153,CN)
118.89.230.46	24	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=46,CN)
118.89.236.161	24	CR	None	2019-05-06 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=161,CN) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=78,CN)
118.89.237.64	24	RR	None	2019-01-22 00:00:00	2020-01-29 00:00:00	None	Failed password for invalid user (IP=64,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=20 CN) | 2020-01-29 | 2019-04-22
118.89.243.222	24	RR	None	2019-01-19 00:00:00	2020-02-12 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=222,CN) | updated by GM with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=222,CN)
118.89.30.86	24	RB	None	2018-11-24 06:00:00	2020-01-27 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=86 CN) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=90,CN)
118.89.31.139	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=139 CN)
118.89.35.251	24	RR	None	2018-12-15 06:00:00	2020-03-05 00:00:00	None	Failed password for invalid user (IP=251,CN) | updated by RR with reason Failed password - Failed Logons (IP=251,CN)
118.89.37.168	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	TCP: SYN Host Sweep (IP=168,CN)
118.89.38.94	24	CW	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_web attacks (IP=94,CN)
118.89.44.24	24	RR	None	2019-01-14 06:00:00	2020-01-15 00:00:00	None	Illegal user (IP=24,CN) | updated by GM with reason ABC Command Injection Attempt (IP=204,CN)
118.89.49.234	24	RB	None	2018-05-13 05:00:00	2020-01-12 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=234,CN) | updated by ABC with reason Command Injection Attempt (IP=178,CN)
118.89.52.173	24	BMP	None	2020-06-24 00:00:00	2020-09-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=173,CN)
118.89.57.149	24	GLM	None	2018-12-07 06:00:00	2020-01-03 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=149,CN) | updated by KF Block was inactive. Reactivated on 20191005 with reason SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=149,CN)
118.89.57.86	32	FT	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03658 (IP=86,CN)
118.89.61.51	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logon (IP=51,CN)
118.89.62.11	24	alj	None	2018-12-03 06:00:00	2020-03-03 00:00:00	None	MALWARE-BACKDOOR JSP webshell | updated by RR with reason Failed password for invalid user - Failed Logons (IP=112,CN)
118.89.64.48	24	RB	None	2020-05-07 00:00:00	2020-08-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=48,CN)
118.89.69.104	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Command Injection Attempt (IP=104,CN)
118.89.93.101	24	20200120	None	None	2020-01-20 00:00:00	None	Illegal user - Fail Logins (IP=101,CN) | updated by 20200120 Block was inactive. Reactivated on RWB with reason Illegal user - Fail Logins (IP=101,CN) | updated by RWB Block was inactive. Reactivated on 20191022 with reason Illegal user - Fail Login
118.95.104.2	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password_6 hr Failed Logons (IP=2,IN)
118.96.0.0	22	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	ID TO-S-2020-0012 Malware Activity
118.96.215.246	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=246,ID)
118.96.22.104	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	HTTP: SQL Injection Attempt Detected(IP=104,ID)
118.97.173.18	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	ID TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason ID TO-S-2020-0212.01 Malicious Web Application Activity
118.97.79.211	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=211,ID)
118.98.72.91	24	RW	None	2020-08-09 00:00:00	2020-11-09 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=91,ID)
118.98.80.2	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=2,ID)
118.98.96.184	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password - Failed Logon (IP=184,ID)
119.10.114.5	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password - Failed Logon (IP=5,CN)
119.10.115.184	24	sjl	None	2014-05-04 05:00:00	2020-02-08 00:00:00	None	TCP Host Sweeps (IP=184, CN) | updated by RB with reason Failed password for invalid user_6 hr Failed Logons (IP=36,CN) | 2020-02-08 | 2014-08-03
119.10.174.162	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=162,BD)
119.10.220.53	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=53,JP)
119.102.77.46	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt_Web Attacks (IP=46,CN)
119.108.129.111	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=111,CN)
119.109.201.129	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=129,CN)
119.110.230.162	24	KF	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=162,HK) 177.161.56.88/24
119.117.131.168	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=168,CN)
119.119.225.110	24	RB	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=110 CN)
119.119.225.85	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=85,CN)
119.119.230.249	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=249,CN)
119.119.238.186	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=186,CN)
119.119.249.117	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,CN)
119.119.251.49	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=49,CN)
119.119.40.197	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=197,CN)
119.119.53.190	24	BMP	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=190,CN)
119.119.61.246	24	RB	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed_6 hr Failed Logons_CPC (IP=246,CN)
119.123.103.51	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed logons (IP=51,CN)
119.139.196.148	24	CW	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	Failed password_Failed Logon (IP=48,CN)
119.139.197.187	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Illegal user - 6hr Logon (IP=187,CN)
119.139.198.36	24	RR	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=36,CN)
119.142.242.124	24	RW	None	2020-01-09 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=124,CN)
119.146.145.50	24	GLM	None	2018-08-17 05:00:00	2020-03-03 00:00:00	None	APP-DETECT failed FTP login attempt (IP=50,CN) | updated by RR with reason Failed password - Failed Logons (IP=104,CN)
119.146.201.88	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=88,CN)
119.146.202.60	24	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=60,CN)
119.146.223.60	24	jkc	None	2016-07-26 05:00:00	2020-02-09 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=60,CN) | updated by GM with reason ABC Generic ArcSight scan attempt (IP=134,CN)
119.148.10.131	32	wmp	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	HIVE Case #3555 COLS-NA-TIP-20-0254 (IP=131,BD)
119.148.161.82	24	RB	None	2020-03-19 00:00:00	2020-06-17 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_6 hr web attacks (IP=82,CN)
119.148.161.82	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=82,CN)
119.148.161.82	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=82,CN)
119.148.27.54	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=54,BD)
119.148.35.37	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - Failed Logons (IP=37,BD)
119.149.67.48	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=48,KR)
119.153.187.18	24	RR	None	2020-01-17 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=18,PK) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=18,PK)
119.156.71.254	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=254,PK)
119.156.81.181	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=181,PK)
119.159.230.32	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=32,PK)
119.160.128.0	18	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	BN TO-S-2020-0006 Malware Activity
119.160.64.44	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	APP-DETECT failed FTP login attempt_6 hr Failed Logons (IP=44,PK)
119.160.71.143	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=143,PK)
119.161.156.11	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=11,CN)
119.163.204.219	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=219,CN)
119.163.255.24	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - Failed Logons (IP=24,CN)
119.165.201.72	24	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=72,CN)
119.167.113.101	32	RW	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02760 (IP=101,CN)
119.167.113.101	24	RR	None	2019-05-15 00:00:00	2020-01-09 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 hr Web attacks (IP=101,CN) | updated by GM with reason SERVER-WEBAPP Joomla
119.177.229.76	16	dlb	None	2014-04-23 05:00:00	2020-04-19 00:00:00	None	TCP Host Sweeps (IP=76, CN) | updated by RR with reason ET SCAN Potential SSH Scan (IP=155,CN) | updated by EDBT with reason | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=172,CN)
119.179.138.254	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=254,CN)
119.18.157.10	24	BP	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Failed password for invalid user - 6hr Logons (IP=10,ID)
119.18.195.201	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=201,CN)
119.180.98.134	24	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=134,CN)
119.183.255.31	24	RR	None	2020-08-22 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (1:29831:3) - SourceFire (IP=31,CN)
119.185.5.231	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	SQL generic sql with comments injection attempt - GET parameter - Web Attacks (IP=231,CN)
119.185.70.173	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=173,CN)
119.187.228.206	32	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	BOT: China Chopper Webshell Traffic Detected - TT# 20C00164 (IP=206,CN)
119.188.242.32	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=32,CN)
119.188.245.178	24	RW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=178,CN)
119.188.246.88	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=88,CN)
119.188.247.198	24	MLJ	None	2018-05-08 05:00:00	2020-03-01 00:00:00	None	ET SCAN Suspicious inbound to mySQL port 3306 (IP=198,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=141,CN) | 2020-03-01 | 2018-08-08
119.192.73.190	24	GM	None	2019-04-13 00:00:00	2020-01-03 00:00:00	None	APP-DETECT failed FTP login attempt (IP=190,KR) | updated by RB with reason APP-DETECT failed FTP login attempt (IP=216,KR) | 2020-01-03 | 2019-06-13
119.193.152.177	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	APP-DETECT failed FTP login attempt_6 Hr Failed Logons (IP=177,KR)
119.194.129.79	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=79,KR)
119.194.23.211	24	RW	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=211,KR)
119.194.64.96	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=96,KR)
119.196.213.20	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=20,KR)
119.2.43.162	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=162,ID)
119.2.7.34	32	RR	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03895 (IP=34,CN)
119.200.186.168	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Failed password - Failed Logons (IP=168,KR)
119.204.80.76	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=76,KR)
119.205.234.72	24	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=72,KR)
119.205.235.129	24	CR	None	2018-11-29 06:00:00	2020-04-03 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=129,KR) | updated by RR with reason Illegal user - Failed Logons (IP=251,KR)
119.207.221.206	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=206,KR)
119.226.159.13	24	ABC	None	2019-01-08 06:00:00	2020-03-28 00:00:00	None	Generic ArcSight scan attempt(IP=13,India) | updated by RB with reason HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=13,IN) | 2020-02-01 | 2019-04-08 | updated by KF with reason Immediate Inbound Network Block - TT# 20C01266 (IP=13,US)
119.23.30.113	24	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=113,CN)
119.235.24.244	24	RR	None	2018-12-08 06:00:00	2020-02-04 00:00:00	None	Failed password for invalid user (IP=244,ID) | updated by RW with reason Authentication Failed - 6hr Failed Logon(IP=244,ID)
119.235.72.185	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
119.235.72.185	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=185,FJ)
119.236.243.23	24	RR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=23,HK)
119.237.161.139	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6hr web attacks (IP=139,HK)
119.246.3.25	24	RR	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=25,HK)
119.247.213.206	24	RR	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Authentication Failed - Failed Logons (IP=206,HK)
119.249.54.162	24	RW	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=162,CN)
119.252.143.102	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=102,HK)
119.252.152.150	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
119.252.189.49	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	AU TO-S-2019-0400 Malware Activity
119.254.155.187	24	BP	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Failed password - 6hr Logons (IP=187,CN)
119.27.161.192	24	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=192,CN)
119.27.166.203	24	RR	None	2020-09-19 00:00:00	2020-12-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=203,CN)
119.27.167.61	24	RW	None	2020-05-31 00:00:00	2020-09-03 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=61,CN) | updated by RW Block expiration extended with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=61,CN)
119.27.168.208	24	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Invalid user - Failed Logons (IP=208,CN)
119.27.170.189	24	ALJ	None	2018-09-08 05:00:00	2020-03-05 00:00:00	None	Illegal user (ip=189,cn) | updated by GM with reason Failed password - Failed Logons (IP=64,CN)
119.27.170.64	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=64,CN)
119.27.173.75	24	RR	None	2019-04-29 00:00:00	2020-04-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=75,CN) | updated by RW Block was inactive. Reactivated on 20200107 with reason INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=75,CN)
119.27.175.168	24	wmp	None	2018-12-10 06:00:00	2020-01-17 00:00:00	None	authentication bypass vulnerability (IP=168,CN) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=14,CN)
119.27.178.187	24	RB	None	2018-05-13 05:00:00	2020-04-07 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=187,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=27,CN) | 2020-04-07 | 2018-08-11
119.27.182.17	24	RB	None	2018-05-20 05:00:00	2020-03-16 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=17,CN) | updated by KF with reason HTTP: SQL Injection Attempt Detected (IP=99,CN)
119.27.183.25	24	KF	None	2020-06-22 00:00:00	2020-09-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=25,CN)
119.27.183.25	24	KF	None	2020-06-22 00:00:00	2020-09-20 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=25,CN)
119.27.189.47	24	YM	None	2018-05-25 05:00:00	2020-02-18 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=47,CN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=46,CN)
119.28.100.42	24	EDBT	None	2017-11-19 06:00:00	2020-01-03 00:00:00	None	ET SCAN Potential SSH Scan (IP=42,CN) | updated by GM with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=67,CN) | updated by RB with reason INDICATOR-SCAN DNS version.bind string information disclosure
119.28.104.104	32	RR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)CN - TT# 20C01786 (IP=104,CN)
119.28.110.93	24	RR	None	2020-08-13 00:00:00	2020-11-11 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=93,CN)
119.28.115.96	24	JKC	None	2019-01-10 06:00:00	2020-01-04 00:00:00	None	WPC REGIONAL Fireeye multiple alerts MPS (IP=96, CN) | updated by RB with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=130 SG) | 2020-01-04 | 2019-04-10
119.28.116.223	24	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=223,SG)
119.28.143.26	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=26,HK)
119.28.154.162	24	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=162,KR)
119.28.179.124	24	YM	None	2018-05-18 05:00:00	2020-03-03 00:00:00	None	ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) (IP=124,CN) | updated by RR with reason HTTP: SQL Injection Attempt Detected - Wen Attacks (IP=42,CN)
119.28.179.42	24	KF	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01794 (IP=42,CN)
119.28.180.36	24	EDBT	None	2017-11-12 06:00:00	2020-01-09 00:00:00	None	ET SCAN Potential SSH Scan (IP=36,CN) | updated by GM with reason INDICATOR-SCAN PHP backdoor scan
119.28.188.40	24	MLJ	None	2018-05-09 05:00:00	2020-03-05 00:00:00	None	Illegal user (IP=40,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=26 HK) | 2020-03-05 | 2018-08-09
119.28.193.18	24	RB	None	2019-05-10 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=18,HK) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=18,CN)
119.28.194.15	24	GM	None	2019-04-30 00:00:00	2020-01-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_CIRT Web Attacks (IP=15,HK) | updated by RB with reason HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=15,HK) | 2020-01-17 | 2019-07-30
119.28.20.110	24	GLM	None	2018-12-13 06:00:00	2020-02-01 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=110,HK) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=179,HK) | 2020-02-01 | 2019-03-13
119.28.20.179	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=179,CN)
119.28.204.72	24	GM	None	2018-10-05 05:00:00	2020-01-20 00:00:00	None	Trojan.Qadars (IP=72,CN) | updated by RB with reason HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=124,HK) | 2020-01-20 | 2019-01-05
119.28.222.106	32	BMP	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02829 (IP=106,CN)
119.28.222.142	24	YM	None	2018-05-21 05:00:00	2020-01-03 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=142,CN) | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=106,HK) | 2020-01-03 | 2018-08-19
119.28.223.21	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=21,CN)
119.28.24.83	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Failed password for invalid user - 6hr Logons (IP=83,CN)
119.28.27.238	24	RR	None	2020-01-31 00:00:00	2020-05-04 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=238,CN) | updated by RB Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=238,HK)
119.28.30.249	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - sourcefire (IP=249,CN)
119.28.56.135	24	DT	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=135,HK)
119.28.68.148	24	CR	None	2019-05-08 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_CIRT Web Attacks - Prior 6 hours (IP=148,CN) | updated by RR with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=148,CN)
119.29.0.185	24	djs	None	2015-01-01 06:00:00	2020-01-17 00:00:00	None	WEBAPP Setup.php access (ip=185,CN) | updated by RB with reason HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=218,CN) | 2020-01-17 | 2015-04-01
119.29.103.143	24	GM	None	2019-10-09 00:00:00	2020-01-09 00:00:00	None	SERVER-WEBAPP Joomla
119.29.121.229	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=229,CN)
119.29.129.156	24	CR	None	2018-11-23 06:00:00	2020-01-07 00:00:00	None	Vulnerability 11 (IP=156,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=76,CN) | 2020-01-07 | 2019-02-23
119.29.134.163	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=163,CN)
119.29.135.217	24	RR	None	2018-12-31 06:00:00	2020-03-07 00:00:00	None	Failed password for invalid user (IP=217,CN) | updated by GM with reason Failed password - Failed Logons (IP=216,CN)
119.29.150.26	24	GM	None	2019-04-17 00:00:00	2020-01-03 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=26,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=36,CN) | 2020-01-03 | 2019-06-17
119.29.150.36	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=36,CN)
119.29.152.55	24	RR	None	2017-11-10 06:00:00	2020-02-23 00:00:00	None	Illegal user (IP=55,CN) | updated by RB with reason HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerabi | updated by BP with reason Failed password - Failed Logons (IP=172,CN)
119.29.157.203	24	MLJ	None	2016-12-22 06:00:00	2020-01-20 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=203,CN) | updated by jkc with reason ET POLICY Suspicious inbound to mySQ | updated by RB with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_6 hr web attacks (IP=216,CN)
119.29.159.129	24	KF	None	2019-11-02 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=129,CN) | updated by KF Block expiration extended with reason Command Injection Attempt (IP=129,CN)
119.29.161.122	24	GLM	None	2018-12-13 06:00:00	2020-01-04 00:00:00	None	Invalid user (IP=122,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=237 CN) | 2020-01-04 | 2019-03-13
119.29.166.220	24	RR	None	2017-03-23 05:00:00	2020-01-09 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=220,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=134,CN)
119.29.170.170	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=170,CN)
119.29.175.190	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=190,CN)
119.29.177.127	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=127,CN)
119.29.177.127	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=127,CN)
119.29.18.53	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=53,CN)
119.29.181.240	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=240,CN)
119.29.188.169	24	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6hr Web Attacks (IP=169,CN)
119.29.190.69	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt SourceFire (IP=69,CN)
119.29.190.69	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=69,CN)
119.29.195.107	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=107,CN)
119.29.197.54	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Illegal user - Failed Logons (IP=54,CN)
119.29.197.54	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Illegal user (IP=54,CN)
119.29.199.150	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password - Failed Logons (IP=150,CN)
119.29.200.49	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=49,CN)
119.29.23.200	24	MLJ	None	2017-07-07 05:00:00	2020-02-06 00:00:00	None	ET SCAN Potential SSH Scan (IP=200,CN) | updated by GM with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=248,CN)
119.29.242.242	24	YM	None	2018-05-15 05:00:00	2020-01-31 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=242,CN) | updated by RR with reason Failed password - Failed Logons (IP=48,CN)
119.29.4.230	24	DT	None	2020-08-15 00:00:00	2020-11-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=230,US)
119.29.52.46	24	RB	None	2019-01-18 00:00:00	2020-01-02 00:00:00	None	Failed password for invalid user(IP=46,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=146,CN)
119.29.62.104	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logons (IP=104,CN)
119.29.66.202	24	JKC	None	2019-01-07 06:00:00	2020-01-12 00:00:00	None	WPC REGIONAL Fireeye multiple alerts MPS (IP=202, CN) | updated by ABC with reason Command Injection Attempt (IP=86,CN)
119.29.72.235	24	RB	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=235,CN)
119.29.81.238	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=238,CN)
119.29.93.223	24	CR	None	2019-02-12 00:00:00	2020-02-25 00:00:00	None	Hello Peppa Scan (IP=223,CN) | updated by GM with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=223,CN)
119.29.94.41	24	RB	None	2018-12-11 06:00:00	2020-02-01 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=41,CN) | updated by RB with reason Command Injection Attempt (IP=69,CN) | 2020-02-01 | 2019-03-11
119.29.95.49	24	RR	None	2018-11-25 06:00:00	2020-01-07 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=49,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=77,CN) | 2020-01-07 | 2019-02-23
119.29.96.35	24	CR	None	2019-06-03 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_CIRT Web Attacks - Prior 6 hours (IP=35,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=35,CN) |
119.29.99.68	24	BP	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=68,CN)
119.3.147.103	32	RR	None	2020-03-13 00:00:00	2020-06-11 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=103,CN)
119.3.151.183	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=183,CN)
119.3.165.39	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=39,CN)
119.3.170.47	24	KF	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=47,CN)
119.3.171.138	24	BMP	None	2020-01-09 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=138,CN) | updated by KF with reason HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=138,CN)
119.3.194.163	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=163,CN)
119.3.199.244	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=244,CN)
119.3.217.128	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=128,CN)
119.3.235.135	24	CR	None	2019-03-13 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt (IP=135,CN) | updated by RR with reason INDICATOR-SCAN PHP backdoor scan attempt (IP=51,CN)
119.3.236.137	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=137,CN)
119.3.246.247	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=247,CN)
119.3.254.16	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=16,CN)
119.3.255.97	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Command Injection Attempt (IP=97,CN)
119.3.5.10	24	ABC	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	Generic ArcSight scan attempt (IP=10,CN)
119.3.56.0	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=0,CN)
119.37.199.19	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=19,CN)
119.39.46.146	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=146,CN)
119.39.47.146	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=146,CN)
119.40.33.22	24	KF	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=22,CN)
119.42.175.200	32	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Failed password - 6hr Failed Logon (IP=200,KR) | updated by RW Block was inactive. Reactivated on 20191015 with reason Failed password - 6hr Failed Logon (IP=200,KR)
119.42.74.108	24	RR	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - Failed Logopns (IP=108,TH)
119.45.141.222	24	FT	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=222,CN)
119.45.146.111	24	GM	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HTTP: php.cgi Buffer Overflow - Web Attacks (IP=111,CN)
119.45.16.247	24	RW	None	2020-08-01 00:00:00	2020-11-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=247,CN)
119.45.202.11	24	GM	None	2020-08-30 00:00:00	2020-11-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=11,CN)
119.45.228.41	24	FT	None	2020-09-19 00:00:00	2020-12-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=41,CN)
119.45.24.147	24	GM	None	2020-08-12 00:00:00	2020-11-12 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=147,CN)
119.45.51.32	24	RR	None	2020-08-22 00:00:00	2020-11-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=32,CN)
119.45.52.155	24	BMP	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=155,CN)
119.47.89.187	24	FT	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=187,ID)
119.50.145.226	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=226,CN)
119.50.149.226	24	CR	None	2020-01-20 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=226,CN)
119.50.26.178	24	KF	None	2019-04-27 00:00:00	2020-01-08 00:00:00	None	APP-DETECT failed FTP login attempt (IP=178,CN) | updated by RR with reason APP-DETECT failed FTP login attempt - Failed Logons (IP=114,CN)
119.52.253.2	24	RW	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	Failed password - 6hr Failed Logon (IP=2,CN)
119.54.179.59	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=59,CN)
119.54.226.38	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=38,CN)
119.54.238.65	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=65,CN)
119.54.245.164	24	RW	None	2020-01-09 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=164,CN)
119.57.103.38	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=38,CN)
119.59.103.127	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=127,TH)
119.59.110.251	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=251,TH)
119.59.127.196	24	RW	None	2020-09-14 00:00:00	2020-12-14 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=196,TH)
119.59.99.192	24	RR	None	2019-02-15 00:00:00	2020-11-06 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (IP=192,TH) | updated by GM Block was inactive. Reactivated on 20200806 with reason HTTP: SQL Injection - Exploit II - Web Attacks (IP=192,TH)
119.6.107.149	24	RW	None	2020-02-18 00:00:00	2020-05-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=149,CN) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=149,CN)
119.6.225.19	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=19,CN)
119.6.55.142	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=142,CN)
119.62.163.20	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=20,CN)
119.75.24.68	24	KF	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Failed password_6 Hr Failed Logons (IP=68,SG) | updated by RW with reason Authentication Failed - 6hr Failed Logon(IP=68,SG)
119.8.32.26	24	BMP	None	2020-05-26 00:00:00	2020-08-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=26,CN)
119.81.150.13	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=13,HK)
119.81.184.11	32	dbc	None	2020-08-04 00:00:00	2020-08-04 00:00:00	None	HIVE Case #3470 CTO-20-210 EUCOM JCC SR 101-20 (IP=11,HK)
119.81.70.165	24	RR	None	2020-03-13 00:00:00	2020-06-11 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=165,SG)
119.82.83.153	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=153,IN)
119.84.121.206	24	RR	None	2018-09-13 05:00:00	2020-04-09 00:00:00	None	Illegal user (IP=206,CN) | updated by RB with reason Illegal user_6 hr Failed Logons (IP=206,CN) | 2020-04-09 | 2018-12-12
119.84.70.215	24	RB	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=215,CN)
119.84.8.43	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=43,CN)
119.88.131.138	24	GM	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	UDP: Host Sweep (IP=138,CN)
119.9.94.145	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=145,HK)
119.90.43.106	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=106,CN)
119.90.53.51	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Command Injection Attempt (IP=51,CN)
119.90.61.10	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=10,CN)
119.93.153.56	24	CW	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	SQL union select - possible sql
119.93.156.229	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=229,PH)
119.93.157.184	24	GM	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	Authentication Failed - Failed Logons (IP=184,PH)
119.93.169.193	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=193,PH)
119.93.173.184	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=184,PH)
119.96.101.189	32	GM	None	2020-06-08 00:00:00	2020-08-08 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03097 (IP=189,CN)
119.96.133.212	24	GM	None	2020-05-01 00:00:00	2020-08-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=212,CN)
119.96.190.187	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=187,CN)
119.96.227.19	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Invalid user_Failed Logon (IP=19,CN)
119.97.70.171	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (IP=171,CN)
12.118.121.162	32	GM	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=162,US)
12.166.155.243	32	DT	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	NO SIGNATURE - TT# 20C02861 (IP=243,US)
12.192.164.250	32	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=250,US)
12.192.193.66	32	RW	None	2020-04-07 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=66,US)
12.192.193.69	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=69,US)
12.207.182.77	32	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	ARCSight Sauron (IP=77,US)
12.24.167.130	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=130,US)
12.28.31.226	32	BMP	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	SERVER-OTHER Sophos Web Appliance arbitrary command execution attempt - SourceFire (IP=226,US)
12.52.156.164	32	BMP	None	2020-07-07 00:00:00	2020-10-05 00:00:00	None	SERVER-WEBAPP Apache Tomcat FileStore directory traversal attempt - 6hr Web Attacks (IP=164,US)
12.7.42.5	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
120.10.144.42	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=42,CN)
120.131.3.91	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Failed password -Failed Logons (IP=91,CN)
120.132.106.201	24	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	TCP: SYN Host Sweep (IP=201,CN)
120.132.117.254	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=254,CN)
120.132.124.237	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	Illegal user - 6hr Logons (IP=237, CN)
120.132.2.135	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=135,CN)
120.132.27.146	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=146,CN)
120.133.132.65	24	RR	None	2019-10-18 00:00:00	2020-01-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=65,CN)
120.138.18.133	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=133,NZ)
120.138.8.167	24	BMP	None	2020-03-17 00:00:00	2020-06-16 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=167,IN)
120.146.145.198	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	AU TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason AU TO-S-2020-0212.01 Malicious Web Application Activity
120.150.28.188	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C00098 (IP=188,AU)
120.151.233.235	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=235,AU)
120.156.130.40	24	GM	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=40,AU)
120.158.131.45	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) - SourceFire (IP=45,AU)
120.192.21.84	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=84,CN)
120.192.73.243	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=243,CN)
120.194.166.103	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt (IP=103,CN)
120.194.186.220	32	RR	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C036343 (IP=220,CN)
120.195.215.69	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=69,CN)
120.197.186.50	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=50,CN)
120.197.50.154	24	RB	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=154,CN)
120.199.26.222	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=222,CN)
120.206.184.145	24	CR	None	2020-04-04 00:00:00	2020-07-04 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=145,CN)
120.210.207.57	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=57,CN)
120.211.2.71	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Authentication Failed - Failed Logons (IP=71,CN)
120.211.27.51	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Authentication Failed - sourcefire (IP=51,CN)
120.211.35.141	24	CR	None	2018-06-20 05:00:00	2020-04-29 00:00:00	None	Authentication Failed (IP=141,CN) | updated by GM Block was inactive. Reactivated on 20200129 with reason Authentication Failed - Failed Logons (IP=141,CN)
120.211.61.239	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=239,CN)
120.212.208.53	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=53,CN)
120.220.15.5	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Illegal user_Failed Logon (IP=5,CN)
120.224.187.89	24	RW	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Generic ArcSight scan attempt (IP=89,CN)
120.224.40.84	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=84,CN)
120.224.47.86	24	RW	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=86,CN)
120.224.72.89	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=89,CN)
120.236.169.5	24	MLJ	None	2017-05-17 05:00:00	2020-01-22 00:00:00	None	ET SCAN Potential SSH Scan (IP=5,CN) | updated by RB with reason Illegal user_6 hr Failed Logons (IP=50,CN) | 2020-01-22 | 2017-05-17
120.241.38.215	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=215,CN)
120.244.106.182	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=182,CN)
120.244.108.209	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=209,CN)
120.244.128.42	24	RW	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	UDP: Host Sweep (IP=42,CN)
120.244.142.156	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=156,CN)
120.244.144.208	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=208,CN)
120.244.232.239	24	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	UDP: Host Sweep (IP=239,CN)
120.244.236.95	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	Illegal user - 6 hr Failed Logon (IP=95,CN)
120.244.28.49	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=49,CN)
120.244.48.51	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=51,CN)
120.244.56.113	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=113,CN)
120.244.58.37	24	ABC	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=37,CN)
120.244.62.78	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=78,CN)
120.253.6.163	24	RR	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=163,CN)
120.27.236.27	24	RB	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-APACHE Apache Tomcat remote JSP file upload attempt_Sourcefire (IP=27,CN)
120.29.123.152	24	RR	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=152,PH)
120.34.175.116	24	KF	None	2020-03-26 00:00:00	2020-06-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=116,CN)
120.36.3.213	24	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=213,CN)
120.41.187.23	24	CR	None	2020-01-20 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=23,CN)
120.43.35.201	24	RR	None	2020-07-07 00:00:00	2020-10-05 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=201,CN)
120.5.7.203	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=203,CN)
120.50.42.169	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	SG TO-S-2019-0546 Malicious Email Activity
120.50.6.166	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BD TO-S-2019-0409 Malicious Email Activity
120.52.121.86	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Failed password for invalid user - 6hr Logons (IP=86,CN)
120.52.152.16	24	ABC	None	2019-01-08 06:00:00	2020-01-02 00:00:00	None	Generic ArcSight scan attempt(IP=16,no ISC data) | updated by RR with reason Unauthorized Access-Probe - TT# 19C02315 (IP=16,CN) | updated by RB with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=17,CN) | 2
120.52.157.131	24	GM	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	Illegal user - Failed Logons (IP=131,CN)
120.52.96.216	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
120.53.0.4	24	BMP	None	2020-08-03 00:00:00	2020-11-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=4,CN)
120.53.104.104	24	RB	None	2020-09-09 00:00:00	2020-12-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=104,CN)
120.53.119.213	24	FT	None	2020-09-11 00:00:00	2020-12-11 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=213,CN)
120.53.124.104	24	KF	None	2020-06-27 00:00:00	2020-09-25 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=104,CN)
120.53.18.85	24	RB	None	2020-06-11 00:00:00	2020-09-09 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (IP=85,CN)
120.53.236.209	24	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=209,CN)
120.53.25.183	24	RB	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=183,CN)
120.53.7.233	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=233,XX)
120.57.114.239	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
120.57.116.63	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
120.57.124.24	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
120.57.215.95	24	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=95,IN)
120.61.10.72	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
120.61.12.150	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
120.61.14.61	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
120.61.19.105	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
120.61.21.33	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
120.68.140.251	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=251,CN)
120.68.235.82	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=82,CN)
120.69.177.139	24	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=139,CN)
120.69.4.252	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt _SourceFire (IP=52,CN)
120.7.151.238	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
120.70.100.54	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password - Failed Logons (IP=54,CN)
120.71.219.60	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=60,CN)
120.71.96.219	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=219,CN)
120.71.97.223	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=23,CN)
120.72.17.81	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=81,PH)
120.72.18.145	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2/BOT: Mirai Echobot Activity Detected - TT# 20C02406 (IP=145,PH)
120.72.18.54	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2/BOT: Mirai Echobot Activity Detected - TT# 20C02416 (IP=54,PH)
120.72.26.12	24	RR	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=12,PH)
120.77.183.243	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=243,CN)
120.78.213.209	24	RR	None	2020-04-19 00:00:00	2020-07-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=209,CN)
120.78.92.142	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=142,CN)
120.79.106.130	24	RB	None	2020-03-11 00:00:00	2020-06-09 00:00:00	None	SQL 1 = 1 - possible sql injection attempt_6 hr web attacks (IP=130,CN)
120.79.17.252	24	RR	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - SourceFire (IP=252,CN)
120.79.198.98	24	BMP	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Illegal user - 6hr Logon (IP=98,CN)
120.79.25.238	24	RB	None	2020-08-22 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=238,CN)
120.79.251.134	24	KF	None	2020-03-16 00:00:00	2020-06-14 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=134,CN)
120.79.90.40	24	FT	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=40,CN)
120.85.244.165	24	RR	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	Failed password - Failed Logons (IP=165,CN)
120.86.70.92	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=92,CN)
120.88.46.226	24	RR	None	2018-12-20 06:00:00	2020-03-05 00:00:00	None	Illegal user (IP=226,IN) | updated by RR with reason Invalid user - Failed Logons (IP=226,IN)
120.89.61.123	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=123,PH)
120.92.112.125	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=125,CN)
120.92.123.150	24	GM	None	2019-07-28 00:00:00	2020-05-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=150,CN) | updated by GM Block was inactive. Reactivated on 20200210 with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=150,CN)
120.92.133.32	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP=32,CN)
120.92.134.178	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=178,CN)
120.92.138.124	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=124,CN)
120.92.14.137	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=137,CN)
120.92.156.242	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=242,CN)
121.10.163.115	24	dbc	None	2014-07-02 05:00:00	2020-01-26 00:00:00	None	TCP Port Sweeps (ip=115 CN) | updated by RR with reason Generic ArcSight scan attempt (IP=115,CN)
121.101.134.186	24	GM	None	2020-09-17 00:00:00	2020-12-17 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=186,ID)
121.107.12.197	24	DT	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=197,JP)
121.11.111.13	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=13,CN)
121.12.151.250	24	GLM	None	2018-07-07 05:00:00	2020-03-06 00:00:00	None	Illegal user (IP=250,CN) | updated by GLM with reason Illegal user (IP=250,CN) | updated by GM with reason Invalid user - Failed Logons (IP=2,CN)
121.12.87.50	24	ABC	None	2019-01-08 06:00:00	2020-03-08 00:00:00	None	Generic ArcSight scan attempt(IP=50,China) | updated by GM with reason Invalid user - Failed Logons (IP=20,CN)
121.121.109.168	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Authentication Failed - 6hr Logons (IP=168,MY)
121.122.34.93	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=93,MY)
121.122.70.162	24	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=162,MY)
121.122.79.138	24	CW	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=38,MY)
121.122.93.209	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=209,MY)
121.126.31.151	24	dbc	None	2016-06-28 05:00:00	2020-04-08 00:00:00	None	KR TO-S-2016-0787 Malicious Activity | updated by dbc with reason KR TO-S-2019-0577 Malware Activity
121.127.15.91	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Illegal user (IP=91,PH)
121.127.228.249	32	CR	None	2020-01-13 00:00:00	2020-04-13 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01429 (IP=249,US)
121.127.232.3	32	RB	None	2020-05-20 00:00:00	2020-08-20 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02858 (IP=3,HK)
121.127.38.90	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AF TO-S-2020-0109.01 Malicious Email Activity
121.13.229.86	24	djs	None	2014-06-04 05:00:00	2020-01-02 00:00:00	None	DirectAdmin port 2222 Scans (ip=86,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=218,CN)
121.132.141.161	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Immediate Inbound Network Block - TT# 20C00825 (IP=161,US)
121.132.145.31	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password (IP=31,KR)
121.132.213.160	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=160,KR)
121.132.223.140	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user - Failed Logons (IP=140,KR)
121.133.252.253	24	RB	None	2019-06-16 00:00:00	2020-01-17 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=253 KR) | updated by RR with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 19C02959 (IP=253,KR) | updated by RB with reason HTT
121.133.252.253	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason KR TO-S-2020-0212.01 Malicious Web Application Activity
121.134.77.202	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=202,KR)
121.135.52.86	24	RR	None	2020-09-20 00:00:00	2020-12-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=86,KR)
121.136.119.7	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	Failed password for invalid user_Failed Logon (IP=7,KR)
121.137.106.165	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Failed password for invalid user - Failed Logon (IP=165,KR)
121.137.139.123	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=123,KR)
121.137.193.136	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	KR TO-S-2019-0351 Malware Activity
121.138.83.147	24	RB	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt_Sourcefire (IP=147,KR)
121.139.52.150	24	RB	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=150,KR)
121.142.219.230	24	BMP	None	2020-09-24 00:00:00	2020-12-24 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=230,KR)
121.143.141.59	24	BMP	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=59,KR)
121.144.177.230	24	RR	None	2019-06-30 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=230,KR) | updated by RB with reason SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt_Sourcefire (IP=230 KR) | 2020-01-04 | 2019-
121.144.177.230	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason KR TO-S-2020-0212.01 Malicious Web Application Activity
121.146.239.246	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	Web (HTTP) Attacks (IP=246,KR)
121.147.194.122	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=122,KR)
121.148.23.19	24	RR	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=19,KR)
121.148.85.82	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	APP-DETECT failed FTP login attempt (1:13360:7)_SourceFire (IP=82,KO)
121.15.11.9	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=9,CN)
121.15.2.178	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password_6 hr Failed Logons (IP=178,CN)
121.15.255.194	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Failed password - Failed Logons (IP=194,CN)
121.15.7.26	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	Failed password (IP=26,CN)
121.150.103.170	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason KR TO-S-2020-0212.01 Malicious Web Application Activity
121.151.15.207	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability_Web attacks (IP=7,KR)
121.151.20.247	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason KR TO-S-2020-0212.01 Malware Activity
121.151.20.248	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason KR TO-S-2020-0212.01 Malware Activity
121.156.203.3	24	CW	None	2020-01-14 00:00:00	2020-05-03 00:00:00	None	Illegal user_Failed Logon (IP=3,KR) | updated by KF Block expiration extended with reason Failed password (IP=3,KR)
121.157.204.146	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password for invalid user 6 hr Failed Logon (IP=146,KR)
121.16.152.230	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=230,CN)
121.16.34.126	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=126,CN)
121.160.198.198	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=198,KR)
121.161.42.79	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=79,KR)
121.162.116.193	24	RR	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=193,KR)
121.162.131.223	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=223,KR)
121.162.47.210	32	RW	None	2020-04-01 00:00:00	2020-05-01 00:00:00	None	Mirai Echobot - TT# 010420-00012 (IP=210,KR)
121.162.55.52	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	KR TO-S-2019-0351 Malware Activity
121.162.58.150	24	BMP	None	2020-06-20 00:00:00	2020-09-18 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=150,KR)
121.165.136.39	32	RW	None	2020-04-06 00:00:00	2020-05-06 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Mirai Echobot Activity Detected - TT# 20C02430 (IP=39,KR)
121.165.33.239	24	CR	None	2017-10-30 05:00:00	2020-01-20 00:00:00	None	Authentication Failed (IP=239,KR) | updated by RR with reason Authentication Failed (IP=239,KR) | updated by KF with reason Authentication Failed_6 Hr Failed Logons (IP=239,KR)
121.166.187.237	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Failed password - Failed Logons (IP=237,KR)
121.168.149.109	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=109,KR)
121.17.5.230	24	RB	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Illegal user_6 hr Failed Logons (IP=230,CN)
121.174.142.83	24	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	HTTP HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=83,KR)
121.174.240.194	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=194,KR)
121.175.88.104	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password - Failed Logons (IP=104,KR)
121.178.212.67	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=67,KR)
121.179.141.4	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=4,KR)
121.18.238.9	24	ged	None	2016-06-01 05:00:00	2020-02-15 00:00:00	None	ET SCAN Potential SSH Scan (IP=9, CN) | updated by jkc with reason ET SCAN SSHBruteForce (IP=104, CN) | updated by RB with reason HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=58,CN) | 2020-02-15 | 2017-03-01
121.18.96.215	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=215,CN)
121.180.45.135	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_12 hr web attacks (IP=135,KR)
121.182.166.82	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password for invalid user - Failed Logon (IP=82,KR)
121.183.203.60	24	CR	None	2019-01-02 06:00:00	2020-05-03 00:00:00	None	Illegal user (IP=60,KR) | updated by KF Block was inactive. Reactivated on 20200203 with reason Failed password (IP=60,KR)
121.185.105.50	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=50,KR)
121.186.152.203	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason KR TO-S-2020-0212.01 Malicious Web Application Activity
121.188.88.70	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0212.01 Malicious Web Application Activity
121.188.88.70	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	KR TO-S-2020-0206 Malicious Web Application Activity
121.190.92.17	24	KF	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=17,KR)
121.190.92.17	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=17,KR)
121.190.92.17	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=17,KR)
121.196.206.7	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_12 hr web attacks (IP=7,CN)
121.196.212.75	24	GM	None	2020-01-08 00:00:00	2020-04-08 00:00:00	None	Illegal user - Failed Logons (IP=75,CN)
121.200.3.85	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=85,AU)
121.200.48.0	21	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
121.201.101.184	32	DT	None	2020-06-17 00:00:00	2020-09-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03208 (IP=184,CN)
121.201.110.217	24	RR	None	2018-12-15 06:00:00	2020-01-29 00:00:00	None	Failed password for invalid user (IP=217,CN) | updated by RB with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=172 CN) | 2020-01-29 | 2019-03-15
121.201.34.10	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=10,CN)
121.201.46.229	24	KF	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=229,CN)
121.204.166.240	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=240,CN)
121.204.171.167	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=167,CN)
121.204.202.5	24	KF	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=5,CH)
121.206.143.140	32	dbc	None	2020-06-30 00:00:00	2020-09-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=140,CN)
121.22.5.93	24	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=93,CN)
121.222.228.62	24	DT	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=62,AU)
121.223.12.94	24	RR	None	2020-07-25 00:00:00	2020-10-23 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=94,AU)
121.224.141.205	24	BMP	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=205,CN)
121.226.134.142	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=142,CN)
121.226.160.183	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_failed Logon (IP=83,CN)
121.226.166.250	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=250,CN)
121.226.176.202	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=202,CN)
121.226.178.215	24	CW	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=15,CN) | updated by KF Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=215,CN)
121.226.209.161	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=161,CN)
121.226.237.146	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=146,CN)
121.226.249.78	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=78,CN)
121.227.238.198	24	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	TCP: SYN Host Sweep - Automated Block Calculations (IP=198,CN)
121.227.31.174	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=174,CN)
121.229.25.191	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=191,CN)
121.23.179.204	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=4,CN)
121.23.180.9	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=9,CN)
121.23.181.238	24	RB	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=238 CN)
121.23.20.102	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=102,CN)
121.23.246.4	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	UDP: Host Sweep (IP=4,CN)
121.231.49.77	24	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=77,CN)
121.233.108.216	24	RR	None	2020-01-03 00:00:00	2020-04-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=216,CN)
121.233.161.175	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=175,CN)
121.233.67.9	24	RR	None	None	2020-06-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=9,CN)
121.234.237.6	24	KF	None	2019-03-15 00:00:00	2020-04-17 00:00:00	None	APP-DETECT failed FTP login attempt (IP=6,CN) | updated by RR with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=148,CN)
121.234.63.114	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=114,CN)
121.241.210.227	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=227,IN)
121.241.244.93	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=93,ID)
121.243.17.131	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity
121.243.17.131	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0212.01 Malicious Web Application Activity
121.254.133.205	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Illegal user - Failed Logons (IP=205,KR)
121.254.133.205	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Illegal user - Failed Logons (IP=205,KR)
121.254.133.205	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Illegal user - Failed Logons (IP=205,KR)
121.254.26.15	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=15,KR)
121.254.70.57	24	RW	None	2020-04-19 00:00:00	2020-07-19 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=146,IN)
121.28.11.22	24	ABC	None	2018-03-28 05:00:00	2020-01-24 00:00:00	None	ET SCAN Potential VNC Scan 5900-5920 (IP=22,CN) | updated by GLM with reason ABC Generic ArcSight scan attempt (IP=242,CN)
121.28.11.242	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=242,CN)
121.36.0.190	24	BMP	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=190, CN) | updated by RW Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=190,CN)
121.36.102.162	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SQL Injection (IP=162,CN)
121.36.137.188	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=188,XX)
121.36.17.60	24	RR	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=60,CN)
121.36.194.11	24	KF	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	TCP: SYN Host Sweep (IP=11,CN)
121.36.198.166	24	KF	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	TCP: SYN Host Sweep (IP=166,CN)
121.36.200.84	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=84,GB)
121.36.216.244	24	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=244,CN)
121.36.217.201	24	CR	None	2020-06-12 00:00:00	2020-09-12 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=201,CN)
121.36.228.30	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=30,XX)
121.36.252.97	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=97,XX)
121.36.3.101	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=101,CN)
121.36.33.241	24	RB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=241,CN)
121.36.38.230	24	BMP	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=230,CN)
121.36.46.150	24	CR	None	2019-12-21 00:00:00	2020-03-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr Web Attack (IP=150,CN)
121.36.59.67	24	GM	None	2020-03-13 00:00:00	2020-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=67,CN)
121.36.64.14	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=14,CN)
121.36.79.222	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=222,CN)
121.36.92.9	24	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=9,CN)
121.37.0.193	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=193,CN)
121.37.173.195	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=195,CN)
121.37.180.39	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=39,XX)
121.37.21.77	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=77,XX)
121.37.30.251	24	RR	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	TCP: SYN Host Sweep (IP=251,CN)
121.46.113.35	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=35,IN)
121.46.27.20	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=20,CN)
121.46.29.116	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=116,CN)
121.46.84.58	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Failed password - Failed Logons (IP=58,IN)
121.48.165.121	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Web Attacks (IP=121,CN)
121.52.151.101	24	RR	None	2018-01-26 06:00:00	2020-01-26 00:00:00	None	APP-DETECT failed FTP login attempt (IP=101,PK) | updated by RR with reason SERVER-APACHE Apache Struts remote code execution | updated by RR with reason HTTP: PHP Remote Code Execution Vulnerability (CVE-2018-20062) - Web Attacks (IP=102,PK)
121.52.151.102	32	RR	None	2020-06-30 00:00:00	2020-09-28 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and CVE-2017-12617) - TT# 20C03337 (IP=102,PK)
121.52.152.6	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Generic ArcSight scan attempt (IP=6,PK)
121.54.175.248	24	GM	None	2020-06-18 00:00:00	2020-08-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=248,HK)
121.54.189.22	24	BMP	None	2020-03-17 00:00:00	2020-06-16 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=22,HK)
121.57.226.227	24	RB	None	2018-08-16 05:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt (IP=227,CN) | updated by RR with reason Generic ArcSight scan attempt (IP=249,CN)
121.60.55.42	24	RW	None	2019-10-25 00:00:00	2020-01-25 00:00:00	None	APP-DETECT failed FTP login attempt - 6hr Failed Logon(IP=42,CN)
121.65.111.234	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	KR TO-S-2019-0409 Malicious Email Activity
121.66.224.90	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Failed password for invalid user - Failed Logon (IP=90,KR)
121.66.252.155	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP=155,KR)
121.67.246.139	24	KF	None	2019-01-10 06:00:00	2020-03-08 00:00:00	None	Illegal user (IP=139,KR) | updated by BP Block was inactive. Reactivated on 20191209 with reason Failed password for invalid user (IP=139,KR)
121.69.135.162	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password (IP=162,CN)
121.7.24.212	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=212,SG)
121.7.25.189	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Generic ArcSight scan attempt (IP=189,SG)
121.74.198.58	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	NZ TO-S-2019-0508 Malware Activity
121.8.153.122	24	ABC	None	2018-02-01 06:00:00	2020-02-16 00:00:00	None	Generic ArcSight scan attempt (IP=122,CN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=194,CN)
121.8.164.0	24	GLM	None	2016-11-13 06:00:00	2020-02-08 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=138,CN) | updated by KF with reason Generic ArcSight scan attempt (IP=78,CN)
121.8.183.43	24	RB	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Illegal user_6 hr Failed Logons (IP=43,CN)
121.8.219.106	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=106,CN)
121.88.4.52	24	RR	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Illegal user - Failed Logons (IP=52,KR)
121.89.209.72	24	GM	None	2020-06-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=72,CN)
121.9.217.210	24	sjl	None	2016-05-20 05:00:00	2020-01-11 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=210 CN) | updated by ABC with reason Command Injection Attempt (IP=213,CN)
121.9.231.172	24	KF	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Failed password_6 Hr Failed Logons (IP=172,CN) | updated by RW with reason Authentication Failed - 6hr Failed Logon(IP=172,CN)
121.96.173.78	24	RR	None	2020-01-21 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=78,PH) | updated by RWB with reason Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Failed Logon (IP=
122.1.24.198	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason JP TO-S-2020-0212.01 Malicious Web Application Activity
122.10.100.248	24	BMP	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=248,HK)
122.102.217.153	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=153,JP)
122.103.135.235	32	DT	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt - Web Attacks (IP=235,US)
122.11.50.221	24	CW	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt _SourceFire (IP=21,CN)
122.112.179.189	32	dbc	None	2020-06-30 00:00:00	2020-09-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=189,CN)
122.112.226.37	24	RR	None	2020-03-13 00:00:00	2020-06-11 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=37,CN)
122.114.63.109	32	wmp	None	2020-07-29 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=109,CN) | updated by wmp Block expiration extended with reason HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=109,CN)
122.114.79.84	32	RR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01813 (IP=84,CN)
122.115.228.39	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=39,CN)
122.115.229.5	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=5,CN)
122.115.230.60	24	GM	None	2020-05-06 00:00:00	2020-08-06 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=60,CN)
122.115.235.236	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=236,CN)
122.115.54.247	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=247,CN)
122.115.55.29	24	RR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=29,CN)
122.115.59.227	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=227,CN)
122.116.164.159	24	RR	None	2020-09-14 00:00:00	2020-12-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=159,TW)
122.116.174.239	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=239,TW)
122.116.205.243	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - 6hr web attacks (IP=243,TW)
122.116.233.207	24	ged	None	2016-06-02 05:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Setup.php access (IP=207, TW) | updated by RR with reason SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=104,TW)
122.116.71.78	24	RR	None	2019-04-08 00:00:00	2020-01-14 00:00:00	None	APP-DETECT failed FTP login attempt (IP=78,TW) | updated by RR with reason APP-DETECT failed FTP login attempt - Web Attacks (IP=78,TW)
122.117.98.133	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt_SourceFire (IP=33,TW)
122.118.101.56	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=56,TW)
122.118.106.29	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=29,TW)
122.118.116.166	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=89,TW)
122.118.209.89	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=145,TW)
122.121.18.145	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=72,TW)
122.121.53.72	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=166,TW)
122.136.212.216	24	MLJ	None	2017-06-15 05:00:00	2020-01-15 00:00:00	None	ET SCAN Potential SSH Scan (IP=216,CN) | updated by CR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt _Sourcefire (IP=216,CN)
122.138.121.66	24	RW	None	2020-01-09 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=66,CN)
122.138.122.91	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=91,CN)
122.139.243.78	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=78,CN)
122.14.194.176	24	KF	None	2019-12-11 00:00:00	2020-03-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=176,CN)
122.14.208.241	24	RR	None	2018-08-15 05:00:00	2020-01-08 00:00:00	None	Illegal user (IP=241,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=63,CN)
122.14.208.63	32	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - 20C01660 (IP=63,US)
122.14.208.63	32	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - 20C01660 (IP=63,US)
122.14.208.63	32	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - 20C01660 (IP=63,US)
122.14.213.79	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	HTTP: SQL Injection Attempt Detected_web attacks (IP=79,CN)
122.14.215.68	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=68,CN)
122.14.218.107	24	JKC	None	2019-01-07 06:00:00	2020-01-14 00:00:00	None	WPC REGIONAL Fireeye multiple alerts MPS (IP=107,CN) | updated by CR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attack (IP=107,CN)
122.14.225.209	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=209,CN)
122.14.226.224	24	RB	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability_6 hr web attacks (IP=224,CN)
122.14.228.229	24	BP	None	2019-11-20 00:00:00	2020-02-20 00:00:00	None	Authentication Failed (IP=229,CN)
122.142.75.62	24	RB	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=62,CN)
122.143.122.70	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=70,CN)
122.143.129.250	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=250,CN)
122.144.131.93	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=93,CN)
122.146.92.24	24	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=24,TW)
122.15.82.83	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password for invalid user (IP=83,IN)
122.15.82.83	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password for invalid user (IP=83,IN)
122.152.198.125	24	CR	None	2019-05-07 00:00:00	2020-01-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_CIRT Web Attacks - Prior 6 hours (IP=125,CN) | updated by CW Block was inactive. Reactivated on 20191025 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=
122.152.202.55	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	HTTP: SQL Injection AttemptDetected (IP=55,CN)
122.152.206.168	24	RR	None	2018-12-08 06:00:00	2020-03-11 00:00:00	None	Failed password for invalid user (IP=168,CN) | updated by GM with reason APP-DETECT failed FTP login attempt - Sourcefire (IP=219,CN)
122.152.208.242	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=242,CN)
122.152.210.200	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=200,CN)
122.152.214.251	24	RB	None	2017-10-19 05:00:00	2020-04-02 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt (IP=251,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=15,CN)
122.152.215.43	24	RR	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=43,CN)
122.152.219.144	32	DT	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03766 (IP=144,CN)
122.152.219.227	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=227,CN)
122.152.220.70	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=70,CN)
122.152.250.89	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=89,CN)
122.154.103.70	24	RR	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=70,TH)
122.154.103.70	24	BMP	None	2020-07-07 00:00:00	2020-10-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=70,TH)
122.154.134.38	24	RR	None	2017-11-23 06:00:00	2020-01-22 00:00:00	None	Failed password (IP=38,TH) | updated by CW Block was inactive. Reactivated on 20191024 with reason Illegal user_Failed Logon (IP=38,TH)
122.154.140.114	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=114,TH)
122.154.163.115	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Failed password for invalid user - Failed Logon (IP=,CN)
122.154.225.237	32	RW	None	2020-02-18 00:00:00	2020-03-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C01756(IP=237,TH)
122.154.251.180	24	KF	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=180,TH)
122.155.165.107	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=107,TH)
122.156.43.53	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Illegal user - 6hr Logons (IP=53,CN)
122.160.0.0	12	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	IN TO-S-2019-0972 Malicious Web Application Activity
122.176.108.0	22	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	IN TO-S-2019-0508 Malware Activity
122.176.120.0	22	dcg	None	2018-08-20 05:00:00	2020-04-04 00:00:00	None	IN TO-S-2018-1046 associated with malicious web application activity | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=232,IN) | 2020-04-04 | 2019-08-20
122.176.174.240	24	RW	None	2020-09-27 00:00:00	2020-12-27 00:00:00	None	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt - Sourcefire (IP=240,IN)
122.176.18.210	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	IN TO-S-2019-0420 Malicious Email Activity
122.176.27.136	24	RB	None	2020-04-08 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (IP=136,IN) | Not blocked: This is a signature for home routers.
122.176.44.163	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Invalid user - Failed Logon (IP=163,IN)
122.176.67.15	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=15,IN)
122.177.24.226	24	KF	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Authentication Failed - Failed Logins (IP=226,IN)
122.177.54.151	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=151,IN)
122.178.218.146	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=146,IN)
122.181.206.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
122.181.216.162	24	RW	None	2020-02-18 00:00:00	2020-05-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=162,IN) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=162,IN)
122.182.221.252	24	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=252,IN)
122.199.225.53	24	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Invalid user - Failed Logons (IP=53,KR)
122.222.174.77	24	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=77,JP)
122.224.155.227	24	KF	None	2020-06-10 00:00:00	2020-09-08 00:00:00	None	Apache Struts 2 remote code execution vulnerability - TT# 20C03117 (IP=227,CN)
122.224.159.146	24	KF	None	2020-03-07 00:00:00	2020-06-05 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C02023 (IP=146,CN)
122.241.225.190	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=190,CN)
122.248.244.71	24	CR	None	2020-05-26 00:00:00	2020-08-26 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=71,SG)
122.252.255.0	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=0,IN)
122.34.228.173	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=173,KR)
122.4.223.2	24	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=2,CN)
122.41.87.188	32	dlb	None	2015-10-25 05:00:00	2020-03-24 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=188, KR) | updated by CW with reason SERVER-WEBAPP Apache Struts remote code execution attempt_SourceFire (IP=88,KR)
122.49.112.2	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	KR TO-S-2019-0409 Malicious Email Activity
122.51.100.64	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=64,XX)
122.51.102.194	24	BMP	None	2020-03-10 00:00:00	2020-04-09 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02106 (IP=194,CN)
122.51.102.194	24	BMP	None	2020-03-10 00:00:00	2020-04-09 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02106 (IP=194,CN)
122.51.102.69	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=69,CN)
122.51.108.144	24	RB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	Illegal user_6 hr Failed Logons (IP=144,CN)
122.51.109.23	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=23,CN)
122.51.110.247	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=247,XX)
122.51.112.1	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=1,CN)
122.51.113.109	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=109,CN)
122.51.116.169	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=169,CN)
122.51.119.129	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=129,CN)
122.51.130.123	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=123,CN)
122.51.131.200	24	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=200,CN)
122.51.133.238	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Web Attacks (IP=238,CN)
122.51.134.77	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_6 hr web attacks (IP=77,CN)
122.51.139.218	24	RR	None	2020-07-27 00:00:00	2020-10-25 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=218,CN)
122.51.140.196	24	GM	None	2019-12-24 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=196,CN)
122.51.141.108	32	CW	None	2020-01-04 00:00:00	2020-02-04 00:00:00	None	Unauthorized Access Attempt-TT# 20C01345 (IP=8,CN)
122.51.143.59	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Command Injection Attempt (IP=59,XX)
122.51.148.220	24	RWB	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - WebAttacks (IP=220,CN)
122.51.151.219	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr web attacks (IP=219,CN)
122.51.153.187	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=187,CN)
122.51.16.226	32	FT	None	2020-09-27 00:00:00	2020-12-27 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability
122.51.161.66	24	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=66,CN)
122.51.165.122	24	RR	None	2020-06-17 00:00:00	2020-09-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=122,CN)
122.51.165.18	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password_6 hr Failed Logons (IP=18,CN)
122.51.167.43	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=43,CN)
122.51.169.159	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=159,CN)
122.51.170.120	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=120,XX)
122.51.173.119	24	GM	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	ABC Generic ArcSight scan attempt (IP=119,CN)
122.51.183.12	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability_6 hr web attacks (IP=12,CN)
122.51.187.225	24	RR	None	2020-09-02 00:00:00	2020-12-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=225,CN)
122.51.189.39	32	RB	None	2020-06-28 00:00:00	2020-09-26 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03301 (IP=39,CN)
122.51.189.39	24	CW	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=39,CN)
122.51.191.79	24	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=79,CN)
122.51.193.126	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=126,XX)
122.51.194.176	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	HTTP: SQL Injection Attempt Detected - Wen Attacks (IP=176,CN)
122.51.2.33	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Failed password for invalid user -Failed Logons (IP=33,CN)
122.51.21.40	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Illegal user - Failed Logons (IP=40,CN)
122.51.210.100	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=100,CN)
122.51.211.249	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=249,CN)
122.51.211.67	32	DT	None	2020-06-23 00:00:00	2020-09-21 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03269 (IP=67,CN)
122.51.211.67	32	DT	None	2020-06-23 00:00:00	2020-09-21 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03269 (IP=67,CN)
122.51.212.239	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Command Injection Attempt (IP=239,XX)
122.51.216.202	24	GM	None	2020-09-30 00:00:00	2020-12-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=202,CN)
122.51.217.182	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=182,CN)
122.51.224.6	24	BMP	None	2020-08-03 00:00:00	2020-11-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=6,CN)
122.51.227.85	24	BMP	None	2020-06-26 00:00:00	2020-09-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=85,CN)
122.51.237.92	24	RB	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=92,CN)
122.51.239.105	24	RR	None	2020-09-19 00:00:00	2020-12-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=105,CN)
122.51.240.43	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=43,CN)
122.51.242.43	24	RW	None	2019-12-17 00:00:00	2020-03-17 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr web attacks (IP=43,CN)
122.51.243.139	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=139,CN) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
122.51.245.44	24	RW	None	2020-04-12 00:00:00	2020-07-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=44,CN)
122.51.249.41	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SQL Injection (IP=41,CN) | updated by DT Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=41,CN)
122.51.25.112	24	GM	None	2019-10-21 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=112,CN) | updated by RWB with reason Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - Failed Logon (IP=,CN)
122.51.250.74	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - WebAttacks (IP=74,CN)
122.51.251.224	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=224,CN)
122.51.253.32	24	GM	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=32,CN)
122.51.254.180	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - ET Scans (IP=180,CN)
122.51.254.93	24	DT	None	2020-06-08 00:00:00	2020-09-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks - (IP=93,CN)
122.51.27.118	24	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=118,CN)
122.51.29.221	24	RW	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=221,CN)
122.51.3.170	32	GM	None	2020-08-29 00:00:00	2020-11-29 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C03797 (IP=170,CN)
122.51.3.4	32	BMP	None	2020-07-10 00:00:00	2020-10-08 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03418 (IP=4,CN)
122.51.3.4	24	RR	None	2019-12-20 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=4,CN) | updated by RWB Block expiration extended with reason Attempted User Privilege Gain - SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execut
122.51.33.66	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_SourceFire (IP=66,CN)
122.51.34.18	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=18,CN)
122.51.36.252	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=252,CN)
122.51.37.26	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Failed password for invalid user - Failed Logon (IP=26,CN)
122.51.41.30	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt _SourceFire (IP=30,CN)
122.51.42.31	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=31,CN)
122.51.45.138	24	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=138,CN)
122.51.49.181	32	RB	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03824 (IP=181,CN)
122.51.49.181	32	CR	None	2020-06-15 00:00:00	2020-09-15 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03170 (IP=181,CN)
122.51.49.91	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
122.51.5.245	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=245,CN)
122.51.50.75	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=75,CN)
122.51.53.26	24	GM	None	2020-09-16 00:00:00	2020-12-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=26,CN)
122.51.55.171	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=171,CN)
122.51.56.28	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=28,CN)
122.51.57.78	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=78,CN)
122.51.58.42	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=42,CN)
122.51.59.138	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=138,CN)
122.51.64.238	24	BMP	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=238,CN)
122.51.66.122	24	GM	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	TCP: SYN Host Sweep (IP=122,CN)
122.51.72.136	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=136,CN)
122.51.74.196	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=196,CN)
122.51.75.25	24	BMP	None	2020-07-23 00:00:00	2020-10-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=25,CN)
122.51.77.128	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Failed password for invalid user - 6hr Logons (IP=128,CN)
122.51.8.208	24	BMP	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - 6hr Web Attacks (IP=208,CN)
122.51.80.81	24	BMP	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - 6hr Web Attacks (IP=81,CN)
122.51.82.66	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=66,CN)
122.51.83.37	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	Failed password - Failed Logons (IP=37,CN)
122.51.88.183	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	Failed password - Failed Logons (IP=183,CN)
122.51.89.155	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=155,XX)
122.51.91.181	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=181 CN)
122.51.95.85	24	DT	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=85,CN)
122.51.96.57	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=57,CN)
122.51.96.8	24	RR	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=8,CN)
122.51.96.8	24	BMP	None	2020-07-07 00:00:00	2020-10-05 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=8,CN)
122.51.97.164	24	KF	None	2020-06-20 00:00:00	2020-09-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=164,CN)
122.52.104.185	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=185,PH)
122.52.117.231	24	ABC	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=231,PH)
122.52.87.202	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	PH TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason PH TO-S-2020-0212.01 Malicious Web Application Activity
122.53.71.45	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	PH TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason PH TO-S-2020-0212.01 Malicious Web Application Activity
122.54.26.91	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	PH TO-S-2019-0926 Malicious Reconnaissance Activity
122.55.19.115	24	CR	None	2019-10-14 00:00:00	2020-01-14 00:00:00	None	Illegal user_6 hr Failed Logon (IP=115,PH)
122.58.165.185	24	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr Web Attacks (IP=185,NZ)
122.62.205.158	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=158,NZ)
122.7.245.147	32	GM	None	2019-12-08 00:00:00	2020-01-08 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - 20C01125 (IP=147,US)
122.70.153.111	24	CR	None	2019-06-11 00:00:00	2020-01-31 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=111,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=228,CN) | 2020-01-31 | 2019-09-11
122.70.158.79	24	FT	None	2020-09-01 00:00:00	2020-12-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=79,CN)
122.9.53.238	24	GM	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=238,CN)
122.96.93.180	24	GM	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	ABC Generic ArcSight scan attempt (IP=180,CN)
122.97.178.204	24	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=204,TH)
122.97.179.17	24	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=17,CN)
122.97.215.50	32	RR	None	2020-05-19 00:00:00	2020-08-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02847 (IP=50,CN)
122.97.220.129	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6hr web attacks (IP=129,CN)
122.97.222.197	24	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=197,CN)
123.1.153.191	24	ged	None	2015-01-06 06:00:00	2020-01-19 00:00:00	None	TCP HOST SWEEPS (IP=191, HK) | updated by GM with reason WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=95,HK) | updated by KF with reason Immediate Inbound Network Block - TT# 20C00515 (IP=95,US)
123.1.154.190	24	BLP	None	2016-09-30 05:00:00	2020-02-09 00:00:00	None	ET POLICY Suspicious inbound to | updated by MLJ with reason ET SCAN Potential SSH Scan (IP=130, | updated by GM with reason ABC Generic ArcSight scan attempt (IP=221,HK)
123.10.102.61	24	djs	None	2014-11-23 06:00:00	2020-02-08 00:00:00	None	inbound mySQL attempts (ip=61,CN) | updated by RB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_12 hr web attacks (IP=35,CN) | 2020-02-08 | 2015-02-23
123.10.151.233	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=233,CN)
123.10.236.54	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=54,CN)
123.10.33.80	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=80,CN)
123.10.57.78	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=78,CN)
123.10.58.68	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=68,CN)
123.10.61.22	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=22,CN)
123.108.109.34	24	RR	None	2020-01-20 00:00:00	2020-04-23 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=34,HK) | updated by RB Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=34 HK)
123.108.35.186	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password_6 hr Failed Logons (IP=186,IN)
123.11.239.184	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Web Attacks (IP=184,CN)
123.11.58.142	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=142,CN)
123.110.43.91	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=91,TW)
123.112.22.62	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=62,CN)
123.115.81.55	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=55,CN)
123.117.109.222	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	APP-DETECT failed FTP login attempt_Failed Logon (IP=22,CN)
123.12.48.208	24	CR	None	2019-12-21 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=208,CN)
123.12.59.223	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=223,CN) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
123.12.70.156	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=156,CN)
123.12.79.85	24	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - Web Attacks (IP=85,CN)
123.121.120.95	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=95,CN)
123.122.105.88	24	MLJ	None	2017-04-13 05:00:00	2020-01-10 00:00:00	None	ET SCAN Potential SSH Scan (IP=88,CN) | updated by RR with reason APP-DETECT failed FTP login attempt - Failed Logons (IP=208,CN)
123.124.79.201	32	DT	None	2020-06-15 00:00:00	2020-09-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03165 (IP=83,CN)
123.125.127.137	24	MLJ	None	2017-05-02 05:00:00	2020-01-23 00:00:00	None	ET SCAN Potential SSH Scan (IP=137,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 hr Web Attacks (IP=148,CN) | updated by RR with reason HTTP: ThinkPHP CMS Getshell Vulnerability - W
123.126.133.239	24	KF	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=239,CN)
123.126.2.158	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	Illegal user - Failed Logons (IP=158,CN)
123.127.107.70	24	CR	None	2017-10-31 05:00:00	2020-02-05 00:00:00	None	Illegal user (IP=70,CN) | updated by RR with reason Failed password for invalid user (IP=70,CN) | updated by RWB Block was inactive. Reactivated on 20191107 with reason Failed password for invalid user - Failed Logon (IP=70,CN)
123.129.7.123	32	RB	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	BOT: China Chopper Webshell Traffic Detected - TT# 20C00454 (IP=123,CN)
123.13.201.131	24	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	TCP: SYN Host Sweep - Automated Block Calculations (IP=131,CN)
123.13.63.223	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=223,CN)
123.130.101.226	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=226,CN)
123.133.112.42	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=42,CN)
123.133.78.91	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Illegal user - Failed Logons (IP=91,CN)
123.134.60.177	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Immediate Inbound Network Block - TT# 20C00517 (IP=177,US)
123.136.174.30	24	klb	None	2016-06-28 05:00:00	2020-03-18 00:00:00	None	Failed FTP Logins (IP=30 IN) | updated by dbc with reason IN TO-S-2019-0508 Malware Activity
123.136.196.250	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
123.136.211.234	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
123.136.217.95	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
123.136.241.67	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
123.14.255.52	24	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=52,CN)
123.142.108.122	24	GM	None	2019-11-18 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=122,KR)
123.143.203.67	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Invalid user - Failed Logon (IP=,CN)
123.144.22.54	24	RR	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (1:41697:2) - SourceFire (IP=54,CN)
123.146.23.143	24	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=143,CN)
123.15.4.136	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=136,CN)
123.150.47.142	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=142,CN)
123.158.48.84	24	RR	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt (1:40446:3) - SourceFire (IP=84,CN)
123.158.49.131	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=131,CN)
123.159.207.168	24	RR	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=168,CN)
123.16.131.75	32	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Immediate Inbound Network Block - TT# 20C00813 (IP=75,US)
123.16.222.219	24	Authentication	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Failed - Failed Logons (IP=219,VN)
123.16.233.205	24	RWB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	Illegal user - Failed Logon (IP=205,VN)
123.16.53.1	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=1,Vietnam)
123.160.246.55	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Failed password for invalid user - Failed Logon (IP=55,CN)
123.163.150.143	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_6 hr web attacks (IP=143 CN)
123.173.211.148	24	RR	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=148,CN)
123.177.20.229	32	GM	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C03749 (IP=229,CN)
123.177.20.229	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=229,CN)
123.177.22.5	32	GM	None	2020-08-11 00:00:00	2020-11-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C03693 (IP=5,CN)
123.177.22.5	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=5,CN)
123.177.23.133	24	RW	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=133,CN)
123.178.134.70	24	RW	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	UDP: Host Sweep (IP=70,CN)
123.18.206.22	24	RB	None	2020-08-01 00:00:00	2020-09-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=22,VN)
123.182.234.200	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Illegal user - Failed Logons (IP=200,CN)
123.189.137.16	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=16,CN)
123.19.36.186	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=186,VN)
123.191.13.163	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=163,CN)
123.191.134.185	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=185,CN)
123.191.158.81	24	CR	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=81,CN)
123.192.97.66	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=66,TW)
123.195.225.36	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=36,TW)
123.20.214.189	24	RB	None	2020-06-27 00:00:00	2020-09-25 00:00:00	None	SERVER-WEBAPP Adobe Experience Manager server side request forgery attempt - 6hr web attack (IP=189,VN)
123.20.214.189	32	RR	None	2020-06-30 00:00:00	2020-09-28 00:00:00	None	HTTP: Apache Struts Remote Code Execution Vulnerability (CVE-2018-11776) - TT# 20C03338 (IP=189,VN)
123.20.4.22	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed - 6hr Logon (IP=22,VN)
123.20.91.29	24	RB	None	2020-05-20 00:00:00	2020-08-20 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attack (IP=29,VN)
123.20.99.43	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=43,VN)
123.201.150.234	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=234,IN)
123.201.20.30	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP= 30 , IN )
123.205.119.131	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=131,TW)
123.206.103.61	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=61,CN)
123.206.127.88	24	FT	None	2020-09-18 00:00:00	2020-12-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=88,CN)
123.206.13.198	24	EDBT	None	2016-12-17 06:00:00	2020-03-04 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=198,CN) | updated by jkc with reason ET POLICY Suspicious inbound to | | updated by RR with reason Failed password for invalid user -Failed Logons (IP=46,CN)
123.206.134.27	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password - Failed Logon (IP=27 ,CN)
123.206.17.141	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=141,CN)
123.206.175.89	32	DT	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability(CVE-2019-16759 - TT# 20C03217 (IP=89,CN)
123.206.191.254	24	CR	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_Web Attack (IP=254,CN)
123.206.197.56	24	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=56,CN)
123.206.20.12	24	klb	None	2016-08-10 05:00:00	2020-02-05 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=12 CN) | updated by RR with reason Command Injection Attempt (IP=190,CN)
123.206.205.78	24	RB	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attack (IP=78,CN)
123.206.218.218	24	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=218,CN)
123.206.22.180	24	EDBT	None	2017-11-22 06:00:00	2020-01-29 00:00:00	None	ET SCAN Potential SSH Scan (IP=180,CN) | updated by CR with reason MALWARE-BACKDOOR JSP webshell backdoor detected (IP=29,CN) | updated by GM with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=29,CN)
123.206.22.29	32	RB	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03807 (IP=29,CN)
123.206.221.238	24	wmp	None	2018-11-08 06:00:00	2020-01-15 00:00:00	None	Hello Peppa Scan (IP=238,CH) | updated by GM with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=190,CN)
123.206.229.175	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=175,CN)
123.206.230.174	24	GM	None	2020-03-05 00:00:00	2020-06-05 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=174,CN)
123.206.230.174	24	GM	None	2020-03-05 00:00:00	2020-06-05 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=174,CN)
123.206.231.193	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=193,CN)
123.206.232.245	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Command Injection Attempt (IP=245,CN)
123.206.27.166	24	CR	None	2018-11-26 06:00:00	2020-01-10 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=166,CN) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=217,CN)
123.206.30.128	24	GM	None	2019-03-29 00:00:00	2020-01-20 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=128,CN) | updated by RB with reason Command Injection Attempt (IP=169,CN) | 2020-01-20 | 2019-06-29
123.206.41.12	24	KF	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Failed password_6 Hr Failed Logons (IP=12,CN) | updated by RW with reason Authentication Failed - 6hr Failed Logon(IP=12,CN)
123.206.46.142	32	RW	None	2020-06-16 00:00:00	2020-12-23 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03187 (IP=142,CN) | updated by DT Block was inactive. Reactivated on 20200924 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759
123.206.46.142	24	RW	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=142,CN)
123.206.49.2	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=2,CN)
123.206.50.50	24	RW	None	2020-09-01 00:00:00	2020-12-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=50,CN)
123.206.6.32	24	GLM	None	2018-10-24 05:00:00	2020-04-04 00:00:00	None	Illegal user (IP=32,CN) | updated by CW with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=88,CN) | 2020-04-04 | 2019-01-24
123.206.68.35	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Invalid user - Failed Logon (IP=35,CN)
123.206.77.88	24	EDBT	None	2017-11-13 06:00:00	2020-01-04 00:00:00	None	ET SCAN Potential SSH Scan (IP=88,CN) | updated by CR with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_CIRT Web Attacks - Prior 6 hours (IP=106,CN) | updated by RB with reason SERVER-WEBAPP D-Link DSL-2750B route
123.206.81.59	24	RR	None	2019-01-19 00:00:00	2020-01-28 00:00:00	None	Failed password for invalid user (IP=59,CN) | updated by RWB Block was inactive. Reactivated on 20191030 with reason Failed password - Failed Logon (IP=59,CN)
123.206.83.233	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=233,CN)
123.206.9.225	32	wmp	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=225,CN)
123.206.91.121	24	EDBT	None	2017-03-17 05:00:00	2020-03-10 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=121,CN) | updated by RR with reason Illegal user (IP=120,CN) 2017-06-15 2 | updated by RR with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=177,CN)
123.206.95.182	24	RR	None	2017-02-13 06:00:00	2020-03-07 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=182,CN) | updated by GM with reason Invalid user - Failed Logons (IP=2,CN)
123.207.107.218	32	BMP	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02928 (IP=218,CN)
123.207.108.51	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=51,CN)
123.207.115.238	24	MLJ	None	2017-08-04 05:00:00	2020-01-12 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=238,CN) | updated by ABC with reason Generic ArcSight scan attempt (IP=16 | updated by ABC with reason Command Injection Attempt (IP=16,CN)
123.207.122.21	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=21,CN)
123.207.123.245	24	YM	None	2018-05-23 05:00:00	2020-03-05 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=245,CN) | updated by GM with reason Failed password - Failed Logons (IP=252,CN)
123.207.123.252	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=252,CN)
123.207.127.129	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=129,CN)
123.207.127.129	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=129,CN)
123.207.145.214	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=214,CN)
123.207.16.189	24	MLJ	None	2017-05-18 05:00:00	2020-01-29 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=189,CN) | updated by GLM with reason Illegal user (IP=164,CN) | updated by GM with reason Failed password - Failed Logons (IP=33,CN)
123.207.164.214	24	RB	None	2018-03-24 05:00:00	2020-01-02 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt (IP=214,CN) | updated by RB with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=177,CN) | 2020-01-02 | 2018-06-22
123.207.170.219	24	RB	None	2018-12-10 06:00:00	2020-01-06 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=219,CN) | updated by KF Block was inactive. Reactivated on 20191008 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=219,CN)
123.207.182.12	24	RR	None	2017-04-26 05:00:00	2020-03-26 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=12,CN) | updated by YM with reason ET POLICY Suspicious inbound to MSSQL | updated by RB with reason HTTP: SQL Injection Attempt Detected-6 hr web attacks (IP=215,CN) | 2020-03-26 | 2017-07-26
123.207.185.245	24	RW	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=245,CN)
123.207.186.108	24	RB	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=108,CN)
123.207.186.35	24	RR	None	2017-11-10 06:00:00	2020-04-19 00:00:00	None	Illegal user (IP=35,CN) | updated by RB with reason HTTP: ThinkPHP CMS Getshell Vulnerability (IP=135 CN) | 2019-07-19 | 2018- | updated by KF with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_6 hr web attacks (I
123.207.198.240	24	RWB	None	2019-10-24 00:00:00	2020-01-23 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - WebAttacks (IP=240,CN) | updated by CW Block expiration extended with reason Command Injection Attempt (IP=240,CN)
123.207.2.166	24	RR	None	2017-05-04 05:00:00	2020-02-23 00:00:00	None	ET SCAN Potential SSH Scan (IP=166,CN) | updated by CR with reason Illegal user (IP=151,CN) | updated by BP with reason Failed password for invalid user - Failed Logons (IP=120,CN)
123.207.201.189	24	RB	None	2020-05-29 00:00:00	2020-08-27 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_Sourcefire (IP=189,CN)
123.207.210.64	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat - SourceFire (IP=64,CN)
123.207.226.105	32	BMP	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03417 (IP=105,CN)
123.207.226.105	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=105,CN)
123.207.233.79	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Invalid user -Failed Logons (IP=79,CN)
123.207.236.1	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user (IP= 1 , CN )
123.207.236.199	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP= 199 , CN )
123.207.240.40	24	RB	None	2018-12-07 06:00:00	2020-01-12 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=40,CN) | updated by ABC with reason Command Injection Attempt (IP=126,CN)
123.207.241.52	24	ALJ	None	2018-09-01 05:00:00	2020-02-23 00:00:00	None	Illegal user (ip=52,CN) | updated by BP with reason Invalid user - Failed Logons (IP=223,CN)
123.207.243.91	24	CR	None	2019-03-25 00:00:00	2020-01-18 00:00:00	None	Malicious.LIVE.DTI.URL (IP=91,CN) | updated by CR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=112,CN)
123.207.244.243	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=243,CN)
123.207.247.68	24	RR	None	None	2020-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=68,CN)
123.207.254.143	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=143,CN)
123.207.28.0	24	GLM	None	2016-10-28 05:00:00	2020-01-03 00:00:00	None	PROTOCOL-FTP Bad login (1:491) (IP=17,CN) | updated by ABC with reason Generic ArcSight scan attempt(IP=205,China) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=205,CN)
123.207.3.133	24	RW	None	2020-01-19 00:00:00	2020-08-01 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=133,CN) | updated by GM Block was inactive. Reactivated on 20200501 with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=133,CN)
123.207.3.133	24	RW	None	2020-04-29 00:00:00	2020-07-29 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=133,CN)
123.207.3.133	24	RW	None	2020-01-19 00:00:00	2020-08-01 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=133,CN) | updated by GM Block was inactive. Reactivated on 20200501 with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=133,CN)
123.207.33.93	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=93,CN)
123.207.40.197	24	RB	None	2018-11-08 06:00:00	2020-02-01 00:00:00	None	Vulnerability 11 (IP=197 CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=70,CN) | 2020-02-01 | 2019-02-06
123.207.52.78	32	RW	None	2020-02-12 00:00:00	2020-10-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01698(IP=78,CN) | updated by DT Block was inactive. Reactivated on 20200706 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)
123.207.67.92	24	KF	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=92,CN)
123.207.7.130	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=130,CN)
123.207.73.150	24	RR	None	2019-05-15 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 hr Web attacks (IP=150,CN) | updated by ABC Block was inactive. Reactivated on 20191025 with reason Command Injection Attempt (IP=150,CN) | updated by RW Block expiratio
123.207.74.24	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=24,CN)
123.207.78.83	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=83,CN)
123.207.9.70	24	RR	None	2019-06-22 00:00:00	2020-03-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=70,CN) | updated by GM with reason Invalid user - Failed Logons (IP=17,CN)
123.207.92.128	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Attempted User Privilege Gain - SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=128,CN)
123.207.94.252	24	RB	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=252,CN)
123.209.119.107	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	AU TO-S-2019-0926 Malicious Reconnaissance Activity
123.21.212.199	24	KF	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	Illegal user (IP=199,VN)
123.21.33.151	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Failed password - Failed Logons (IP=151,VN)
123.21.35.183	24	RR	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=183,VN)
123.213.122.46	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=46,KR)
123.23.137.111	24	RWB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=111,VN)
123.231.167.98	24	RR	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=98,ID)
123.231.248.178	24	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=178,ID)
123.231.44.71	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user - Failed Logons (IP=71,LK)
123.232.124.106	24	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	Authentication Failed - Failed Logons (IP=106,CN)
123.232.125.162	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=162,CN)
123.232.26.132	24	RR	None	2019-10-02 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=132,CN) | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=132, CN)
123.233.116.60	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password_6 hr Failed Logons_CPC (IP=60 CN) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
123.235.100.214	24	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - Web Attacks (IP=214,CN)
123.235.121.223	24	RR	None	2020-06-17 00:00:00	2020-09-15 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=223,CN)
123.235.18.142	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=142,CN)
123.241.65.99	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=99,TW)
123.245.24.125	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=125,CN)
123.25.238.108	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=108,VN)
123.25.239.135	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=135,Vietnam)
123.253.37.44	24	RR	None	None	2020-07-09 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=44,BG)
123.254.209.170	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=170,KR)
123.27.228.132	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt (IP=132,VN)
123.28.202.53	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=53,VN)
123.31.29.203	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=203,VN)
123.4.91.230	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=230,CN)
123.5.182.12	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=12,CN)
123.51.222.157	24	RR	None	None	2020-07-09 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=157,TW)
123.52.136.150	24	ALJ	None	2018-09-10 05:00:00	2020-04-07 00:00:00	None	Illegal user (ip=150,cn) | updated by RW Block was inactive. Reactivated on 20200107 with reason INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=150,CN)
123.56.179.69	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=69,CN)
123.56.75.159	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=159,CN)
123.56.80.143	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=143,CN)
123.58.0.79	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=79,CN)
123.58.236.228	24	GM	None	2019-10-07 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=228,CN)
123.58.241.216	24	KF	None	2020-03-21 00:00:00	2020-06-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=216,CN)
123.58.3.14	24	RR	None	2020-07-26 00:00:00	2020-10-24 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=14,CN)
123.58.33.18	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=18,CN)
123.58.4.78	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr Web attacks (IP=78,CN)
123.58.5.130	24	GM	None	2019-10-07 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=130,CN)
123.58.6.46	24	RB	None	2018-04-08 05:00:00	2020-01-12 00:00:00	None	ET SCAN Suspicious inbound to mySQL port 3306 (IP=46,CN) | updated by ABC with reason Command Injection Attempt (IP=216,CN)
123.58.8.34	24	RB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability_6 hr web attacks (IP=34,CN)
123.7.208.20	24	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=20,CN)
123.7.27.6	24	RW	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=6,CN)
123.7.55.158	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=158,CN)
123.97.141.23	24	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=23,CN)
123.97.150.14	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=14 CN)
124.101.122.151	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Command Injection Attempt (IP=151,JP)
124.104.175.234	24	BMP	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	Authentication Failed - 6hr Logon (IP=234,PH)
124.106.83.63	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	PH TO-S-2020-0206 Malicious Web Application Activity
124.106.83.63	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	PH TO-S-2020-0212.01 Malicious Web Application Activity
124.108.21.100	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password for invalid user - sourcefire (IP=100,HK)
124.115.113.26	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=26,CN)
124.116.41.218	24	GM	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	ABC Generic ArcSight scan attempt (IP=218,CN)
124.117.238.228	24	KF	None	2019-01-05 06:00:00	2020-03-10 00:00:00	None	Failed password (IP=228,CN) | updated by RR with reason Authentication Failed - Failed Logons (IP=228,CN)
124.119.120.104	24	BMP	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=104,CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=104,CN)
124.119.123.184	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Web attacks (IP=84,CN)
124.119.133.115	24	RR	None	2020-01-03 00:00:00	2020-04-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=115,CN)
124.119.134.26	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=26,CN)
124.119.139.27	24	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=27,CN)
124.120.217.245	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	TH TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason TH TO-S-2020-0212.01 Malicious Web Application Activity
124.121.0.0	16	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	TH TO-S-2019-1036 Malicious Email Activity
124.123.154.40	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=40,IN)
124.123.255.8	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=8,IN)
124.123.40.181	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=181,IN)
124.123.41.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
124.123.96.220	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=220,IN)
124.123.96.220	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=220,IN)
124.123.99.238	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
124.127.71.9	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	UDP: Host Sweep (IP=9,CN)
124.127.99.73	24	BMP	None	2020-06-26 00:00:00	2020-09-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=73,CN)
124.128.196.59	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=59,CN)
124.128.77.130	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=130,CN)
124.13.122.45	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	MY TO-S-2020-0012 Malicious Email Activity
124.13.148.253	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=53,MY)
124.13.241.151	24	EDBT	None	2018-01-15 06:00:00	2020-04-21 00:00:00	None	ET SCAN Potential SSH Scan (IP=151,MY) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=112,MY)
124.150.175.133	24	CR	None	2020-04-30 00:00:00	2020-07-30 00:00:00	None	Case # 1927 - IOC_ Emotet (IP=133,NZ)
124.152.25.13	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=13,CN)
124.152.76.157	24	RR	None	2020-07-26 00:00:00	2020-10-24 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=157,CN)
124.152.76.193	24	RR	None	2020-07-27 00:00:00	2020-10-25 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=193,CN)
124.153.75.28	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=28,IN)
124.156.105.251	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=251,HK)
124.156.108.61	24	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	TCP: SYN Host Sweep (IP=61,HK)
124.156.114.168	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Web Attacks (IP=168,HK)
124.156.116.126	24	GM	None	2019-07-01 00:00:00	2020-02-11 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=126,CN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=72,CN)
124.156.117.162	24	RB	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=162 HK)
124.156.120.190	24	RW	None	2020-07-25 00:00:00	2020-10-25 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=190,HK)
124.156.132.111	24	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=111,HK)
124.156.136.132	24	GM	None	2020-07-12 00:00:00	2020-10-12 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=132,HK)
124.156.139.104	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=104,HK)
124.156.143.76	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=76,SG)
124.156.160.69	24	RB	None	2019-07-20 00:00:00	2020-02-12 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=69 HK) | updated by CW with reason Unauthorized Access Attempt-TT# 20C01421 (IP=69,SG)
124.156.172.11	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=11,SG)
124.156.173.145	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=145,no ISC data)
124.156.174.31	32	GM	None	2020-03-08 00:00:00	2020-06-08 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C02065 (IP=31,US)
124.156.182.105	24	RB	None	2019-07-21 00:00:00	2020-02-12 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=105,HK) | updated by CW with reason Unauthorized Access Attempt-TT# 20C01423 (IP=3,SG)
124.156.183.28	24	RR	None	2019-05-08 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=,SG) | updated by KF with reason Immediate Inbound Network Block - TT# 20C00940 (IP=227,US)
124.156.185.149	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=149,CN)
124.156.196.246	24	CR	None	2019-06-18 00:00:00	2020-01-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=246,SG) | updated by RB with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=246,SG) | 2020-01-03 | 2019-09-18
124.156.200.56	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=56,SG)
124.156.210.20	24	RB	None	2019-06-16 00:00:00	2020-01-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=20 JP) | updated by RB with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=250,JP) | 2020-01-02 | 2019-09-14
124.156.240.114	32	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01695 (IP=114,SG)
124.156.62.116	24	RW	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=116,IN)
124.156.64.185	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=185,SG)
124.156.99.200	24	RW	None	2020-03-03 00:00:00	2020-06-03 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=200,HK)
124.158.0.0	20	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	VN TO-S-2019-0972 Malware Activity
124.158.167.154	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=154,ID)
124.158.4.88	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=88,VN)
124.16.128.65	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=65,CN)
124.16.139.243	24	CR	None	2019-12-04 00:00:00	2020-03-04 00:00:00	None	Failed password for invalid user - 6 hr failed logon (IP=243,CN)
124.160.102.26	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password_6 hr Failed Logons (IP=26,CN)
124.160.103.210	24	RW	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=210,CN)
124.160.236.216	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=216,CN)
124.160.83.138	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=138,CN)
124.161.231.150	24	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Failed password - Failed Logons (IP=150,CN)
124.161.254.133	24	DT	None	2020-06-14 00:00:00	2020-09-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=133,CN)
124.166.240.130	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=130,CN)
124.167.146.67	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=67,CN)
124.172.152.184	24	RR	None	2020-08-13 00:00:00	2020-11-11 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=184,CN)
124.173.72.98	24	KF	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03246 (IP=98,CN)
124.186.242.249	24	RB	None	2020-07-20 00:00:00	2020-10-18 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - 6hr failed logon (IP=249,AU)
124.191.133.104	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed_Failed Logon (IP=4,AU)
124.192.225.160	24	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	UDP: Host Sweep (IP=160,CN)
124.193.93.83	32	DT	None	2020-06-15 00:00:00	2020-09-15 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability(CVE-2019-16759) - TT# 20C03163 (IP=83,CN)
124.202.202.178	24	BMP	None	2020-01-15 00:00:00	2020-04-21 00:00:00	None	Illegal User - 6hr Failed Logon | updated by RWB with reason Illegal user - Failed Logon (IP=178,CN)
124.204.64.178	24	RB	None	2020-01-07 00:00:00	2020-04-06 00:00:00	None	Illegal user_6 hr Failed Logons (IP=178 CN)
124.205.103.66	24	RR	None	2017-04-17 05:00:00	2020-02-01 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=66,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=66,CN) | 2020-02-01 | 2017-07-16
124.205.141.245	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	Timeout before authentication for - Failed Logons (IP=245,CN)
124.205.190.49	24	RW	None	2020-05-18 00:00:00	2020-08-18 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=49,CN)
124.205.224.179	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Failed password_6 hr Failed Logons (IP=179 CN)
124.205.48.8	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=8,CN)
124.205.67.186	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=186,HK)
124.215.204.147	24	RR	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX function call access - SourceFire (IP=147,JP)
124.216.1.169	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=169,KR)
124.217.251.12	24	GM	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=12,MY)
124.219.105.17	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=17,Taiwan)
124.225.42.147	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=47,CN)
124.225.44.66	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=66,CN)
124.225.45.154	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=154,CN)
124.225.45.154	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=154,CN)
124.225.47.151	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=151,CN)
124.227.196.119	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password (IP=119,CN)
124.228.27.147	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Web attacks (IP=47,CN)
124.228.28.3	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=3,CN)
124.228.29.168	24	CR	None	2020-01-01 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=168,CN)
124.228.31.13	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=11,CN)
124.228.9.126	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=126,CN)
124.229.162.150	24	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	Illegal User - 6hr Logons (IP=150,CN)
124.230.174.163	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=163,CN)
124.230.40.243	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=243,CN)
124.230.46.43	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=43,CN)
124.230.48.202	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Web attacks (IP=2,CN)
124.230.49.110	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=110,CN)
124.230.51.169	24	CR	None	2020-01-20 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=169,CN)
124.230.53.15	24	RR	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=15,CN)
124.230.99.34	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=34,CN)
124.232.164.181	24	RB	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=181,CN)
124.235.138.225	24	FT	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=225,CN)
124.235.138.225	24	RR	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt (1:45073:2) - SourceFire (IP=225,CN)
124.235.171.114	24	RR	None	2018-01-18 06:00:00	2020-02-17 00:00:00	None	Illegal user (IP=114,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=114,CN) | 2020-02-17 | 2018-04-18
124.236.22.12	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=12,CN)
124.238.15.208	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=208,CN)
124.239.128.147	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=147,CN)
124.239.176.49	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_12 hr web attacks (IP=49,CN)
124.251.110.148	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=148,CN)
124.251.51.54	24	RWB	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=54,CN)
124.253.5.98	24	RR	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	Illegal user - Failed Logons (IP=98,IN)
124.40.244.19	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=19,IN)
124.40.244.199	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=199,IN)
124.40.246.1	32	RB	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00452 (IP=1,IN)
124.42.117.243	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=243,CN)
124.42.14.98	24	dbc	None	2014-09-07 05:00:00	2020-01-25 00:00:00	None	Suspicious inbound to mySQL port 3306 (ip=98 CN) | updated by RR with reason Generic ArcSight scan attempt (IP=74,CN)
124.43.10.169	24	RW	None	2020-09-02 00:00:00	2020-12-02 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=169,LK)
124.43.130.47	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=47,LK)
124.43.16.144	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=144,LK)
124.43.8.138	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=138,LK)
124.65.107.42	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=42,CN)
124.65.152.14	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 Hr Failed Logons (IP=14,CN)
124.65.195.162	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=162,CN)
124.65.236.10	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=10,CN)
124.65.65.154	24	DT	None	2020-07-28 00:00:00	2020-10-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=154,CN)
124.65.71.226	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Timeout before authentication for - 6hr Logons (IP=226,CN)
124.67.89.18	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_12 hr web attacks (IP=18,CN)
124.70.145.113	24	BMP	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=113,CN)
124.70.147.195	24	KF	None	2020-06-20 00:00:00	2020-09-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=195,CN)
124.74.248.146	24	MLJ	None	2018-04-02 05:00:00	2020-02-19 00:00:00	None	ET SCAN Potential SSH Scan (IP=146,CN) | updated by BP with reason Authentication Failed - 6hr Failed Logon (IP=218,CN)
124.74.248.218	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=218,CN)
124.84.242.10	24	RB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Malware Callback - Hive Case 1294 (IP=10,JP)
124.86.60.190	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=190,JP)
124.86.87.6	24	GM	None	2020-04-28 00:00:00	2020-07-28 00:00:00	None	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt - Web Attacks (IP=6,JP)
124.88.112.156	24	CR	None	2020-01-01 00:00:00	2020-04-01 00:00:00	None	Backdoor.XtremeRAT - Hive Case 1132 (IP=156,CN)
124.88.113.113	24	RB	None	2019-05-21 00:00:00	2020-02-05 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt_Sourcefire (IP=113,CN) | updated by RR with reason Generic ArcSight scan attempt (IP=165,CN)
124.88.55.49	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt - SourceFire (IP=49,CN)
124.90.55.137	24	EDBT	None	2018-02-04 06:00:00	2020-02-04 00:00:00	None	ET POLICY Suspicious inbound to PostgreSQL port 5432 (IP=137,CN) | updated by RB with reason SERVER-WEBAPP Multiple products DVR admin password leak attempt_6 hr web attacks (IP=226 CN) | 2019-08-07 | 2018-05-05 | updated by RR with reason Generic A
124.92.127.102	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=102,CN)
124.95.137.53	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=53,CN)
124.95.178.28	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Generic ArcSight scan attempt (IP=28,CN)
124.99.247.183	24	KF	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Malware Callback Detected (183,JP)
125.106.251.191	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01803 (IP=191,CN)
125.106.26.138	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=138,CN)
125.108.115.140	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=140,CN)
125.114.63.126	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=126,CN)
125.119.13.70	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=70,CN)
125.119.246.141	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=141,CN)
125.124.55.174	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=174,CN)
125.124.63.19	24	GM	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=19,CN)
125.124.70.22	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=22,CN)
125.124.91.206	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=206,CN)
125.127.126.95	24	RR	None	2020-01-31 00:00:00	2020-05-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=95,CN) | updated by BMP with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=111,CN)
125.127.127.218	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=218,CN)
125.127.135.156	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=156,CN)
125.127.139.223	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=23,CN)
125.127.146.127	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=127,CN)
125.127.52.243	24	BMP	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=243,CN)
125.128.0.0	11	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	KR TO-S-2019-0532 Malicious Email Activity
125.141.133.7	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	KR TO-S-2019-0532.01 Phishing Activity
125.160.17.0	24	ged	None	2014-02-20 06:00:00	2020-01-03 00:00:00	None	SSH Scans (ip=22, ID) | updated by RR with reason Authentication Failed (IP=32,ID) | updated by GM with reason Illegal user - Failed Logons (IP=32,ID)
125.160.248.179	24	RB	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt-Sourcefire (IP=179,ID)
125.160.64.236	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=236,ID)
125.160.67.94	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=94,ID)
125.161.130.121	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed_Failed Logon (IP=21,ID)
125.161.139.116	24	RB	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=116,ID)
125.161.204.124	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=124,ID)
125.163.113.162	24	GM	None	2020-07-23 00:00:00	2020-10-23 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - Web Attacks (IP=162,ID)
125.163.116.77	24	GM	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - Web Attacks (IP=77,ID)
125.163.129.42	24	RR	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - Failed Logopns (IP=42,ID)
125.165.114.248	24	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - Failed Logons (IP=248,ID)
125.17.228.202	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=202,IN)
125.18.79.123	24	RR	None	2020-01-17 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=123,IN) | updated by RB Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=123 IN)
125.180.76.202	24	RW	None	2020-01-07 00:00:00	2020-04-09 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=202,KR) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=202,KR)
125.206.174.50	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=50,JP)
125.209.210.90	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason KR TO-S-2020-0212.01 Malware Activity
125.209.235.181	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	KR TO-S-2019-0351 Malware Activity
125.21.163.79	24	RR	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	Illegal user - Failed Logons (IP=79,IN)
125.211.197.252	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Failed password - Failed Logons (IP=252,CN)
125.211.221.39	24	RW	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=39,CN)
125.212.177.217	24	RR	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=217,VN)
125.212.201.7	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password for invalid user - Failed Logons (IP=7,VN)
125.212.208.0	20	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	VN TO-S-2019-0571 Malicious Email Activity
125.212.217.118	24	wmp	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	HIVE Case #1950 CTR-20-0113 (IP=118,VN)
125.212.217.214	32	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution(CVE-2015-1635) - TT# 20C03035 (IP=214,VN)
125.212.217.52	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=52,VN)
125.212.233.0	24	GLM	None	2016-09-18 05:00:00	2020-03-08 00:00:00	None	Potential SSH Scan (IP=13,VN) | updated by MLJ with reason ET SCAN Potential SSH Scan (IP=218,VN) | updated by RR with reas | updated by RR with reason Failed password for invalid user - Failed Logons (IP=50,VN)
125.212.233.50	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password (IP=50,VN)
125.212.241.81	24	BMP	None	2020-05-02 00:00:00	2020-08-01 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=81,VN) | updated by KF Block expiration extended with reason HTTP: SQL Injection - Exploit II - Web Attacks (IP=81,VN)
125.212.247.15	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_Failed Logon (IP=15,VN)
125.213.146.226	24	RW	None	2020-09-02 00:00:00	2020-12-02 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=226,ID)
125.213.150.5	24	RR	None	2019-01-19 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user (IP=5,ID) | updated by RR with reason Failed password - Failed Logons (IP=6,ID)
125.213.233.211	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=211,TH)
125.214.169.213	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=213,LK)
125.214.57.144	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	VN TO-S-2019-0658 Malware Activity
125.234.162.22	24	FT	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	FILE-PDF Adobe Acrobat Reader JPEG2000 codestream memory corruption attempt - Sourcefire (IP=22,VN)
125.24.129.254	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=254,TH)
125.24.130.149	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=149,TH)
125.24.138.229	24	RWB	None	2020-01-16 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=229,TH) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=57,TH)
125.24.205.163	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=163,TH)
125.25.205.86	24	GM	None	2020-03-13 00:00:00	2020-06-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=86,TH)
125.25.226.107	24	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=107,TH)
125.253.113.80	24	jkc	None	2015-11-23 06:00:00	2020-06-07 00:00:00	None	ET SCAN Potential SSH Scan (IP=80, VN) | updated by dbc with reason VN TO-S-2019-0723 Malicious Email Activity
125.253.124.118	24	BLP	None	2016-10-02 05:00:00	2020-02-15 00:00:00	None	ET SCAN Potential SSH Scan (IP=118,VN)) | updated by dbc with reason VN TO-S-2019-0409 Malware Activity
125.26.149.0	24	GM	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	Authentication Failed - Failed Logons (IP=0,TH)
125.26.202.102	32	RW	None	2020-07-26 00:00:00	2020-08-26 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability
125.26.202.235	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=235,TH)
125.26.247.87	24	RR	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=87,TH) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=87,TH)
125.26.248.54	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=54,TH)
125.27.12.20	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=20,TH)
125.27.179.27	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	TH TO-S-2020-0206 Malicious Web Application Activity
125.27.179.27	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	TH TO-S-2020-0212.01 Malicious Web Application Activity
125.27.90.88	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - Failed Logons (IP=88,TH)
125.31.24.141	24	RW	None	2020-08-01 00:00:00	2020-11-01 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=141,MO)
125.31.26.139	24	CR	None	2020-01-06 00:00:00	2020-04-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=139,MO)
125.31.48.6	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Command Injection Attempt (IP=6,MO)
125.31.49.84	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=84,MO)
125.40.64.28	24	RR	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=28,CN)
125.42.233.115	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=15,CN)
125.43.173.135	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=135,CN)
125.43.62.17	24	RR	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=17,CN)
125.43.68.83	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=83,CN)
125.44.254.35	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=35,CN)
125.45.18.229	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=229,CN)
125.45.61.129	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=129,CN)
125.46.11.252	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=252,CN)
125.46.39.60	24	ABC	None	2017-12-16 06:00:00	2020-01-03 00:00:00	None	Generic ArcSight scan attempt (IP=60,CN) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=154,CN)
125.47.207.142	24	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=142,CN)
125.47.207.142	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt _SourceFire (IP=42,CN)
125.47.245.51	24	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks
125.47.253.223	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=23,CN)
125.63.105.130	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=130,IN)
125.7.152.105	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=105,CN)
125.71.126.153	16	dlb	None	2014-04-24 05:00:00	2020-02-26 00:00:00	None	TCP Host Sweeps (IP=153, CN) | updated by jkc with reason ET POLICY Suspicious inbound to MSSQL port 1433 (IP=66 , CN) | upd | updated by RR with reason Invalid user - Failed Logons (IP=21,CN)
125.72.69.122	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=122,CN)
125.74.27.185	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=185,CN)
125.76.225.219	24	EDBT	None	2017-06-10 05:00:00	2020-01-12 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=219,CN) | updated by RR with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6 hr Web Attacks (IP=72,CN) | updated by ABC with reason Command Injection Attempt (IP=11,CN)
125.76.229.24	24	RR	None	2018-12-06 06:00:00	2020-01-11 00:00:00	None	Illegal user (IP=24,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=194 CN) | 2020-01-11 | 2019-03-06
125.77.67.143	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Illegal user - Failed Logons (IP=143,CN)
125.77.73.145	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=145,CN)
125.81.153.65	24	BMP	None	2020-03-22 00:00:00	2020-06-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=65,CN)
125.82.242.246	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=246,CN)
125.84.183.175	24	RW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=175,CN)
125.84.238.153	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=153,CN)
125.87.96.148	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt_Sourcefire (IP=148,CN)
125.88.189.11	24	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=11,CN)
125.91.126.205	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=205,CN)
125.99.104.0	22	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	IN TO-S-2019-1036 Malicious Email Activity
125.99.162.234	24	RW	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=234,IN)
126.207.247.25	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Authentication Failed_Failed Logon (IP=25,JP)
126.24.98.182	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	JP TO-S-2020-0190 Malicious Email Activity
128.1.131.114	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Command Injection Attempt (IP=114,HK)
128.1.136.87	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Illegal user - 6hr Logon (IP=87,HK)
128.1.225.10	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	TW TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason TW TO-S-2020-0212.01 Malicious Web Application Activity
128.106.195.126	24	RR	None	2019-01-24 00:00:00	2020-01-16 00:00:00	None	Illegal user (IP=126,SG) | updated by RW with reason Illegal user - 6hr Failed Logon (IP=126,SG)
128.127.106.249	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	NL TO-S-2019-0400 Malicious Email Activity
128.134.30.40	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=40,KR)
128.14.136.78	24	RW	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - Sourcefire (IP=146,IN)
128.14.141.101	32	RR	None	2020-07-28 00:00:00	2020-10-26 00:00:00	None	Unauthorized Access-Probe - TT# 20C03574 (IP=101,US)
128.14.141.98	32	GM	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	Unauthorized Access-Probe - TT# 20C03468 (IP=98,US)
128.14.180.126	32	RB	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	UDP: Host Sweep (IP=126,US)
128.14.181.142	32	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=142,US)
128.14.181.58	32	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=58,US)
128.14.181.98	32	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=98,US)
128.14.20.142	24	RR	None	2020-03-13 00:00:00	2020-06-11 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=142,US)
128.14.20.142	32	GM	None	2020-03-13 00:00:00	2020-06-13 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=142,US)
128.14.209.146	24	RW	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - Sourcefire (IP=146,IN)
128.14.46.34	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=34,US)
128.14.52.34	32	RB	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	HTTP: ThinkPHP Framework Code Injection Vulnerability - TT# 20C01679 (IP=34,US)
128.16.12.38	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password - Failed Logons (IP=38,GB)
128.173.237.130	32	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=130,US)
128.178.245.4	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=4,CH)
128.185.150.199	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	IN TO-S-2019-0382 Malicious Email Activity
128.187.109.164	32	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=164,US)
128.190.102.130	32	dbc	None	2019-10-11 00:00:00	2020-10-11 00:00:00	None	KR TO-S-2020-0027 Burnished Pyrite IOCs Malware Activity
128.190.102.135	32	dbc	None	2019-10-11 00:00:00	2020-10-11 00:00:00	None	KR TO-S-2020-0027 Burnished Pyrite IOCs Malware Activity
128.199.100.150	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	SG TO-S-2019-0831 Malicious Email Activity
128.199.103.2	24	RW	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=2,SG)
128.199.103.239	24	RW	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=239,SG)
128.199.104.227	24	MLJ	None	2018-05-25 05:00:00	2020-03-08 00:00:00	None	ET SCAN Potential SSH Scan | updated by GM with reason Failed password - Failed Logons (IP=242,SG)
128.199.120.28	32	GM	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	TCP: SYN Host Sweep (IP=28,US)
128.199.123.170	24	KF	None	2019-01-12 06:00:00	2020-02-21 00:00:00	None	Illegal user (IP=170,SG) | updated by KF Block was inactive. Reactivated on 20191123 with reason Failed password (IP=170,SG)
128.199.123.30	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=30,SG)
128.199.135.221	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=221,SG)
128.199.139.15	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	SG TO-S-2020-0206 Malicious Web Application Activity
128.199.139.15	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	SG TO-S-2020-0212.01 Malicious Web Application Activity
128.199.142.138	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=138,SG)
128.199.147.56	32	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 20C01263 (IP=56,SG)
128.199.150.231	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	SG TO-S-2019-0431 Malicious Email Activity
128.199.152.217	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	SG TO-S-2019-0831 Malicious Email Activity
128.199.154.224	24	JKC	None	2015-07-03 05:00:00	2020-03-11 00:00:00	None	ET SCAN Potential VNC Scan 5900-5920 (IP=224 , SG) | updated by ABC with reason Generic ArcSight scan attempt (IP=246,United S
128.199.155.173	24	GM	None	2020-06-25 00:00:00	2020-08-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=173,SG)
128.199.162.2	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=2,SG)
128.199.169.34	24	RB	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=34,SG)
128.199.172.32	24	CR	None	2018-12-01 06:00:00	2020-07-18 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (IP=32,SG) | updated by dbc with reason SG TO-S-2019-0831 Malicious Email Activity
128.199.173.145	24	RWB	None	2020-06-19 00:00:00	2020-09-17 00:00:00	None	Attempted Information Leak - SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=145,SG)
128.199.177.115	24	GED	None	2014-06-11 05:00:00	2020-02-06 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=11 | updated by RR with reason Illegal user (IP=16,SG) | updated by GM with reason Failed password - Failed Logons (IP=16,SG)
128.199.178.1	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=1,SG)
128.199.178.188	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=188,SG)
128.199.184.127	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	Invalid user - Failed Logons (IP=127,SG)
128.199.185.42	24	RB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	Failed password_6 hr Failed Logons (IP=42,SG)
128.199.193.15	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	SG TO-S-2019-0831 Malicious Email Activity
128.199.194.77	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=77,US)
128.199.202.206	24	RR	None	2018-12-22 06:00:00	2020-03-03 00:00:00	None	Illegal user (IP=206,SG) | updated by RWB Block was inactive. Reactivated on 20191204 with reason Invalid user - Failed Logon (IP=206,SG)
128.199.207.45	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=45,SG)
128.199.209.143	24	dbc	None	2014-03-21 05:00:00	2020-03-10 00:00:00	None	SSH Scan (ip=143,GB) | updated by sjl with reason ET SCAN Potential SSH Scan (IP=87 SG) | updated by RR with reason MALWARE- | updated by GM with reason Failed password - Failed Logons (IP=14,SG)
128.199.211.110	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=110,SG)
128.199.216.250	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user - Failed Logon (IP=250,SG)
128.199.219.181	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=181,SG)
128.199.220.232	24	RR	None	2018-12-20 06:00:00	2020-03-12 00:00:00	None	Failed password for invalid user (IP=232,SG) | updated by dbc with reason SG TO-S-2019-0488 Malicious Email Activity
128.199.225.191	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=191,US)
128.199.232.32	24	RR	None	2019-01-19 00:00:00	2020-07-18 00:00:00	None	Failed password for invalid user (IP=32,SG) | updated by dbc with reason SG TO-S-2019-0831 Malicious Email Activity
128.199.234.177	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=177,SG)
128.199.236.191	32	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	Unauthorized Scanning (IP=191,US)
128.199.247.115	24	RB	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=115,SG)
128.199.253.208	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP Blueimp jQuery File Upload arbitrary PHP file upload attempt - 6hr Web Attacks (IP=208,SG)
128.199.254.10	32	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=10,US)
128.199.33.116	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password_6 hr Failed Logons_CPC (IP=116 NL) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
128.199.35.173	24	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=173,NL)
128.199.40.22	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=22,NL)
128.199.40.223	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=223,NL)
128.199.44.159	24	MLJ	None	2018-05-13 05:00:00	2020-02-15 00:00:00	None	ET SCAN Potential SSH Scan | updated by dcg with reason NL TO-S-2018-0746 web application and malware activity | updated by
128.199.47.19	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=19,US)
128.199.52.45	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=45,NL)
128.199.55.13	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=13,NL)
128.199.57.197	24	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=197,NL)
128.199.68.181	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	SG TO-S-2019-0864 Malicious Email Activity
128.199.75.87	24	RW	None	2020-06-29 00:00:00	2020-09-29 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - Sourcefire (IP=87,SG)
128.199.77.48	24	BMP	None	2020-05-01 00:00:00	2020-07-30 00:00:00	None	Malware.Binary.doc - Hive Case # 2480 (IP=48,SG)
128.199.82.144	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
128.199.88.188	24	RW	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=188,UK)
128.199.90.245	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Invalid user - Failed Logon (IP=245,SG)
128.199.97.188	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	SG TO-S-2019-0351 Malicious Email Activity
128.200.115.228	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0610 Malware Activity
128.201.165.93	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=93 BR)
128.201.72.245	24	RB	None	2018-06-15 05:00:00	2020-01-25 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (IP=245,BR) | updated by kmw with reason BR TO-S-2019-0358
128.204.217.94	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	PL TO-S-2019-0358 Malicious Email Activity
128.204.245.163	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=163 SA)
128.234.33.226	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C01896 (IP=226,SA)
128.39.65.230	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=230,NO)
128.47.1.130	32	JKC	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	Hive Case # 3386 Malicious Callback CTO-20-0198 (Ip=130,US)
128.65.192.0	21	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	CH TO-S-2019-0358 Malicious Email Activity
128.83.21.174	32	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Misc Activity - FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - sourcefire (IP=174,US)
128.90.171.167	32	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	Possible SQLi attempt - TT# 20C00406 (IP=167,US)
128.90.171.174	32	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Immediate Inbound Network Block - TT# 20C00816 (IP=174,US)
128.90.171.186	24	GM	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	ABC Generic ArcSight scan attempt (IP=186,RO)
128.90.171.189	32	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Immediate Inbound Network Block - TT# 20C00952 (IP=189,US)
129.0.205.236	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - 6hr Logon (IP=236,CM)
129.119.65.151	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=151,US)
129.121.2.221	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malware Activity
129.126.222.146	32	RB	None	2020-01-07 00:00:00	2020-04-06 00:00:00	None	HTTP: ThinkPHP Framework Code Injection Vulnerability - TT# 20C01378 (IP=146,SG)
129.139.6.236	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	FR TO-S-2019-0734.01 Malicious Email Activity
129.150.218.101	32	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=101,US)
129.150.70.20	32	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Failed password - Failed Logons (IP=20,US)
129.158.73.1	32	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=1,US)
129.158.73.144	32	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP= 144 , US )
129.204.0.152	24	RR	None	2020-03-13 00:00:00	2020-06-11 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=152,CN)
129.204.102.183	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=183,CN)
129.204.106.56	24	CR	None	2019-02-25 00:00:00	2020-01-03 00:00:00	None	Microsoft IIS 6.0 CVE-2017-7269 PROPFIND Buffer Overflow (IP=56,CN) | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=56,CN) | 2020-01-03 | 2019-05-25
129.204.11.222	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=222,CN)
129.204.111.241	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=241,CN)
129.204.115.226	24	GM	None	2019-11-18 00:00:00	2020-02-18 00:00:00	None	attempt SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=226,CN)
129.204.119.74	24	GM	None	2019-04-18 00:00:00	2020-01-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=74,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=141 CN) | 2020-01-11 | 2019-06-18
129.204.123.134	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=134,CN)
129.204.127.150	24	RB	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=150,CN)
129.204.141.119	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=119,CN)
129.204.142.75	24	RW	None	2020-04-07 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=75,CN)
129.204.142.75	24	RW	None	2020-04-07 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=75,CN)
129.204.142.75	24	RW	None	2020-04-07 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=75,CN)
129.204.142.75	24	RW	None	2020-04-07 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=75,CN)
129.204.145.152	24	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	TCP: SYN Host Sweep (IP=152,CN)
129.204.146.194	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=194,US)
129.204.16.134	32	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=134,US)
129.204.171.28	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=28,CN)
129.204.173.214	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=214,CN)
129.204.196.245	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=245,CN)
129.204.20.2	32	GM	None	2020-07-05 00:00:00	2020-10-05 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03376 (IP=2,CN)
129.204.200.85	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Invalid user_Failed Logon (IP=85,CN)
129.204.202.89	24	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_SourceFire (IP=89 CN)
129.204.211.138	24	GM	None	2019-05-27 00:00:00	2020-01-23 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=138,CN) | updated by RW Block was inactive. Reactivated on 20191023 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt
129.204.213.163	24	GM	None	2019-10-09 00:00:00	2020-01-09 00:00:00	None	INDICATOR-SCAN PHP backdoor scan
129.204.218.86	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=86,CN)
129.204.23.233	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=233,CN)
129.204.238.101	32	BMP	None	2020-06-26 00:00:00	2020-09-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=101,US)
129.204.239.207	24	BMP	None	2020-06-20 00:00:00	2020-09-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=207,CN)
129.204.240.194	24	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=194,CN)
129.204.32.247	24	ABC	None	2019-01-08 06:00:00	2020-01-03 00:00:00	None	Generic ArcSight scan attempt(IP=247,China) | updated by RW with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - 6 hr web attacks (IP=21,CN)
129.204.34.38	24	GM	None	2019-10-07 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=38,CN)
129.204.42.145	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=45,CN)
129.204.46.170	24	GLM	None	2018-12-22 06:00:00	2020-04-25 00:00:00	None	Illegal user (IP=170,CN) | updated by GM Block was inactive. Reactivated on 20200125 with reason Failed password - Failed Logons (IP=170,CN)
129.204.47.92	24	ABC	None	2019-01-08 06:00:00	2020-03-10 00:00:00	None	Generic ArcSight scan attempt(IP=92,China) | updated by GM with reason Invalid user - Failed Logons (IP=217,CN)
129.204.49.25	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=25,CN)
129.204.50.75	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=75,CN)
129.204.51.63	24	RB	None	2019-05-05 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=63,CN) | updated by CW with reason HTTP: ThinkPHP CMS Getshell Vulnerability_Web attacks (IP=40,CN)
129.204.53.71	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=71,CN)
129.204.6.139	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=139,CN)
129.204.61.234	24	RR	None	2020-04-28 00:00:00	2020-07-27 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=234,CN)
129.204.65.101	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=101,CN)
129.204.67.141	24	GM	None	2019-11-12 00:00:00	2020-02-12 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=141,CN)
129.204.69.45	32	KF	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_6 hr web attacks (IP=45,US) | updated by CR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt _Sourcefire (IP=45,CN)
129.204.75.61	32	CW	None	2019-12-18 00:00:00	2020-01-17 00:00:00	None	Known Attack Tool User Agent//OpenVAS Vulnerability Scanner - TT# 20C01174 (IP=61,CN)
129.204.78.36	24	wmp	None	2019-01-18 00:00:00	2020-01-25 00:00:00	None	authentication bypass vulnerability (IP=36,CN) | updated by RR with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=139,US)
129.204.79.131	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=131,CN)
129.204.93.143	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	TCP: SYN Host Sweep (IP=143,CN)
129.204.94.81	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=81,CN)
129.204.95.39	32	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password for invalid user - Failed Logons (IP=39,US)
129.21.109.48	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=48,US)
129.211.0.17	24	RW	None	2020-09-26 00:00:00	2020-12-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=17,CN)
129.211.11.107	32	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Failed password for invalid user - Failed Logon (IP=,US)
129.211.110.175	32	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user - Failed Logons (IP=175,US)
129.211.114.62	24	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=62,CN)
129.211.119.164	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_Web Attacks (IP=64,CN)
129.211.121.171	24	CR	None	2019-12-04 00:00:00	2020-03-04 00:00:00	None	Failed password for invalid user - 6 hr failed logon (IP=171,CN)
129.211.124.14	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_Sourcefire (IP=14,CN)
129.211.125.167	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password_6 hr Failed Logons (IP=167,CN)
129.211.126.15	24	GM	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=15,CN)
129.211.130.66	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=66,CN)
129.211.131.152	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=152,CN)
129.211.134.62	32	RR	None	2020-05-09 00:00:00	2020-10-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02694 (IP=62,CN) | updated by GM Block was inactive. Reactivated on 20200704 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)
129.211.14.39	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=39,CN)
129.211.141.242	24	CW	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web attacks (IP=42,CN)
129.211.173.235	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=235,CN)
129.211.189.229	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=229,CN)
129.211.2.23	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=23,CN)
129.211.39.46	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=46,CN)
129.211.4.119	32	BMP	None	2020-07-08 00:00:00	2020-10-08 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03387 (IP=119,CN)
129.211.4.152	24	RR	None	2019-05-28 00:00:00	2020-01-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt -SourceFire (IP=152,CN) | updated by RB with reason Command Injection Attempt (IP=119,CN) | 2020-01-22 | 2019-08-26
129.211.4.81	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02675 (IP=81,US)
129.211.43.36	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Web Attacks (IP=36,CN)
129.211.46.153	24	GM	None	2020-04-13 00:00:00	2020-07-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=153,CN)
129.211.47.156	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=156,CN)
129.211.50.227	24	RW	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=227,CN)
129.211.57.25	24	RW	None	2020-04-11 00:00:00	2020-07-11 00:00:00	None	SQL Injection (IP=25,CN) | updated by RW Block expiration extended with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=11,HK)
129.211.61.147	24	GM	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: php.cgi Buffer Overflow - Web Attacks (IP=147,CN)
129.211.62.131	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=131,CN)
129.211.63.240	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - Failed Logon (IP=,CN)
129.211.67.139	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=139,CN)
129.211.67.207	24	RB	None	2020-07-20 00:00:00	2020-10-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr failed logon (IP=207,CN)
129.211.76.101	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=101,CN)
129.211.77.49	24	RR	None	2019-07-01 00:00:00	2020-02-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=49,CN) | updated by RB with reason Invalid user_6 hr Failed Logons (IP=44,CN) | 2020-02-07 | 2019-09-29
129.211.79.29	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_12 hr web attacks (IP=29,CN)
129.211.84.177	24	RB	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=177,CN)
129.211.85.150	24	RB	None	2019-06-27 00:00:00	2020-02-13 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_6 hr web attacks (IP=150,CN) | updated by RWB Block was inactive. Reactivated on 20191115 with reason Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (I
129.211.86.134	24	GM	None	2019-06-17 00:00:00	2020-02-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=134,CN) | updated by RB with reason HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=183,CN) | 2020-02-14 | 2019-09-17
129.211.87.192	32	RR	None	2019-06-11 00:00:00	2020-01-17 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 hr Web Attacks (IP=192,US) | updated by RB with reason HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=192,CN) | 2020-01-17 | 2019-09-09
129.211.99.128	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=128,CN)
129.211.99.69	32	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Invalid user - 6hr Logon (IP=69,US)
129.213.117.53	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=53,CN)
129.213.122.26	32	RW	None	2019-11-23 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=26,KR) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=26,US)
129.213.135.233	32	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=233,US)
129.213.135.37	32	GM	None	2020-09-28 00:00:00	2020-12-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=37,US)
129.213.18.41	32	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=41,US)
129.213.72.224	32	KF	None	2020-03-21 00:00:00	2020-06-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=224,US)
129.213.81.87	32	GM	None	2019-04-13 00:00:00	2020-07-28 00:00:00	None	HTTP: PHP Remote Code Execution Vulnerability (IP=87,US) | updated by GM Block was inactive. Reactivated on 20200428 with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attack (IP=87,US)
129.213.87.134	32	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=134,US)
129.226.114.2	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=2,SG)
129.226.125.7	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=7,SG)
129.226.127.212	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=212,US)
129.226.128.175	24	RW	None	2020-05-14 00:00:00	2020-08-14 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=175,HK)
129.226.131.235	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=135,SG)
129.226.134.186	24	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=186,SG)
129.226.143.42	24	RW	None	2020-02-04 00:00:00	2020-06-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=42,SG) | updated by RB Block expiration extended | not blocked because TARGET IP IS RWP, BACK-END SERVER NO LONGER EXISTS | updated by RR Block was inactive. Re
129.226.149.146	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=146,SG)
129.226.150.37	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=37,SG)
129.226.153.90	24	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=90,SG)
129.226.154.67	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=67,SG)
129.226.160.197	24	RR	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=197,SG)
129.226.161.13	24	RB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=13,SG)
129.226.163.80	24	RB	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=80,SG)
129.226.174.130	24	DT	None	2020-06-08 00:00:00	2020-09-06 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire - (IP=130,SG)
129.226.50.36	32	KF	None	2019-08-31 00:00:00	2020-12-26 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=36,US) | updated by dbc Block was inactive. Reactivated on 20191223 with reason SG TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block ex
129.226.52.232	24	RW	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr web attacks (IP=232,SG)
129.226.56.236	24	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=236,HK)
129.226.61.190	32	CR	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=190,US)
129.226.63.10	24	RB	None	2019-11-03 00:00:00	2020-05-25 00:00:00	None	Command Injection Attempt (IP=10,SG) | updated by KF Block was inactive. Reactivated on 20200225 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01825 (IP=10,SG)
129.226.67.166	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=166,SG)
129.226.70.74	24	BMP	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=74,SG)
129.226.71.71	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Command Injection Attempt (IP=71,SG)
129.226.74.125	32	RB	None	2019-11-03 00:00:00	2020-05-06 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution- TT# 20C00926 (IP=125,SG) | updated by GM Block was inactive. Reactivated on 20200206 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01633
129.226.76.154	24	CR	None	2019-10-17 00:00:00	2020-01-17 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_web attack (IP=154,SG)
129.229.112.87	32	RWB	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt - SourceFire (IP=87,US)
129.232.224.79	32	wmp	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	HIVE Case #3555 COLS-NA-TIP-20-0254 (IP=79,ZA)
129.232.249.216	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	ZA TO-S-2019-0358 Malware Activity
129.232.250.47	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=47,ZA)
129.232.250.56	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=56,ZA)
129.232.250.62	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=62,ZA)
129.28.0.0	16	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CN TO-S-2019-0952 Malware Activity
129.28.104.59	32	DT	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03981 (IP=59,CN)
129.28.115.231	32	RR	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03691 (IP=231,CN)
129.28.141.140	32	GM	None	2020-09-30 00:00:00	2020-12-30 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C04023 (IP=140,CN)
129.28.16.0	20	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	CN TO-S-2019-0546 Malicious Email Activity
129.28.175.79	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01575 (IP=79,CN)
129.45.9.12	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - 6hr Logons (IP=12,DZ)
13.107.42.12	32	JKC	None	None	2020-11-12 00:00:00	None	TIPPR19-0140 (IP=12, US) | updated by dbc with reason NL TO-S-2019-0781 Malicious Email Activity | updated by wmp Block was inactive. Reactivated on 20200812 with reason HIVE Case #3477 COLS-NA-TIP-20-0244 (IP=12,US)
13.111.48.16	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=16,US)
13.111.96.133	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3560 COLS-NA-TIP-20-0259 (IP=133,US)
13.112.142.182	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	JP TO-S-2019-0890.01 Malware Activity
13.115.231.213	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	JP TO-S-2019-0734.01 Malicious Email Activity
13.115.53.123	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	JP TO-S-2019-0508 Malicious Email Activity
13.124.100.87	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	KR TO-S-2019-0577 Malicious Email Activity
13.126.0.0	15	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	IN TO-S-2019-0546 Malicious Email Activity
13.211.104.114	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	AU TO-S-2019-0613 Malware Activity
13.211.79.56	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	AU TO-S-2019-0608 Malware Activity
13.224.8.96	32	RW	None	2020-03-14 00:00:00	2020-06-14 00:00:00	None	Hosting malicious file - Hive Case #2220 (IP=96,US)
13.225.198.87	32	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	FIREEYE Web: Riskware (notified) - Hive Case # 1020 (IP=87,US)
13.225.25.108	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=108,US)
13.225.25.85	32	wmp	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	HIVE Case #3341 COLS-NA-TIP-20-0219 (IP=85,US)
13.225.53.77	32	GM	None	2020-05-20 00:00:00	2020-08-20 00:00:00	None	Adware.Downloader.NSIS - Hive Case 2858 (IP=77,US)
13.226.154.71	32	BMP	None	2020-06-20 00:00:00	2020-09-18 00:00:00	None	Artemis
13.226.219.85	32	RW	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	IP associated with URL hosting malware - Hive Case #2218(IP=85,US)
13.226.253.199	32	BMP	None	2020-06-20 00:00:00	2020-09-18 00:00:00	None	Riskware - Hive Case 3092 (IP=199,US)
13.230.20.84	32	wmp	None	2020-07-29 00:00:00	2020-10-29 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=84,JP)
13.232.10.186	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Illegal user_Failed Logon (IP=86,IN)
13.233.145.62	24	RW	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=62,IN)
13.233.209.192	32	KF	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=192,US)
13.233.39.56	32	FT	None	2020-09-19 00:00:00	2020-12-19 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03936 (IP=56,US)
13.233.60.175	24	RR	None	2020-08-13 00:00:00	2020-11-11 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=175,IN)
13.234.186.240	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	SG TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason SG TO-S-2020-0212.01 Malicious Web Application Activity
13.236.44.21	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	AU TO-S-2019-0608 Malware Activity
13.238.224.130	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=130,AU)
13.239.85.76	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	AU TO-S-2020-0056 Malicious Email Activity
13.249.109.63	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
13.249.11.111	32	wmp	None	2020-07-02 00:00:00	2020-10-02 00:00:00	None	HIVE Case #3190 COLS-NA-TIP-20-0200 (IP=111,US)
13.249.127.222	32	RW	None	2020-02-07 00:00:00	2020-03-07 00:00:00	None	EXPLOIT-KIT Rig Exploit Kit URI redirect attempt - TT# 20C01639(IP=222,US)
13.249.127.8	32	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	EXPLOIT-KIT Rig Exploit Kit URI redirect attempt - TT# 20C01555 (IP=8,US)
13.249.135.46	32	RW	None	2020-03-03 00:00:00	2020-04-03 00:00:00	None	EXPLOIT-KIT Rig Exploit Kit URI redirect attempt - TT# 20C01941(IP=46,US)
13.249.22.6	32	GM	None	2020-01-02 00:00:00	2020-04-02 00:00:00	None	Case # 1770 Malicious Malware (IP=6,US)
13.249.56.83	32	GM	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	FIREEYE Web: Riskware (notified) Case # 1718 (IP=83,US)
13.249.98.138	32	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	EXPLOIT-KIT Rig Exploit Kit URI redirect attempt 20C01558 (IP=138,US)
13.249.98.185	32	RW	None	2020-02-07 00:00:00	2020-03-07 00:00:00	None	EXPLOIT-KIT Rig Exploit Kit URI redirect attempt - TT# 20C01640(IP=185,US)
13.249.98.199	32	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	EXPLOIT-KIT Rig Exploit Kit URI redirect attempt - TT# 20C01556 (IP=199,US)
13.249.98.208	32	RW	None	2020-02-07 00:00:00	2020-03-07 00:00:00	None	EXPLOIT-KIT Rig Exploit Kit URI redirect attempt - TT# 20C01638(IP=208,US)
13.250.153.223	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=223,SG)
13.33.115.207	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=207, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
13.35.78.30	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	IN TO-S-2019-0420 Malware Activity
13.48.139.97	32	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	TCP: SYN Host Sweep (IP=97,US)
13.55.71.109	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=109,AU )
13.56.32.104	32	DT	None	2020-10-01 00:00:00	2020-01-01 00:00:00	None	BOT: Darkshell Botnet Activity Detected - TT # 21C00002 (IP=104,US)
13.58.201.221	32	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=221,US)
13.59.240.67	32	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt (IP=67,US)
13.64.89.147	32	BMP	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=147,US)
13.66.156.59	32	DT	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt - SourceFire (IP=59,US)
13.66.209.116	32	DT	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=116,US)
13.66.243.4	32	DT	None	2020-09-12 00:00:00	2020-12-12 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - Sourcefire (IP=211,US)
13.67.35.219	32	RW	None	2020-06-08 00:00:00	2020-09-08 00:00:00	None	Unauthorized Access-Probe - TT# 20C03100 (IP=219,US)
13.68.178.52	32	GLM	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	UDP: Host Sweep (IP=52,US)
13.68.186.14	32	BMP	None	2020-05-02 00:00:00	2020-07-31 00:00:00	None	Known Attack Tool User Agent - TT# 20C02591 (IP=14,US)
13.68.241.25	32	CR	None	2020-05-25 00:00:00	2020-06-25 00:00:00	None	8316 HTTP Cross Site Scripting (String.fromCharCode) - TT# 20C02904 (IP=25,US)
13.69.143.83	32	RR	None	2020-08-22 00:00:00	2020-11-20 00:00:00	None	Possible SQLi attempt / HTTP: Blind SQL Injection - Timing - TT# 20C03751 (IP=83,US)
13.69.143.83	24	RR	None	2020-08-22 00:00:00	2020-11-20 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=83,IE)
13.71.157.220	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Invalid user - Failed Logons (IP=220,JP)
13.72.119.20	32	DT	None	2020-07-10 00:00:00	2020-10-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=20,US)
13.72.49.121	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168
13.73.142.33	24	RW	None	2020-09-18 00:00:00	2020-12-18 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - Sourcefire (IP=33,NL)
13.74.38.152	24	RR	None	2020-09-19 00:00:00	2020-12-18 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - SourceFire (IP=152,IL)
13.75.69.78	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user_Failed Logon (IP=78,HK)
13.76.139.48	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	SG TO-S-2019-0852 Malicious Email Activity
13.76.196.239	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=239,US)
13.76.88.31	32	DT	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03740 (IP=31,US)
13.77.166.17	32	KF	None	2020-06-10 00:00:00	2020-09-08 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C03119 (IP=17,US)
13.77.58.31	32	KF	None	2020-05-23 00:00:00	2020-08-21 00:00:00	None	Unauthorized Access-Probe - TT# 20C02894 (IP=31,US)
13.78.227.50	32	DT	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=50,US)
13.79.145.36	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed logons (IP=36,IE)
13.80.112.16	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logon (IP=16,NL)
13.81.69.78	24	CR	None	2019-10-14 00:00:00	2020-01-14 00:00:00	None	Failed password_6 hr Failed Logon (IP=78,NL)
13.82.227.133	32	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=133,US)
13.82.45.94	32	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02936 (IP=94,US)
13.82.93.244	32	DT	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=244,US)
13.85.88.16	32	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - sourcefire (IP=16,US)
13.88.226.113	32	DT	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03078 (IP=113,CA)
13.89.34.149	32	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	Known Attack Tool User Agent - TT# 20C01482 (IP=149,US)
13.89.51.31	32	BMP	None	2020-07-03 00:00:00	2020-10-03 00:00:00	None	Known Attack Tool User Agent V2/BOT: Muieblackcat Traffic Detected I (CVE-2017-9841) - TT# 20C03366 (IP=31,US)
13.90.37.190	32	RR	None	2020-06-11 00:00:00	2020-09-09 00:00:00	None	Unauthorized Access-Probe - TT# 20C03138 (IP=190,US)
13.92.189.179	32	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=179,US) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
13.92.198.117	32	wmp	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	HIVE Case #3071 COLS-NA-TIP-20-0188 (IP=117,US)
13.92.27.130	32	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03891
13.92.58.187	32	DT	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=187,US)
13.92.95.87	32	CR	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - TT# 20C02884 (IP=87,US)
13.93.216.56	32	BMP	None	2020-08-28 00:00:00	2020-11-26 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=56,US)
13.93.220.204	32	BMP	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=204,US)
13.93.70.230	32	KF	None	2020-05-07 00:00:00	2020-08-05 00:00:00	None	17031 HTTP GetSimple CMS File Upload - TT# 20C02631 (IP=230,US)
13.94.46.107	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=107,HK) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
13.95.12.164	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	NL TO-S-2019-0631 Malware Activity
130.0.128.194	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	IT TO-S-2020-0206 Malicious Web Application Activity
130.0.128.194	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	IT TO-S-2020-0212.01 Malicious Web Application Activity
130.0.210.59	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	IT TO-S-2020-0206 Malicious Web Application Activity
130.0.210.59	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	IT TO-S-2020-0212.01 Malicious Web Application Activity
130.165.70.76	32	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	HTTP: SQL Injection - Exploit (IP=76,US)
130.180.199.194	32	BMP	None	2020-05-23 00:00:00	2020-05-23 00:00:00	None	8316 HTTP Cross Site Scripting (String.fromCharCode) - TT# 20C02893 (IP=194,PL)
130.185.0.0	18	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	UA TO-S-2019-0747 Malware Activity
130.185.109.77	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	DE TO-S-2019-0382 Malicious Email Activity
130.193.212.178	24	RW	None	2020-07-26 00:00:00	2020-10-26 00:00:00	None	SERVER-WEBAPP Apache Tomcat FileStore directory traversal attempt - 6hr web attacks (IP=178,IQ)
130.193.217.37	24	RW	None	2020-07-18 00:00:00	2020-10-18 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=37,IQ)
130.25.161.188	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=188,IT)
130.25.191.244	24	RB	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - Sourcefire (IP=244,IT)
130.25.198.236	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	IT TO-S-2020-0206 Malicious Web Application Activity
130.25.198.236	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	IT TO-S-2020-0212.01 Malicious Web Application Activity
130.255.184.196	24	dbc	None	2016-07-28 05:00:00	2020-07-18 00:00:00	None	DE TO-S-2016-0940 Malicious Activity | updated by dbc with reason DE TO-S-2016-0990 Malware Activity | updated by dbc with reason DE TO-S-2019-0831 Malicious Email Activity
130.43.117.44	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	GR TO-S-2019-0972 Malicious Web Application Activity
130.43.211.168	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=168,HU)
130.61.122.5	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=5,DE)
130.61.127.253	24	GM	None	2020-04-21 00:00:00	2020-07-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=253,DE)
130.61.48.180	24	DT	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=180,DE)
130.61.83.71	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=71,DE)
130.61.84.50	32	KF	None	2020-05-24 00:00:00	2020-08-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=50,US)
130.61.90.34	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=34,DE)
130.89.14.80	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - Failed Logons (IP=80,NL)
131.0.120.103	24	GM	None	2020-01-10 00:00:00	2020-04-10 00:00:00	None	Illegal user - Web Attacks (IP=103,BR)
131.0.149.196	32	RW	None	2020-03-05 00:00:00	2020-04-05 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C01972 (IP=196,US)
131.0.89.74	24	KF	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	Known Attack Tool User Agent/ BOT: Mirai Echobot Activity - TT# 20C02248 (IP=74,BR)
131.1.242.139	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=139,IT)
131.108.116.0	23	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	BR TO-S-2019-0577 Malicious Email Activity
131.117.211.39	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=39,Czech Republic)
131.153.16.195	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=195,NL)
131.153.16.198	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=198,NL)
131.153.37.3	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr web attacks (IP=3,US)
131.161.239.22	32	RW	None	2020-04-06 00:00:00	2020-05-06 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Mirai Echobot Activity Detected - TT# 20C02448 (IP=22,AR)
131.161.252.0	24	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	PY TO-S-2019-0734.01 Malicious Email Activity
131.161.68.0	24	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	BR TO-S-2019-0617 Malware Activity
131.221.80.211	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=211,BR)
131.255.104.0	22	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	VE TO-S-2019-0577 Malicious Email Activity
131.255.4.148	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	AR TO-S-2019-0723 Malicious Web Application Activity
131.72.236.0	22	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	CL TO-S-2019-0769 Malicious Email Activity
131.72.236.93	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	CL TO-S-2019-0640.01 Malicious Email Activity
132.145.163.147	32	DT	None	2020-07-12 00:00:00	2020-10-12 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=147,US)
132.145.173.166	32	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=166,US)
132.145.18.157	24	BP	None	2019-12-19 00:00:00	2020-03-18 00:00:00	None	Illegal user - 6hr Failed Logon (IP=157,GB)
132.145.212.230	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=230,US)
132.145.80.60	32	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Web Application Attack - SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=60,US)
132.145.89.46	32	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=46,US)
132.148.129.180	32	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Illegal user_6 hr Failed Logons (IP=180,US)
132.148.138.17	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
132.148.139.149	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
132.148.141.167	32	FT	None	2020-09-19 00:00:00	2020-12-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03939 (IP=167,US)
132.148.148.59	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Web Application Activity
132.148.150.21	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
132.148.152.11	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
132.148.193.95	32	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=95,US)
132.148.204.189	24	GM	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web attacks (IP=189,CN)
132.148.221.102	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
132.148.244.199	32	RW	None	2020-02-10 00:00:00	2020-03-10 00:00:00	None	EXPLOIT-KIT Rig Exploit Kit redirection attempt - TT# 20C01669(IP=199,US)
132.148.253.111	32	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	US TO-S-2019-0985 Application Vulnerability Exploit
132.148.33.114	32	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=114,US)
132.148.47.193	32	GM	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	ABC Generic ArcSight scan attempt (IP=193,US)
132.148.96.104	32	GM	None	2020-07-11 00:00:00	2020-10-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03436 (IP=104,US)
132.148.96.26	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=26,US)
132.148.98.142	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
132.154.0.0	16	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
132.154.105.250	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
132.154.109.137	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
132.154.112.210	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
132.160.235.175	32	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Misc Activity - FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - SourceFire (IP=175,US)
132.232.152.214	24	RW	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=214,CN)
132.232.152.214	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=214,CN)
132.232.201.218	32	RR	None	2020-06-26 00:00:00	2020-09-25 00:00:00	None	vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03290 (IP=218,CN)
132.232.246.204	32	RR	None	2020-06-15 00:00:00	2020-09-15 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03173 (IP=204,CN)
132.232.40.82	32	CR	None	2020-08-30 00:00:00	2020-11-30 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03800 (IP=82,CN)
132.232.44.27	32	BMP	None	2020-06-05 00:00:00	2020-09-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03066 (IP=27,US)
132.232.44.27	32	BMP	None	2020-06-05 00:00:00	2020-09-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03066 (IP=27,US)
132.232.49.196	32	RW	None	2020-09-10 00:00:00	2020-12-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 72426 (IP=196,CN)
132.232.49.196	32	RW	None	2020-09-10 00:00:00	2020-12-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 72426 (IP=196,CN)
132.232.53.220	32	DT	None	2020-07-12 00:00:00	2020-10-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03438 (IP=220,CN)
132.232.57.152	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C02743 (IP=152,CN)
132.232.6.93	32	RW	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02784 (IP=93,CN)
132.232.75.222	32	GM	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C03525 (IP=222,CN)
132.232.75.222	32	FT	None	2020-09-18 00:00:00	2020-12-17 00:00:00	None	vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03926 (IP=222,US)
132.255.217.107	32	RB	None	2020-03-10 00:00:00	2020-04-09 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02105 (IP=107,BR)
132.255.86.85	24	KF	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02016 (IP=85,BR)
132.64.0.0	13	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malware Activity
132.80.23.41	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168
133.130.105.67	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	JP TO-S-2019-0640.01 Malicious Email Activity
133.130.109.118	24	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	Illegal user (IP=118,JP)
133.130.111.0	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0212.01 Malicious Web Application Activity
133.130.119.178	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Invalid user - Failed Logon (IP=178,JP)
133.130.89.23	24	RR	None	2018-11-13 06:00:00	2020-03-07 00:00:00	None	Illegal user (IP=23,JP) | updated by GM with reason Invalid user - Failed Logons (IP=1,JP)
133.130.89.39	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason JP TO-S-2020-0212.01 Malicious Web Application Activity
133.130.90.174	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=174,JP)
133.130.97.152	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason JP TO-S-2020-0212.01 Malicious Web Application Activity
133.167.38.171	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Illegal user_Faield Logon (IP=71,JP)
133.18.208.55	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	JP TO-S-2019-0431 Malware Activity
133.232.87.13	24	CR	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=13,JP)
133.237.60.99	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	JP TO-S-2019-0831 Malicious Email Activity
133.242.61.132	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=132,JP)
133.242.7.11	24	KF	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=11,JP)
133.99.162.72	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	JP TO-S-2019-0926 Malicious Reconnaissance Activity
134.0.10.184	24	djs	None	2014-05-13 05:00:00	2020-04-17 00:00:00	None	Cuckoo analysis 825 malware callback domain (ip=184,ES) | updated by jky with reason ES TO-S-2017-0138 Malicious Cyber Actors
134.0.11.80	24	GLM	None	2018-07-24 05:00:00	2020-04-08 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=80,ES) | updated by RB with reason HTTP: Blind SQL Injection - Timing TT# 19C
134.0.119.171	24	RB	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=171,RU)
134.0.194.62	24	KF	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=62,OM)
134.0.8.0	21	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	ES TO-S-2019-0532 Malicious Email Activity
134.101.145.239	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=239,DE)
134.101.173.145	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Authentication Failed - Failed Logons (IP=145,CH)
134.119.179.231	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Unauthorized Scanning (IP=231,DE)
134.119.216.241	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	Unauthorized Scanning (IP=241,DE)
134.119.216.241	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	Unauthorized Scanning (IP=241,DE)
134.119.217.84	24	JKC	None	2018-03-05 06:00:00	2020-08-15 00:00:00	None	Malware callback bulletin Sym (IP=84, FR) | updated by dbc with reason FR TO-S-2019-0890.01 Malicious Email Activity
134.119.228.97	32	dbc	None	2019-02-15 00:00:00	2020-12-09 00:00:00	None	DE TO-S-2019-0409 Malicious Email Activity | updated by wmp Block was inactive. Reactivated on 20200910 with reason HIVE Case #3826 COLS-NA-TIP-20-0285 (IP=97,DE)
134.122.100.255	32	RW	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=255,US)
134.122.101.207	24	RR	None	2020-06-25 00:00:00	2020-09-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=207,GB)
134.122.101.219	32	DT	None	2020-06-08 00:00:00	2020-09-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire - (IP=219,US)
134.122.102.133	24	KF	None	2020-06-06 00:00:00	2020-09-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=133,GB)
134.122.104.132	24	KF	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=132,GB)
134.122.106.232	24	RR	None	2020-06-25 00:00:00	2020-09-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=232,GB)
134.122.108.208	32	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=208,US)
134.122.108.208	24	RWB	None	2020-06-19 00:00:00	2020-09-17 00:00:00	None	Attempted Information Leak - SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=208,GB)
134.122.109.161	24	KF	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=161,GR)
134.122.110.47	32	DT	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire - (IP=47,US)
134.122.115.168	32	GM	None	2020-06-10 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=168,US)
134.122.115.68	32	KF	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02176 (IP=68,US)
134.122.23.23	32	RB	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03219 (IP=23,US)
134.122.28.195	24	RB	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=195,US)
134.122.28.195	32	BMP	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr Web Attacks (IP=195,US)
134.122.3.159	32	BMP	None	2020-06-14 00:00:00	2020-09-14 00:00:00	None	Known Attack Tool User Agent V2//BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C03160 (IP=159,US)
134.122.54.200	24	RR	None	2020-04-18 00:00:00	2020-07-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=200,NL)
134.122.7.207	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=207,XX)
134.122.71.126	24	GM	None	2020-07-04 00:00:00	2020-10-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=126,DE)
134.122.75.66	24	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=66,US)
134.122.81.145	32	DT	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=145,CN)
134.122.81.145	24	DT	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=145,DE)
134.122.85.244	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=244,US)
134.122.93.123	24	BMP	None	2020-07-10 00:00:00	2020-10-08 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=123,DE)
134.122.99.254	32	RR	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	Unauthorized Access-Probe - TT# 20C02223 (IP=254,US)
134.159.84.86	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Command Injection Attempt (IP=86,HK)
134.175.102.205	32	RR	None	2020-05-09 00:00:00	2020-08-07 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02696 (IP=205,CN)
134.175.105.150	32	RW	None	2020-06-29 00:00:00	2020-07-29 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03316 (IP=150,CN)
134.175.122.233	32	CR	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02791 (IP=233,CN)
134.175.45.187	32	RB	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01685 (IP=187,CN)
134.175.48.75	32	RR	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01621 (IP=75,CN)
134.175.93.231	32	RB	None	2020-05-19 00:00:00	2020-08-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02855 (IP=231,CN)
134.19.179.187	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=187,NL)
134.19.189.110	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	NL TO-S-2019-0723 Malicious Web Application Activity
134.19.215.196	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=196,AZ)
134.209.102.130	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=130,XX)
134.209.11.199	32	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=199,US)
134.209.110.34	24	RW	None	2019-12-12 00:00:00	2020-03-12 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=34,SG)
134.209.117.155	32	RW	None	2020-02-18 00:00:00	2020-03-18 00:00:00	None	Known Attack Tool User Agent - TT# 20C01760(IP=155,US)
134.209.144.0	20	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	IN TO-S-2019-0864 Malicious Email Activity
134.209.162.63	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
134.209.168.128	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=128,XX)
134.209.17.42	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=42,GB)
134.209.171.203	32	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=203,US)
134.209.173.240	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=240,XX)
134.209.174.230	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Generic ArcSight scan attempt (IP=230,XX)
134.209.176.160	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=160,GB)
134.209.177.49	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity
134.209.177.49	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0212.01 Malicious Web Application Activity
134.209.180.123	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity
134.209.180.123	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0212.01 Malicious Web Application Activity
134.209.180.151	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity
134.209.180.151	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0212.01 Malicious Web Application Activity
134.209.180.5	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity
134.209.180.5	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0212.01 Malicious Web Application Activity
134.209.184.192	24	KF	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=192,GB)
134.209.186.72	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=72,GB)
134.209.191.154	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity
134.209.191.154	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0212.01 Malicious Web Application Activity
134.209.195.130	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity
134.209.195.130	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0212.01 Malicious Web Application Activity
134.209.197.106	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity
134.209.203.186	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity
134.209.203.186	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0212.01 Malicious Web Application Activity
134.209.220.110	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
134.209.226.216	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=216,XX)
134.209.237.55	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=55,DE)
134.209.24.138	24	GM	None	2019-04-26 00:00:00	2020-03-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=138,UK) | updated by GM with reason Invalid user - Failed Logons (IP=143,GB)
134.209.252.119	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=119,DE)
134.209.46.150	32	GM	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	ABC Generic ArcSight scan attempt (IP=150,US)
134.209.56.217	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=217,US)
134.209.68.5	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
134.209.69.7	32	RB	None	2019-03-29 00:00:00	2020-06-07 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=7,US) | updated by dbc with reason US TO-S-2019-0723 Malware Activity
134.209.86.43	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=43,XX)
134.209.89.12	24	DT	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire - (IP=12,NL)
134.209.92.18	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=18,NL)
134.236.2.116	24	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - Failed Logons (IP=116,TH)
134.236.254.87	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=70,US)
134.249.116.78	32	RB	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	Hive Case 2444 (IP=78,UA)
134.249.155.251	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=251,UK)
134.255.252.231	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=231,DE)
134.3.20.151	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	DE TO-S-2019-0890.01 Command and Control Exploit
134.70.35.189	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=189,US)
134.73.206.2	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	UDP: Host Sweep (IP=2,CN)
134.73.55.202	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=202,US)
134.73.55.3	32	wmp	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	HIVE Case #3555 COLS-NA-TIP-20-0254 (IP=3,US)
134.73.71.165	32	KF	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C01796 (IP=165,US)
134.73.90.114	32	dbc	None	2019-02-27 00:00:00	2020-02-27 00:00:00	None	US TO-S-2019-0444 Malicious Web Application Activity
134.90.162.210	24	CR	None	2020-01-13 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attack (IP=210,RU)
134.90.254.172	32	RW	None	2020-04-06 00:00:00	2020-05-06 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Mirai Echobot Activity Detected - TT# 20C02440 (IP=172,IT)
135.23.122.89	32	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	2RCC Immediate Network Block TT# 20C01517 (IP=89,CA)
135.23.228.145	24	KF	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=145,CA)
136.0.51.138	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=138,CN)
136.143.108.198	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity
136.143.108.198	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malicious Web Application Activity
136.143.33.189	24	CR	None	2019-10-18 00:00:00	2020-01-18 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Sourcefire (IP=189,NL)
136.143.60.54	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity
136.143.60.54	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malicious Web Application Activity
136.144.49.165	24	RB	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt_Sourcefire (IP=165,NL)
136.179.17.167	32	wmp	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	HIVE Case #3484 COLS-NA-TIP-20-0249 (IP=167,US)
136.228.161.66	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=66,MM)
136.232.236.6	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user (IP=6,IN)
136.243.0.125	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	DE TO-S-2019-0382 Malicious Email Activity
136.243.137.211	32	RR	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	OS-WINDOWS Microsoft Windows GDI WMF out of bounds read attempt - SourceFire (IP=211,DE)
136.243.137.211	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	OS-WINDOWS Microsoft Windows GDI WMF out of bounds read attempt - SourceFire (IP=211,DE)
136.243.149.18	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	DE TO-S-2019-0723 Malicious Email Activity
136.243.15.30	24	BMP	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr Web Attacks (IP=30,DE)
136.243.156.150	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
136.243.171.108	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=108,DE)
136.243.177.246	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DE TO-S-2020-0056 Malicious Web Application Activity
136.243.177.26	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	DE TO-S-2019-1036 Malicious Email Activity
136.243.184.227	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	DE TO-S-2020-0047 Malicious Email Activity
136.243.195.229	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DE TO-S-2020-0056 Malicious Web Application Activity
136.243.21.182	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malware Activity
136.243.222.235	24	RR	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	Illegal user - Failed Logons (IP=235,DE)
136.243.42.211	32	DT	None	2020-10-01 00:00:00	2020-01-01 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT # 21C00003 (IP=211,DE)
136.243.49.138	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=138,DE)
136.243.64.0	18	tjh	None	2015-07-20 05:00:00	2020-02-20 00:00:00	None	DE Angler Exploit Kit | updated by jky with reason DE TO-S-2017-0141 crimeware.latenbot | updated by jky with reason RU TO-
136.244.101.20	24	RW	None	2019-12-16 00:00:00	2020-03-16 00:00:00	None	FE phishing attempts (IP=20,NL)
136.244.81.172	24	CR	None	2019-10-25 00:00:00	2020-01-25 00:00:00	None	HIVE Case #1118 Phish.URL (IP=172,DE)
136.244.81.237	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
136.32.84.131	32	CR	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=131,US)
136.49.228.152	32	RW	None	2020-05-15 00:00:00	2020-08-13 00:00:00	None	TCP: SYN Host Sweep - ABC report (IP=152,US)
137.117.157.225	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=225,NL)
137.117.64.231	32	KF	None	2020-05-23 00:00:00	2020-08-21 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - Web Attacks (IP=231,US)
137.118.21.11	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
137.135.124.118	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=118,US)
137.139.135.151	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0610 Malware Activity
137.161.106.183	32	KF	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	HTTP: SQL Injection - Exploit (IP=183,US)
137.161.106.201	32	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=201,US)
137.161.141.119	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=119,US)
137.161.182.122	32	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	HTTP: SQL Injection - Exploit (IP=122,US)
137.175.32.1	32	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=1,US)
137.175.46.180	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malware Activity
137.175.46.23	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malware Activity
137.220.134.10	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=10,US)
137.220.134.10	24	RR	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=10,JP)
137.220.134.13	32	BMP	None	2020-05-11 00:00:00	2020-08-09 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=13,US)
137.220.175.101	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=101,KH)
137.220.178.208	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=208,KH)
137.220.184.167	24	RW	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=167,KH)
137.220.184.192	32	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01336 (IP=192,KH)
137.220.184.236	32	dbc	None	2020-06-30 00:00:00	2020-09-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=236,JP)
137.227.231.70	24	RW	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	FTPP_FTP_RESPONSE_LENGTH_OVERFLOW - Sourcefire (IP=146,IN)
137.25.101.102	32	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password - 6hr Logon (IP=102,US)
137.59.110.246	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=246,MY)
137.59.120.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AF TO-S-2020-0109.01 Malicious Email Activity
137.59.121.40	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AF TO-S-2020-0109.01 Malicious Email Activity
137.59.162.169	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user - Failed Logons (IP=169,ID)
137.59.21.82	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP Lets Encrypt SSL certificate for domain resembling appleid (IP=82,HK)
137.59.225.65	24	RR	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	Authentication Failed - Failed Logons (IP=65,PK)
137.59.252.174	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	AU TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason AU TO-S-2020-0212.01 Malicious Web Application Activity
137.59.252.200	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	AU TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason AU TO-S-2020-0212.01 Malicious Web Application Activity
137.59.54.58	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	IN TO-S-2019-0420 Malicious Email Activity
137.74.109.206	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=206,FR)
137.74.167.96	24	YM	None	2017-09-27 05:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt (IP=96,FR) | updated by RR with reason Illegal user (IP=5,H
137.74.199.177	24	EDBT	None	2018-02-28 06:00:00	2020-02-20 00:00:00	None	ET SCAN Potential SSH Scan (IP=177,FR) | updated by KF with reason Illegal user (IP=177,HK) | updated by RR with reason Failed password - Failed Logons (IP=177,FR)
137.74.205.92	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	FR TO-S-2019-0640.01 Malware Activity
137.74.22.106	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	PL TO-S-2019-0734.01 Malicious Email Activity
137.74.28.233	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	FR TO-S-2019-0577 Malicious Email Activity
137.74.5.149	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Failed password - Failed Logons (IP=149,PL)
137.74.53.155	24	RR	None	2018-09-27 05:00:00	2020-05-16 00:00:00	None	Illegal user (IP=155,HK) | updated by RR Block was inactive. Reactivated on 20200216 with reason Illegal user - Failed Logons (IP=155,FR)
137.74.65.121	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user - Failed Logons (IP=121,FR)
137.74.80.36	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password for invalid user - Failed Logons (IP=36,FR)
137.83.79.163	32	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=163,US)
138.0.192.0	22	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BR TO-S-2019-0409 Malicious Email Activity
138.117.108.88	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user - Failed Logon (IP=88,CO)
138.117.143.158	24	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=158,GT)
138.117.162.86	24	GM	None	2019-11-12 00:00:00	2020-02-12 00:00:00	None	Failed Password - Failed Logons (IP=86,PE)
138.117.6.199	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=199,NI)
138.118.191.96	24	RB	None	2020-07-20 00:00:00	2020-10-18 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=96,BR)
138.121.245.134	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=134,BR)
138.128.162.210	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0734.01 Malicious Email Activity
138.128.179.178	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
138.128.181.26	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
138.185.244.0	22	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	BR TO-S-2019-0852 Malware Activity
138.186.176.29	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 020420-00062 (IP=29,VE)
138.197.1.4	32	BMP	None	2020-03-15 00:00:00	2020-06-13 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=4,US)
138.197.13.181	32	wmp	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=181,US)
138.197.131.127	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=127,CA)
138.197.131.62	32	KF	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Known Attack Tool User Agent/BOT: Potential Muieblackcat Scanner - TT# 20C01711 (IP=62,US)
138.197.135.108	32	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Generic ArcSight scan attempt (IP=108,US)
138.197.142.134	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
138.197.148.223	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=223,CA)
138.197.154.203	24	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02764 (IP=203,US)
138.197.162.98	24	RB	None	2019-03-16 00:00:00	2020-02-04 00:00:00	None	DLINK Command Injection - New Exploit URL (IP=98,CA) | updated by RW with reason Authentication Failed - 6hr Failed Logon(IP=28,CA)
138.197.163.11	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=11,CA)
138.197.164.222	24	ABC	None	2018-02-01 06:00:00	2020-01-10 00:00:00	None	Generic ArcSight scan attempt (IP=222,XX) | updated by GM with reason SQL union select - possible sql injection attempt - POST parameter - Web Attacks (IP=232,CA)
138.197.167.182	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	CA TO-S-2020-0088 Malicious Email Activity
138.197.167.245	32	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	Known Attack Tool User Agent / 20086 HTTP Muieblackcat Security Scanner - TT# 20C02236 (IP=245,US)
138.197.171.149	32	CR	None	2019-12-04 00:00:00	2020-03-04 00:00:00	None	Failed password for invalid user - 6 hr failed logon (IP=149,US)
138.197.199.249	32	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password_6 hr Failed Logons (IP=249,US)
138.197.201.249	32	DT	None	2020-04-20 00:00:00	2020-07-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=249,US)
138.197.204.4	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=4,US)
138.197.213.43	32	RW	None	2020-02-12 00:00:00	2020-03-12 00:00:00	None	Known Attack Tool User Agent/HTTP: Muieblackcat Security Scanner - TT# 20C01697(IP=43,US)
138.197.216.120	32	BMP	None	2019-12-23 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent/28744: HTTP: MASSCAN Tool Usage - TT# 20C01213 (IP=120,US) | updated by GM Block was inactive. Reactivated on 20200305 with reason Known Attack Tool User Agent/TTP: Masscan Scanner Traffic Detected - TT# 20C01984 (IP=120,US)
138.197.218.189	32	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=189,US)
138.197.221.114	32	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=114,US)
138.197.3.73	32	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=73,US)
138.197.4.28	32	DT	None	2020-06-14 00:00:00	2020-09-14 00:00:00	None	HTTP: Adobe ColdFusion File Upload Vulnerability (CVE-2018-15961) - Web Attacks (IP=28,US)
138.197.64.211	32	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=211,US)
138.197.71.66	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
138.197.78.121	32	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=121,US)
138.197.89.194	32	RB	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	Illegal user_6 hr Failed Logons (IP=194,US)
138.197.89.212	32	CR	None	2019-12-04 00:00:00	2020-03-04 00:00:00	None	Invalid user - 6 hr failed logon (IP=212,US)
138.201.0.102	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malicious Web Application Activity
138.201.107.250	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	NL TO-S-2019-1036 Malicious Email Activity
138.201.131.156	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malicious Web Application Activity
138.201.140.110	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	DE TO-S-2019-1036 Malicious Email Activity
138.201.142.125	32	wmp	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	HIVE Case #3555 COLS-NA-TIP-20-0254 (IP=125,DE)
138.201.149.37	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	DE TO-S-2019-0658 Malicious Email Activity
138.201.156.2	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	DE TO-S-2019-0488 Malicious Email Activity
138.201.161.149	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	DE TO-S-2020-0031 Malicious Email Activity
138.201.203.73	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	SQL HTTP URI blind injection attempt - SourceFire (IP=73,DE)
138.201.206.108	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DE TO-S-2020-0056 Malicious Web Application Activity
138.201.221.14	32	RB	None	2020-01-07 00:00:00	2020-04-06 00:00:00	None	MALWARE-CNC Win.Backdoor.Morel variant inbound connection - TT# 20C01377 (IP=14,DE)
138.201.237.154	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=154,DE)
138.201.251.170	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=170,DE)
138.201.253.2	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	DE TO-S-2020-0047 Malicious Email Activity
138.201.253.3	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	DE TO-S-2020-0047 Malicious Email Activity
138.201.253.4	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	DE TO-S-2020-0047 Malicious Email Activity
138.201.91.238	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	DE TO-S-2019-0613 Malicious Email Activity
138.204.235.30	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=30,BR)
138.204.240.224	32	KF	None	2020-03-08 00:00:00	2020-06-06 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02058 (IP=224,US)
138.204.33.44	24	KF	None	2020-03-09 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02086 (IP=44,BR)
138.204.68.0	22	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BR TO-S-2019-0409 Malicious Email Activity
138.207.139.29	32	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - Web Attacks (IP=29,US)
138.219.192.98	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=98,BR)
138.219.44.0	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=0,BR)
138.247.105.38	32	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=38,US)
138.247.96.92	32	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=92,US)
138.249.0.0	16	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	FI TO-S-2019-0852 Malware Activity
138.251.243.10	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	GB TO-S-2019-0890.01 Malware Activity
138.255.110.160	24	RW	None	2020-03-09 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02094(IP=160,BR)
138.36.180.0	22	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	BR TO-S-2020-0012 Malware Activity
138.36.204.234	24	RR	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Failed password for invalid user - Failed Logons (IP=234,BR)
138.68.106.4	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	DE TO-S-2019-1036 Malicious Email Activity
138.68.107.250	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity
138.68.107.250	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0212.01 Malicious Web Application Activity
138.68.13.55	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
138.68.14.194	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	US TO-S-2019-0634 Malware Activity
138.68.140.22	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	GB TO-S-2019-0431 Malicious Email Activity
138.68.143.113	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	GB TO-S-2019-1036 Malicious Email Activity
138.68.143.56	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password for invalid user - Failed Logons (IP=56,GB)
138.68.17.56	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0747 Malicious Email Activity
138.68.171.25	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	Illegal user_Failed Logon (IP=25,GB)
138.68.178.64	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=64,UK)
138.68.185.126	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password_6 hr Failed Logons (IP=126,GB)
138.68.212.113	32	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=113,US)
138.68.212.139	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=139,US)
138.68.212.45	32	GM	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	ABC Generic ArcSight scan attempt (IP=45,US)
138.68.218.135	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=135,US)
138.68.219.40	32	ABC	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=40,US)
138.68.242.220	32	GLM	None	2019-01-17 00:00:00	2020-01-29 00:00:00	None	Illegal user (IP=220,US) | updated by GM with reason Failed password - Failed Logons (IP=220,US)
138.68.27.253	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=253,US)
138.68.27.62	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0610 Malware Activity
138.68.29.176	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=176,US)
138.68.29.241	32	GM	None	2020-09-05 00:00:00	2020-12-05 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Sourcefire (IP=241,US)
138.68.30.35	32	RR	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=35,US)
138.68.4.8	32	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=8,US)
138.68.43.43	32	DT	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt - SourceFire (IP=43,US)
138.68.51.29	32	RB	None	2020-02-12 00:00:00	2020-03-12 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C01729 (IP=29,US)
138.68.53.199	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	US TO-S-2019-0608 Malicious Email Activity
138.68.67.90	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	DE TO-S-2019-0658 Malware Activity
138.68.72.7	24	GM	None	2019-11-12 00:00:00	2020-02-12 00:00:00	None	Failed Password - Failed Logons (IP=7,DE)
138.68.82.220	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=220 DE)
138.68.86.2	24	MLJ	None	2017-04-24 05:00:00	2020-03-08 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=2,DE) | updated by RR with reason Invalid user - Failed Logons (IP=55,DE)
138.68.92.12	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=12,DE)
138.68.93.14	24	KF	None	2019-11-23 00:00:00	2020-02-21 00:00:00	None	Failed password (IP=14,DE)
138.68.94.173	24	CR	None	2019-12-04 00:00:00	2020-03-04 00:00:00	None	Failed password for invalid user - 6 hr failed logon (IP=173,DE)
138.68.99.46	24	RR	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Failed password - Failed Logons (IP=46,)
138.75.11.75	24	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=75 SG)
138.94.205.201	24	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=201,BR)
138.94.29.141	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=141,BR)
138.97.220.0	22	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BR TO-S-2019-0409 Malicious Email Activity
138.99.204.23	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=23,BR)
138.99.216.147	24	KF	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	APP-DETECT failed FTP login attempt (1:13360:7) (IP=147,BL)
139.155.0.179	24	RR	None	2019-10-02 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=179,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=179, CN)
139.155.106.152	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=152,CN)
139.155.108.228	24	GM	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=228,CN)
139.155.116.199	24	GM	None	2019-10-01 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=199,CN)
139.155.117.15	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=15,CN)
139.155.127.59	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=59,CN)
139.155.128.107	24	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=107,CN)
139.155.156.3	24	KF	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=3,CN)
139.155.2.188	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=188,CN)
139.155.27.86	24	CR	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - CIRT web attack (IP=86,CN)
139.155.34.87	24	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Illegal user - Failed Logons (IP=87,CN)
139.155.35.114	24	DT	None	2020-07-10 00:00:00	2020-10-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=114,CN)
139.155.42.80	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=80,CN)
139.155.45.228	24	GM	None	2019-10-01 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=228,CN)
139.155.46.224	24	GM	None	2020-04-21 00:00:00	2020-07-21 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=224,CN)
139.155.47.172	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=172,CN)
139.155.5.132	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user - Failed Logons (IP=132,CN)
139.155.54.189	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=189,CN)
139.155.56.154	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr web attacks (IP=154,CN)
139.155.69.26	24	GM	None	2019-10-09 00:00:00	2020-01-09 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote
139.155.71.154	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logons (IP=154,CN)
139.155.75.244	24	DT	None	2020-09-18 00:00:00	2020-12-17 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=244,CN)
139.155.77.28	24	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=28,CN)
139.155.77.28	32	CR	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02789 (IP=28,CN)
139.155.80.151	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=151,XX)
139.155.90.36	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=36,CN)
139.155.91.31	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=31,CN)
139.155.92.145	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=145,CN)
139.155.94.242	24	RR	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=242,CN)
139.155.99.228	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=228,CN)
139.159.158.201	32	RB	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03085 (IP=201,CN)
139.159.180.115	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Command Injection Attempt (IP=115,CN)
139.159.195.173	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=173,CN)
139.159.213.155	24	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=155,CN)
139.159.239.103	24	CR	None	2017-11-13 06:00:00	2020-01-02 00:00:00	None	Illegal user (IP=103,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=31,CN) | 2020-01-02 | 2018-02-11
139.159.244.14	24	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=14,VE)
139.159.248.94	24	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=94,CN)
139.159.27.62	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=62,CN)
139.162.102.46	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	JP TO-S-2019-0420 Malware Activity
139.162.108.129	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	JP TO-S-2019-0420 Malware Activity
139.162.117.40	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	JP TO-S-2019-0420 Malware Activity
139.162.120.98	24	MLJ	None	2017-04-03 05:00:00	2020-04-22 00:00:00	None	ET SCAN Potential SSH Scan (IP=98,NL) | updated by dbc with reason JP TO-S-2019-0613 Malware Activity
139.162.120.98	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	JP TO-S-2020-0088 Malicious Web Application Activity
139.162.128.203	24	BMP	None	2020-03-17 00:00:00	2020-06-15 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=203,GB)
139.162.13.0	24	GLM	None	2016-09-20 05:00:00	2020-07-23 00:00:00	None	SERVER-APACHE Apache mod_ssl non-SSL connection to SSL port denial | updated by GLM with reason SERVER-APACHE Apache mod_ssl | updated by dbc with reason SG TO-S-2019-0839 Malicious Email Activity
139.162.132.71	32	KF	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - TT# 20C03238 (IP=71,US)
139.162.143.131	24	DT	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	SERVER-APACHE Apache Solr Velocity Response Writer remote code execution attempt - SourceFire (IP=131,DE)
139.162.144.124	24	wmp	None	2015-11-01 05:00:00	2020-01-25 00:00:00	None	Failed FTP login attempt (IP=124,NL) | updated by kmw with reason DE TO-S-2019-0358 Malicious Web Application Activity
139.162.146.244	24	klb	None	2015-10-18 05:00:00	2020-02-04 00:00:00	None	SCAN Potential SSH Scan (IP=244 NL) | updated by kmw with reason DE TO-S-2019-0382 Malicious Email Activity
139.162.15.59	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	SG TO-S-2019-0831 Malicious Email Activity
139.162.151.83	24	BMP	None	2020-05-26 00:00:00	2020-08-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - 6hr Web Attacks (IP=83,GB)
139.162.153.48	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=48,GB)
139.162.16.31	24	RW	None	2020-04-11 00:00:00	2020-07-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=31,SG)
139.162.165.153	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	DE TO-S-2019-0631 Malicious Email Activity
139.162.165.43	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=43,DE)
139.162.173.162	32	RR	None	2020-05-01 00:00:00	2020-08-01 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt- TT# 20C02588 (IP=162,DE)
139.162.18.105	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	SG TO-S-2019-0831 Malicious Email Activity
139.162.182.87	24	KF	None	2020-05-31 00:00:00	2020-08-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=87,GR)
139.162.184.185	24	EDBT	None	2017-11-05 05:00:00	2020-03-08 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (IP=185,DE) | updated by CR with reason SERVER-OTHER limited RSA | updated by RR with reason OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=
139.162.188.184	32	dbc	None	2020-08-04 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3470 CTO-20-210 R-4366 (IP=184,DE) | updated by wmp Block was inactive. Reactivated on 20200820 with reason HIVE Case #3630 CTO-20-231 (IP=184,DE)
139.162.192.213	24	wmp	None	2016-05-29 05:00:00	2020-02-09 00:00:00	None	Suspicious inbound to PostgreSQL (IP=213,NL) | updated by wmp with reason Suspicious inbound to PostgreSQL (IP=213,NL) | | updated by KF with reason Generic ArcSight scan attempt (IP=40,US)
139.162.195.114	24	RWB	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Attempted Denial of Service - PROTOCOL-DNS DNS query amplification attempt - sourcefire (IP=114,GB)
139.162.196.96	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=96,GB)
139.162.196.96	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=96,GB)
139.162.197.155	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	GB TO-S-2019-0800 Malicious Email Activity
139.162.199.128	24	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=128,UK)
139.162.2.97	24	MLJ	None	2018-04-05 05:00:00	2020-07-18 00:00:00	None	ET SCAN Potential SSH Scan (IP=97,NL) | updated by dbc with reason SG TO-S-2019-0577 Malicious Email Activity | updated by dbc with reason SG TO-S-2019-0831 Malicious Email Activity
139.162.202.90	24	klb	None	2015-10-18 05:00:00	2020-02-09 00:00:00	None	SCAN Potential SSH Scan (IP=90 NL) | updated by MLJ with reason OS-OTHER Bash CGI environment | updated by KF with reason Generic ArcSight scan attempt (IP=208,US)
139.162.209.186	24	EDBT	None	2017-10-01 05:00:00	2020-02-09 00:00:00	None	ET POLICY Suspicious inbound to Oracle SQL port 1521 (IP=186,GB) | updated by KF with reason Generic ArcSight scan attempt (IP=251,US)
139.162.221.245	32	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=245,US)
139.162.223.165	24	RR	None	2019-06-15 00:00:00	2020-02-06 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=165,GB) | updated by RR with reason Generic ArcSight scan attempt (IP=59,US)
139.162.224.195	24	FT	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03828 (IP=195,GB)
139.162.224.41	24	GLM	None	2018-07-20 05:00:00	2020-02-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=41,GB) | updated by KF with reason Generic ArcSight scan attempt (IP=195,US)
139.162.23.240	24	CR	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=240,SG)
139.162.234.187	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=187,UK)
139.162.244.237	24	None	None	None	2020-01-20 00:00:00	None	| updated by RR with reason Trojan.Win.Remcos (IP=237,GB)
139.162.248.187	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=187,GB)
139.162.249.199	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=199,GB)
139.162.34.15	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
139.162.35.180	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	SG TO-S-2019-0831 Malicious Email Activity
139.162.61.94	24	RR	None	2017-07-29 05:00:00	2020-07-18 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=94,NL) | updated by dbc with reason SG TO-S-2019-0831 Malicious Email Activity
139.162.78.229	32	DT	None	2020-06-16 00:00:00	2020-07-16 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C03193 (IP=229,JP)
139.167.122.144	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
139.167.217.130	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
139.170.164.218	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=218,CN)
139.178.64.114	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	NL TO-S-2019-0546 Malicious Email Activity
139.178.69.117	32	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=117,US)
139.180.137.213	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt - SourceFire (IP=213,SG)
139.180.137.213	32	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SQL HTTP URI blind injection attempt - SourceFire (IP=213,US)
139.180.138.78	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	SG TO-S-2019-0852 Malicious Email Activity
139.180.139.166	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	SG TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason SG TO-S-2020-0212.01 Malware Activity
139.180.142.220	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	SG TO-S-2020-0190 Malicious Email Activity
139.180.198.114	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	JP TO-S-2020-0056 Malware Activity
139.186.15.182	24	RB	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	Hello Peppa Scan (IP=182,CN)
139.186.21.132	24	GM	None	2019-10-07 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=132,CN)
139.186.22.180	24	RB	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=180,CN)
139.186.31.119	24	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=119,CN)
139.186.34.52	24	CR	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - CIRT web attack (IP=52,CN)
139.186.82.10	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=10,XX)
139.189.203.133	24	RR	None	2019-12-07 00:00:00	2020-03-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SoureFire (IP=133,CN)
139.194.153.133	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=133,ID)
139.196.189.101	24	GM	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=101,CN)
139.198.14.200	24	ABC	None	2019-10-14 00:00:00	2020-01-12 00:00:00	None	Command Injection Attempt (IP=200,CN)
139.198.15.18	24	RW	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6 hr web attacks (IP=18,CN)
139.198.189.26	24	EDBT	None	2017-06-27 05:00:00	2020-02-11 00:00:00	None	ET SCAN Potential SSH Scan (IP=26,CN) | updated by GM with reason Invalid user - Failed Logons (IP=36,CN)
139.198.191.217	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Failed password for invalid user -Failed Logons (IP=217,CN)
139.198.4.44	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=44,CN)
139.198.5.79	24	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Failed password - Failed Logons (IP=79,CN)
139.198.9.17	24	CR	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attack (IP=17,CN)
139.199.1.199	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=199,CN)
139.199.106.127	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=127,CN)
139.199.107.31	24	CR	None	2018-11-26 06:00:00	2020-01-25 00:00:00	None	Hello Peppa Scan (IP=31,CN) | updated by RW Block was inactive. Reactivated on 20191025 with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=31,CN)
139.199.107.31	32	RW	None	2019-10-25 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=31,US) | updated by CR Block was inactive. Reactivated on 20200603 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT#
139.199.112.85	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=85,CN)
139.199.113.140	24	KF	None	2018-12-10 06:00:00	2020-03-05 00:00:00	None	Failed password for invalid user (IP=140,CN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=2,CN)
139.199.115.105	24	MLJ	None	2018-05-24 05:00:00	2020-03-10 00:00:00	None	ET SCAN Potential SSH Scan | updated by GM with reason Invalid user - Failed Logons (IP=210,CN)
139.199.118.123	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=123,CN)
139.199.119.67	32	FT	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - (CVE-2019-16759) TT# 20C03636 (IP=67,CN)
139.199.119.67	24	wmp	None	2018-11-20 06:00:00	2020-07-18 00:00:00	None	authentication bypass vulnerability (IP=67,CN) | updated by KF with reason Generic ArcSight scan attempt (IP=67,CN) | updated by RW Block was inactive. Reactivated on 20200417 with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefir
139.199.126.197	32	BMP	None	2020-06-26 00:00:00	2020-09-24 00:00:00	None	HTTP: HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03286 (IP=197,CN)
139.199.126.197	32	DT	None	2020-06-25 00:00:00	2020-09-23 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03286 (IP=197,CN)
139.199.127.60	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=60,CN)
139.199.15.148	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=148,CN)
139.199.153.123	24	RR	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=123,CN)
139.199.155.25	24	RB	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=25,CN)
139.199.157.104	24	RW	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=104,CN)
139.199.159.237	24	GLM	None	2017-02-26 06:00:00	2020-02-13 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=237,CN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=77,CN)
139.199.16.213	24	RR	None	2020-09-08 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=213,CN)
139.199.16.213	24	RR	None	2020-09-08 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=213,CN)
139.199.162.74	24	RR	None	None	2020-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=74,CN)
139.199.165.107	24	KF	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=107,CN)
139.199.17.13	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=13,CN)
139.199.172.82	24	DT	None	2020-05-04 00:00:00	2020-08-04 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=82,CN)
139.199.174.58	24	RR	None	2018-10-07 05:00:00	2020-02-11 00:00:00	None	Illegal user (IP=58,CN) | updated by GM with reason Failed password - Failed Logons (IP=58,CN)
139.199.175.155	24	CR	None	2018-11-29 06:00:00	2020-01-14 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=155,CN) | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=232,CN)
139.199.176.15	24	GLM	None	2019-01-17 00:00:00	2020-01-09 00:00:00	None	Illegal user (IP=15,CN) | updated by GM with reason SERVER-WEBAPP Joomla
139.199.179.20	24	YM	None	2018-05-15 05:00:00	2020-01-03 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=20,CN) | updated by GM with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=239,CN)
139.199.184.100	24	MLJ	None	2017-04-26 05:00:00	2020-01-16 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=100,CN) | updated by RR with reason MALWARE-BACKDOOR JSP webshell backdoo | updated by CR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attack (IP=166,
139.199.184.166	32	RW	None	2020-08-19 00:00:00	2020-09-19 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03743 (IP=166,CN)
139.199.187.75	24	RR	None	2020-09-14 00:00:00	2020-12-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=75,CN)
139.199.189.106	24	wmp	None	2018-11-30 06:00:00	2020-01-09 00:00:00	None	authentication bypass vulnerability (IP=106,CN) | updated by RB with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=106,CN) | 2020-01-09 | 2019-03-01
139.199.192.159	24	GLM	None	2018-12-20 06:00:00	2020-02-19 00:00:00	None	Illegal user (IP=159,CN) | updated by GM with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=143,CN)
139.199.193.117	24	EDBT	None	2017-11-13 06:00:00	2020-03-08 00:00:00	None	ET SCAN Potential SSH Scan (IP=117,CN) | updated by GM with reason Invalid user - Failed Logons (IP=202,CN)
139.199.20.237	24	wmp	None	2019-01-16 06:00:00	2020-01-04 00:00:00	None	authentication bypass vulnerability (IP=237,CN) | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=220 CN) | 2020-01-04 | 2019-04-16
139.199.200.196	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_6 hr web attacks (IP=196,CN)
139.199.203.14	24	BMP	None	2020-06-13 00:00:00	2020-07-13 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=14,CN)
139.199.204.198	24	RW	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=198,CN)
139.199.219.241	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=241,CN)
139.199.23.229	24	KF	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=229,CN)
139.199.250.41	24	RB	None	2020-03-20 00:00:00	2020-06-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_6 hr web attacks (IP=41,CN)
139.199.29.155	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=155,CN)
139.199.31.16	24	YM	None	2018-05-16 05:00:00	2020-01-17 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=16,CN) | updated by GM with reason INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=3,CN)
139.199.33.114	24	GLM	None	2018-10-01 05:00:00	2020-01-08 00:00:00	None	Illegal user (IP=114,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=135,CN)
139.199.34.191	32	BMP	None	2020-06-26 00:00:00	2020-09-24 00:00:00	None	HTTP: HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03287 (IP=191,CN)
139.199.34.191	32	DT	None	2020-06-25 00:00:00	2020-09-23 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03287 (IP=191,CN)
139.199.39.44	24	JC	None	2019-01-16 06:00:00	2020-02-07 00:00:00	None	WPC-REGIONAL ESM SYNFLOOD (IP=44, CN) | updated by RB with reason HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=56,CN) | 2020-02-07 | 2019-04-16
139.199.48.30	24	GLM	None	2018-06-26 05:00:00	2020-03-05 00:00:00	None	Authentication Failed (IP=30,CN) | updated by RR with reason Invalid user - Failed Logons (IP=2,CN)
139.199.70.220	24	GM	None	2019-10-07 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=220,CN)
139.199.72.217	24	EDBT	None	2017-12-03 06:00:00	2020-04-12 00:00:00	None	ET SCAN Potential SSH Scan (IP=217,CN) | updated by CW with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_Web attacks (IP=93,CN)
139.199.74.166	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=166,CN)
139.199.80.79	24	MLJ	None	2017-03-06 06:00:00	2020-01-18 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=79,CN) | updated by RB with reason Command Injection Attempt (IP=128,CN) | 2020-01-18 | 2017-06-06
139.199.83.44	24	KF	None	2019-11-02 00:00:00	2020-02-01 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=44,CN) | updated by KF Block expiration extended with reason Command Injection Attempt (IP=44,CN)
139.199.84.186	24	KF	None	2020-04-22 00:00:00	2020-07-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=186,CN)
139.199.87.17	24	RB	None	2018-12-11 06:00:00	2020-01-03 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=17,CN) | updated by RW with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - 6 hr web attacks (IP=119,CN)
139.199.88.93	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Failed password for invalid user - Failed Logon (IP=93,CN)
139.199.9.115	24	wmp	None	2019-01-24 00:00:00	2020-01-07 00:00:00	None	authentication bypass vulnerability (IP=115,CN) | updated by ABC with reason Generic ArcSight scan attempt (IP=231,CN)
139.199.94.100	24	RB	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=100,CN)
139.204.121.35	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=35,CN)
139.205.201.192	24	CR	None	2019-12-21 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=192,CN)
139.205.206.164	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=164,CN)
139.209.242.77	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=77,CN)
139.210.167.158	24	RR	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=158,CN)
139.211.165.112	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=112,CN)
139.212.255.18	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=18 CN)
139.215.13.144	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_12 hr web attacks (IP=144,CN)
139.215.143.16	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=16,CN)
139.215.217.181	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=181,CN)
139.217.134.138	24	GM	None	2019-10-07 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=138,CN)
139.217.217.19	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=19,CN)
139.217.220.74	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=74,CN)
139.217.96.76	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=76,CN)
139.218.103.174	24	KF	None	2020-03-16 00:00:00	2020-06-14 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=174,AU)
139.219.192.37	32	DT	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02724 (IP=37,CN)
139.219.2.94	32	DT	None	2020-05-04 00:00:00	2020-08-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02610 (IP=94,CN)
139.223.0.0	16	jky	None	2017-06-16 05:00:00	2020-03-11 00:00:00	None	TW TO-S-2017-1134 Malicious activity | updated by dbc with reason TW TO-S-2019-0468 Malicious Web Application Activity
139.255.30.242	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	ID TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason ID TO-S-2020-0212.01 Malicious Web Application Activity
139.255.32.0	22	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	ID TO-S-2020-0012 Malware Activity
139.255.38.133	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	ID TO-S-2020-0206 Malicious Web Application Activity
139.255.38.133	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	ID TO-S-2020-0212.01 Malicious Web Application Activity
139.255.87.66	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Attempted User Privilege Gain - SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - sourcefire (IP=66,ID)
139.28.36.0	22	dbc	None	2019-03-21 00:00:00	2020-04-29 00:00:00	None	UA TO-S-2019-0515 Malware Activity | updated by dbc with reason UA TO-S-2019-0631 Malware Activity
139.5.20.0	22	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	IN TO-S-2019-0769 Malicious Email Activity
139.59.106.247	24	MLJ	None	2018-03-22 05:00:00	2020-02-08 00:00:00	None	ET SCAN Potential SSH Scan (IP=247,AU) | updated by GLM with reason Failed password (IP=82,SG) | updated by KF with reason Generic ArcSight scan attempt (IP=144,US)
139.59.108.216	24	GLM	None	2018-07-07 05:00:00	2020-02-16 00:00:00	None	Authentication Failed (IP=216,SG) | updated by RR with reason Failed password - Failed Logons (IP=237,SG)
139.59.117.229	32	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=229,US)
139.59.123.37	24	EDBT	None	2017-09-18 05:00:00	2020-01-25 00:00:00	None	ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack (IP=37,SG) | updated by RR with reason Generic ArcSight scan attempt (IP=163,US)
139.59.13.63	24	RR	None	2019-01-04 06:00:00	2020-01-19 00:00:00	None	Illegal user (IP=63,AU) | updated by KF with reason Generic ArcSight scan attempt (IP=150,US)
139.59.169.37	24	RR	None	2019-01-28 00:00:00	2020-02-07 00:00:00	None	Failed password for invalid user (IP=37,AU) | updated by KF with reason Failed password (IP=37,GB)
139.59.17.118	24	BP	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Failed password for invalid user - 6hr Logons (IP=118,IN)
139.59.18.131	24	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=131,IN)
139.59.19.138	24	BMP	None	2020-08-28 00:00:00	2020-11-26 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=138,IN)
139.59.190.69	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=69,UK)
139.59.23.68	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=68,IN)
139.59.238.14	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=14,SG)
139.59.247.114	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=114,SG)
139.59.25.129	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=129,IN)
139.59.34.202	24	EDBT	None	2017-10-16 05:00:00	2020-01-21 00:00:00	None	ET SCAN Potential SSH Scan (IP=202,IN) | updated by GM with reason Illegal user - Failed Logons (IP=17,IN)
139.59.36.155	24	MLJ	None	2018-04-23 05:00:00	2020-01-30 00:00:00	None	ET SCAN Potential SSH Scan (IP=155,AU) | updated by RR with reason Failed password - Failed Logons (IP=218,)
139.59.36.87	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=87,IN)
139.59.38.94	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=94,IN)
139.59.41.6	24	CR	None	2019-01-03 06:00:00	2020-03-03 00:00:00	None	Illegal user (IP=6,AU) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=154,IN)
139.59.59.37	24	EDBT	None	2018-01-09 06:00:00	2020-01-16 00:00:00	None	ET SCAN Potential SSH Scan (IP=37,AU) | updated by RR with reason Failed password for invalid user (IP=194,AU) | updated by RW with reason Illegal user - 6hr Failed Logon (IP=187,IN)
139.59.61.134	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=134,IN)
139.59.65.128	24	RR	None	2018-12-20 06:00:00	2020-02-01 00:00:00	None	Failed password for invalid user (IP=128,AU) | updated by RB with reason Generic ArcSight scan attempt (IP=220,IN) | 2020-02-01 | 2019-03-20
139.59.68.192	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=192,IN)
139.59.7.53	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=53,US)
139.59.72.61	24	BMP	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=61,IN)
139.59.77.252	24	ABC	None	2017-12-02 06:00:00	2020-03-05 00:00:00	None	Generic ArcSight scan attempt (IP=252,ZZ) | updated by RR with reason Invalid user - Failed Logons (IP=23,IN)
139.59.78.193	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=193,IN)
139.59.78.70	24	CR	None	2018-08-20 05:00:00	2020-01-14 00:00:00	None	Illegal user (IP=70,IN) | updated by RR with reason Illegal user - Web Attacks (IP=236,IN)
139.59.8.10	32	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=10,US)
139.59.80.224	24	EDBT	None	2017-10-29 05:00:00	2020-02-18 00:00:00	None	ET SCAN Potential SSH Scan (IP=224,IN) | updated by RR with reason Illegal user (IP=224,AU) | updated by RR with reason Failed password - Failed Logons (IP=65,IN)
139.59.84.55	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=55,IN)
139.59.86.171	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user - Failed Logons (IP=171,IN)
139.59.86.56	24	DT	None	2020-06-19 00:00:00	2020-09-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=56,IN)
139.59.87.17	32	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=17,US)
139.59.89.19	32	FT	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03983 (IP=19,IN)
139.59.90.114	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=114,IN)
139.59.90.40	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=40,IN)
139.59.95.216	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=216,TW)
139.59.98.34	32	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	TCP: SYN Host Sweep (IP=34,US)
139.82.0.0	16	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	BR TO-S-2019-1002 Malware Activity
139.9.100.180	24	RW	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	TCP: SYN Host Sweep (IP=180,CN)
139.9.101.149	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=149,CN)
139.9.113.157	24	RR	None	None	2020-06-28 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=157,CN)
139.9.114.248	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	Command Injection Attempt (IP=248,CN)
139.9.118.119	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=119,CN)
139.9.138.97	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=97,CN)
139.9.160.214	24	BMP	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=214,CN)
139.9.168.133	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=133,CN)
139.9.183.208	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=208,CN)
139.9.195.191	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=191,CN)
139.9.208.227	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=227,CN)
139.9.211.22	24	ABC	None	2019-10-14 00:00:00	2020-01-12 00:00:00	None	Command Injection Attempt (IP=22,CN)
139.9.220.41	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Command Injection Attempt (IP=41,CN)
139.9.223.156	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=156,CN)
139.9.225.150	24	GM	None	2019-11-18 00:00:00	2020-02-18 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=150,CN)
139.9.241.204	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=204,CN)
139.9.247.125	24	KF	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=125,CN)
139.9.47.74	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=74,CN)
139.91.1.1	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	GR TO-S-2019-0617 Malware Activity
139.91.191.3	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	GR TO-S-2019-0617 Malware Activity
139.99.122.225	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	SG TO-S-2019-0604 Malicious Email Activity
139.99.124.28	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	SG TO-S-2019-0358 Malware Activity
139.99.125.234	32	CR	None	2020-04-25 00:00:00	2020-07-25 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02572 (IP=150,US)
139.99.130.186	24	ABC	None	2018-02-01 06:00:00	2020-09-10 00:00:00	None	Generic ArcSight scan attempt (IP=186,XX) | updated by dbc with reason AU TO-S-2019-0972 Malware Activity
139.99.131.6	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr web attacks (IP=6,AU)
139.99.141.237	32	BMP	None	2020-03-05 00:00:00	2020-11-30 00:00:00	None	Known Attack Tool User Agent / HTTP: Masscan Scanner Traffic Detected - TT# 20C02008 (IP=237,AU) | updated by wmp Block was inactive. Reactivated on 20200901 with reason HIVE Case #3708 TO-S-2020-0766 (IP=237,AU)
139.99.149.85	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	BE TO-S-2020-0088 Malware Activity
139.99.149.9	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=9,FR)
139.99.153.190	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=190,AU)
139.99.170.233	32	wmp	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=233,AU)
139.99.171.88	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=88,AU)
139.99.19.224	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	SG TO-S-2019-0640.01 Malicious Email Activity
139.99.19.226	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	SG TO-S-2019-0631 Malicious Email Activity
139.99.237.34	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=34,AU)
139.99.32.71	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	SG TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason SG TO-S-2020-0212.01 Malware Activity
139.99.38.40	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	SG TO-S-2019-0571 Malicious Email Activity
139.99.40.27	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user - Failed Logons (IP=27,SG)
139.99.41.143	24	RW	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	SERVER-WEBAPP Apache Tomcat FileStore directory traversal attempt - Sourcefire (IP=143,SG)
139.99.46.49	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	SG TO-S-2019-0577 Malicious Email Activity
139.99.47.179	24	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=179, SG) | updated by dbc with reason SG TO-S-2019-0626.01 Malicious Email Activity
139.99.55.187	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	SG TO-S-2019-0938 Malicious Email Activity
139.99.67.169	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	SG TO-S-2019-0577 Malicious Email Activity
139.99.78.20	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Failed password - Failed Logons (IP=20,SG)
14.102.254.230	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=230,HK)
14.102.61.138	24	RW	None	2020-04-21 00:00:00	2020-07-21 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Sourcefire (IP=138,IN)
14.102.68.174	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=174,IN)
14.111.93.49	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Failed password for invalid user - Failed Logons (IP=49,CN)
14.116.149.216	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Generic ArcSight scan attempt (IP=216,CN)
14.116.187.107	24	RB	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	Illegal user_6 hr Failed Logons (IP=107,CN)
14.116.253.142	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Failed password for invalid user - Failed Logon (IP=142,CN)
14.138.109.139	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=139,KR)
14.139.184.30	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
14.139.231.132	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=132,IN)
14.140.0.0	14	dcg	None	2018-08-14 05:00:00	2020-01-11 00:00:00	None	IN TO-S-2018-1031 associated with malicious web application and malware activity | updated by RB with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_12 hr web attacks (IP=194 IN) | 2020-01-11 | 2019-08-14
14.140.192.7	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Failed password for invalid user - Failed Logon (IP=,CN)
14.142.149.50	24	RR	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Illegal user - Failed Logons (IP=50,IN)
14.142.193.90	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=90,IN)
14.142.57.66	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=66,IN)
14.152.50.45	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	Illegal User - Failed Logons (IP=45,CN)
14.161.1.251	24	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=251,VN)
14.161.17.17	24	RB	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_6 hr web attacks (IP=17,VN)
14.161.6.51	24	dbc	None	2014-03-26 05:00:00	2020-01-31 00:00:00	None	https Local File Inclusion Attempt (ip=51,VN) | updated by GM with reason Authentication Failed - Failed Logons (IP=201,VN)
14.164.22.58	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Illegal user - Failed Logon (IP=58,VN)
14.166.135.147	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=147,VN)
14.166.167.22	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=22,Vietnam)
14.166.62.232	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Authentication Failed - Failed Logons (IP=232,VN)
14.170.189.71	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Generic ArcSight scan attempt (IP=71,VN)
14.170.9.158	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=158,Vietnam)
14.175.177.57	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=57,VN)
14.177.128.238	24	CW	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	Illegal user_Failed Logon (IP=38,VN)
14.177.136.115	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=115,CN)
14.177.160.240	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=240,VN)
14.177.181.106	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=106,VN)
14.177.187.148	24	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=148,VN)
14.177.232.129	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=129,VN)
14.177.235.247	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password (IP=247,VN)
14.177.239.84	24	ABC	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=84,VN)
14.177.248.194	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Authentication Failed - Failed Logons (IP=194,VN)
14.177.249.211	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=211,VN)
14.18.189.68	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Failed password for invalid user - Failed Logons (IP=68,CN)
14.18.34.150	24	RB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Invalid user_6 hr Failed Logons (IP=150,CN)
14.184.233.160	24	RW	None	2020-09-01 00:00:00	2020-12-01 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=160,VN)
14.186.28.156	24	RWB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Illegal user - Failed Logon (IP=156,VN)
14.187.129.119	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=119,Vietnam)
14.187.168.156	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=156,VN)
14.189.254.25	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=25,VN)
14.190.61.115	24	RW	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=115,VN)
14.192.199.65	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	MY TO-S-2020-0206 Malicious Web Application Activity
14.192.199.65	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	MY TO-S-2020-0212.01 Malicious Web Application Activity
14.192.209.160	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=160,MY)
14.192.215.200	24	RWB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Authentication Failed - Failed Logon (IP=200,MY)
14.192.9.211	24	RB	None	2017-03-18 05:00:00	2020-02-03 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=211,HK) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=105,HK) | updated by RR with reason Command Injection Attempt (IP=
14.198.12.180	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	Authentication Failed_Failed Logon
14.199.238.164	24	GM	None	2020-06-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=164,HK)
14.20.88.64	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password_6 hr Failed Logons (IP=64 CN)
14.200.30.48	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,AU)
14.201.11.188	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=188,AU)
14.207.210.121	24	RW	None	2019-12-12 00:00:00	2020-03-12 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=121,TH)
14.209.104.71	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	APP-DETECT failed FTP login attempt_6 hr Failed Logons (IP=71 CN)
14.225.11.25	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	Failed password_Failed Logon (IP=25,VN)
14.225.17.9	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=9,VN)
14.225.3.47	24	20200120	None	None	2020-01-20 00:00:00	None	Illegal user - Fail Logins (IP=47,VN) | updated by 20200120 Block was inactive. Reactivated on RWB with reason Illegal user - Fail Logins (IP=47,VN) | updated by RWB Block was inactive. Reactivated on 20191022 with reason Illegal user - Fail Logins
14.225.5.37	24	FT	None	2020-09-27 00:00:00	2020-12-27 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - Source Fire (IP=37,VN)
14.228.228.128	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Authentication Failed - Failed Logons (IP=128,VN)
14.23.168.178	24	GM	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	Illegal user - Failed Logons (IP=178,CN)
14.231.174.241	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Web Attacks (IP=241,VN)
14.231.183.248	24	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	TCP: SYN Host Sweep (IP=248,VN)
14.231.53.123	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=123,VN)
14.232.154.217	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=217,VN)
14.232.160.213	24	RR	None	2018-08-18 05:00:00	2020-03-03 00:00:00	None	Illegal user (IP=213,VN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=213,VN)
14.232.183.29	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - 6hr Logon (IP=29,VN)
14.232.245.27	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=27,VN)
14.234.16.0	20	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,VN)
14.234.244.159	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=159,Vietnam)
14.239.105.239	24	CR	None	2020-01-20 00:00:00	2020-04-20 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - Sourcefire (IP=239,CN)
14.241.224.0	21	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	VN TO-S-2020-0077 Malicious Email Activity
14.241.230.44	32	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	VN TO-S-2020-0077 Malicious Email Activity
14.241.40.18	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=18,VN)
14.247.169.141	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=141,VN)
14.248.106.63	24	GM	None	2020-01-10 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - Web Attacks (IP=63,VN)
14.248.83.163	24	RWB	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Invalid user - Failed Logon (IP=,CN) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=163,VN)
14.253.121.215	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=215,VN)
14.254.163.67	24	GM	None	2020-01-08 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=67,VN)
14.29.130.153	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=153,CN)
14.29.162.139	24	RR	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logons (IP=139,CN)
14.29.195.135	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=135,CN) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
14.29.244.64	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=64,CN)
14.29.89.8	24	alj	None	2018-11-28 06:00:00	2020-01-17 00:00:00	None	INDICATOR-COMPROMISE Suspicious .top dns query (1:43687:2) (ip=8,cn) | updated by KF with reason INDICATOR-COMPROMISE Suspicio | updated by KF Block was inactive. Reactivated on 20191015 with reason INDICATOR-COMPROMISE Suspicious .top dns query (1:4368
14.33.65.165	24	dbc	None	2016-07-14 05:00:00	2020-03-31 00:00:00	None	KR TO-S-2016-0867 Malicious Activity | updated by GM with reason SERVER-WEBAPP vBulletin decodeArguments PHP object injection attempt - Sourcefire (IP=179,KR)
14.39.19.190	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=190,KR)
14.45.114.39	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=39,KR)
14.45.55.138	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=138,KR)
14.46.115.54	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Generic ArcSight scan attempt (IP=54,KR)
14.47.29.146	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason KR TO-S-2020-0212.01 Malicious Web Application Activity
14.49.15.172	24	RR	None	2019-05-28 00:00:00	2020-08-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt -SourceFire (IP=172,KR) | updated by dbc with reason KR TO-S-2019-0926 Malicious Reconnaissance Activity
14.56.180.103	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Invalid user_Failed Logon (IP=3,KR)
14.63.167.192	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password - Failed Logons (IP=192,KR)
14.63.223.226	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=226,KR)
14.98.118.2	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Generic ArcSight scan attempt (IP=2,IN)
14.98.239.0	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=0,IN)
14.98.37.218	24	BMP	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=218,IN)
14.98.4.82	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=82,IN)
14.99.24.220	24	MLJ	None	2017-12-13 06:00:00	2020-03-08 00:00:00	None	ET SCAN Potential SSH Scan (IP=220,IN) | updated by GM with reason Invalid user - Failed Logons (IP=177,IN)
140.114.85.52	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=52,TW)
140.120.31.100	24	KF	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=100,TW)
140.143.0.107	32	GM	None	2020-08-17 00:00:00	2020-11-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C03728 (IP=107,CN)
140.143.0.141	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=141 CN)
140.143.100.140	24	MLJ	None	2017-12-15 06:00:00	2020-01-24 00:00:00	None	ET SCAN Potential SSH Scan (IP=140,CN) | updated by KF with reason Authentication Failed (IP=90 CN) | updated by RR with reason INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=169,CN)
140.143.11.46	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=46,CN)
140.143.121.45	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=45,CN)
140.143.129.100	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	Authentication Failed - Failed Logon (IP=100,CN)
140.143.13.32	24	RWB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	Attempted User Privilege Gain - SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=32,CN)
140.143.130.52	24	RR	None	2019-01-19 00:00:00	2020-02-28 00:00:00	None	Failed password for invalid user (IP=52,CN) | updated by RB with reason HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=12,CN) | 2020-02-28 | 2019-04-19
140.143.131.22	24	RB	None	2019-01-28 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=22,CN) | updated by RR with reason Failed password - Failed Logons (IP=117,CN)
140.143.133.123	24	KF	None	2018-11-06 06:00:00	2020-01-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=123,CN) | updated by GM with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=155,CN)
140.143.135.148	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SSH Scan Report (IP=148,CN)
140.143.135.233	24	alj	None	2018-11-07 06:00:00	2020-02-23 00:00:00	None	Failed password (ip=233,cn) | updated by BP with reason Authentication Failed - Failed Logons (IP=148,CN)
140.143.136.88	24	MLJ	None	2018-05-28 05:00:00	2020-02-20 00:00:00	None	ET SCAN Potential SSH Scan (IP=88, | updated by RR with reason Failed password - Failed Logons (IP=89,CN)
140.143.139.14	24	RR	None	2019-01-19 00:00:00	2020-02-27 00:00:00	None	Failed password for invalid user (IP=14,CN) | updated by RWB Block was inactive. Reactivated on 20191129 with reason Invalid user - Failed Logon (IP=14,CN)
140.143.142.159	24	YM	None	2018-05-14 05:00:00	2020-02-11 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=159,CN) | updated by RR with reason Failed password - Failed Logons (IP=190,CN)
140.143.147.220	24	MLJ	None	2018-05-31 05:00:00	2020-01-20 00:00:00	None	ET SCAN Potential SSH Scan | updated by KF with reason Command Injection Attempt (IP=236,CN)
140.143.148.16	24	KF	None	2019-04-12 00:00:00	2020-03-12 00:00:00	None	Authentication Failed (IP=16,CN) | updated by RWB Block was inactive. Reactivated on 20191213 with reason 140.143.148.16 - ET scans (IP=16,CN)
140.143.15.169	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP=169,CN)
140.143.150.246	24	RR	None	2019-04-14 00:00:00	2020-04-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=246,CN) | updated by CW Block was inactive. Reactivated on 20200130 with reason Authentication Failed_Failed Logon (IP=46,CN)
140.143.151.30	24	RR	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	Authentication Failed - Failed Logons (IP=30,CN)
140.143.154.31	24	MLJ	None	2018-05-18 05:00:00	2020-01-23 00:00:00	None	ET SCAN Potential SSH Scan (IP=31, | updated by RR with reason INDICATOR-SCAN SSH brute force login attempt - ET SCANs (IP=22,CN)
140.143.157.8	24	ABC	None	2019-10-07 00:00:00	2020-01-05 00:00:00	None	SSH Brute Force Login Attempt (IP=8,CN)
140.143.158.168	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	SQL Injection (IP=168,CN)
140.143.159.112	24	GM	None	2019-04-17 00:00:00	2020-01-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=112,CN) | updated by RR with reason INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=112,CN)
140.143.16.248	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_12hr scan (IP=48,CN)
140.143.164.213	24	RR	None	2019-01-19 00:00:00	2020-03-13 00:00:00	None	Failed password for invalid user (IP=213,CN) | updated by RB with reason INDICATOR-SCAN SSH brute force login attempt_12 Hour ET Scan (IP=245,CN) | 2020-03-13 | 2019-04-19
140.143.165.246	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logon (IP=246,CN)
140.143.167.250	32	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SHTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02763 (IP=250,CN)
140.143.167.67	24	MLJ	None	2018-05-20 05:00:00	2020-02-05 00:00:00	None	Authentication Failed (IP=67,CN) | updated by RR with reason Command Injection Attempt (IP=250,CN)
140.143.186.229	24	DT	None	2020-09-09 00:00:00	2020-12-09 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=229,CN)
140.143.187.158	24	ABC	None	2019-10-07 00:00:00	2020-01-05 00:00:00	None	SSH Brute Force Login Attempt (IP=158,CN)
140.143.189.139	24	KF	None	2018-10-28 05:00:00	2020-01-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=139,CN) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=139,CN) | 2020-01-03 | 2019-01-26
140.143.19.204	24	GM	None	2018-10-26 05:00:00	2020-01-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=204,CN) | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=50,CN)
140.143.19.50	24	KF	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C02775 (IP=50,CN)
140.143.191.152	24	MLJ	None	2018-04-30 05:00:00	2020-02-12 00:00:00	None	Authentication Failed | updated by RR with reason Invalid user -Failed Logons (IP=245,CN)
140.143.194.191	24	RR	None	2020-07-18 00:00:00	2020-10-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=191,CN)
140.143.197.220	24	RR	None	2018-12-18 06:00:00	2020-01-30 00:00:00	None	Failed password for invalid user (IP=220,CN) | updated by RR with reason Failed password - Failed Logons (IP=232,)
140.143.198.170	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 12 hour ET Scans(IP=170,CN)
140.143.20.140	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=140,CN)
140.143.200.61	24	wmp	None	2018-12-10 06:00:00	2020-02-16 00:00:00	None	authentication bypass vulnerability (IP=61,CN) | updated by RR with reason Failed password - Failed Logons (IP=251,CN)
140.143.204.38	24	MLJ	None	2018-04-22 05:00:00	2020-01-04 00:00:00	None	Authentication Failed (IP=38,CN) | updated by KF with reason Authentication Failed (IP=66,CN) | updated by GM with reason | updated by ABC with reason Generic ArcSight scan attempt (IP=199,CN) | 2020-01-04 | 2019-01-17
140.143.205.200	24	MLJ	None	2018-04-23 05:00:00	2020-02-01 00:00:00	None	ET SCAN Potential SSH Scan (IP=200,CN) | updated by RR with reason Illegal user (IP=227,CN) | updated by RB with reason HTTP: ThinkPHP CMS Getshell Vulnerability_12 hr web attacks (IP=165,CN) | 2020-02-01 | 2019-03-22
140.143.206.211	24	RB	None	2018-11-02 05:00:00	2020-01-23 00:00:00	None	Authentication Failed (IP=211 CN) | updated by RR with reason Illegal user - Failed Logons (IP=71,CN)
140.143.209.232	24	YM	None	2018-05-14 05:00:00	2020-04-09 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=232,CN) | updated by KF with reason HTTP: SQL Injection Attempt Detected (IP=240,CN)
140.143.223.242	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=242,CN)
140.143.224.81	24	alj	None	2018-11-07 06:00:00	2020-02-20 00:00:00	None	Authentication Failed (ip=81,cn) | updated by RR with reason Authentication Failed - Failed Logons (IP=186,CN)
140.143.226.161	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Authentication Failed (IP=161,CN)
140.143.226.161	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=161,CN)
140.143.228.204	24	KF	None	2018-10-17 05:00:00	2020-02-23 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=204,CN) | updated by GM with reason INDICATOR-SCAN SSH brute force login att | updated by BP with reason Authentication Failed - Failed Logons (IP=134,CN)
140.143.229.222	24	BP	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Logons (IP=222,CN)
140.143.231.44	24	YM	None	2018-04-25 05:00:00	2020-02-20 00:00:00	None	ET SCAN Potential SSH Scan (IP=44,CN) | updated by RR with reason Authentication Failed - Failed Logons (IP=29,CN)
140.143.236.44	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=44,CN)
140.143.241.178	24	ABC	None	2019-10-07 00:00:00	2020-01-05 00:00:00	None	SSH Brute Force Login Attempt (IP=178,CN)
140.143.242.29	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=29,CN)
140.143.245.87	24	MLJ	None	2018-04-27 05:00:00	2020-04-21 00:00:00	None	ET SCAN Potential SSH Scan (IP=87,CN) | updated by RWB with reason INDICATOR-SCAN SSH brute force login attempt - ET (IP=164,CN)
140.143.246.238	24	KF	None	2018-10-17 05:00:00	2020-01-27 00:00:00	None	Authentication Failed (IP=238,CN) | updated by GM with reason INDICATOR-SCAN SSH brute force login attempt (IP=238,CN) | updated by GM with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=225,CN)
140.143.250.114	24	KF	None	2019-07-01 00:00:00	2020-04-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_6 Hr Failed Logons (IP=114,CN) | updated by KF with reason INDICATOR-SCAN SSH brute force login _12 Hr ET Scan (IP=114,CN) | updated by CW Block was inactive. Reactivated on 20200123 with reason INDICATOR-SC
140.143.26.161	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=161,CN)
140.143.3.232	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=232,CN)
140.143.36.126	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_12 hr Web attacks (IP=126,CN)
140.143.37.142	24	RR	None	2018-11-25 06:00:00	2020-04-21 00:00:00	None	Illegal user (IP=142,CN) | updated by RWB with reason INDICATOR-SCAN SSH brute force login attempt - ET (IP=92,CN)
140.143.4.133	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password - 6hr Logon (IP=133,CN)
140.143.47.142	24	RR	None	2019-03-31 00:00:00	2020-01-29 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=142,CN) | updated by GM with reason HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=55,CN)
140.143.56.149	24	RW	None	2020-08-18 00:00:00	2020-11-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=149,CN)
140.143.57.159	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password for invalid user - Failed Logons (IP=159,CN)
140.143.58.46	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Invalid user - Failed Logon (IP=46,CN)
140.143.62.158	24	KF	None	2018-10-20 05:00:00	2020-03-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=158,CN) | updated by RR with reason INDICATOR-SCAN SSH brute force login attempt (1:19559:12) -SoureFire (IP=129,CN)
140.143.77.85	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:12) (IP=85,CH)
140.143.80.8	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_Web Attacks (IP=8,CN)
140.143.88.36	24	RB	None	2018-11-02 05:00:00	2020-01-03 00:00:00	None	Authentication Failed (IP=36 CN) | updated by alj with reason INDICATOR-SCAN SSH brute force login attempt (ip=36,cn) | updated by RB with reason INDICATOR-SCAN SSH brute force login attempt_Sourcefire (IP=76,CN) | 2020-01-03 | 2019-02-01
140.143.88.76	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=76,CN)
140.143.89.196	24	MLJ	None	2018-05-17 05:00:00	2020-01-02 00:00:00	None	ET SCAN Potential SSH Scan (IP=196,CN) | updated by RR with reason INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=44,CN)
140.143.93.161	24	MLJ	None	2017-12-11 06:00:00	2020-02-04 00:00:00	None	Authentication Failed (IP=161,CN) | updated by RR with reason Failed password for invalid user (IP=31,CN) | updated by RR with reason Failed password - Failed Logons (IP=31,CN)
140.143.95.206	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=206,CN)
140.143.95.206	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=206,CN)
140.143.96.44	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=44,CN)
140.143.98.20	24	alj	None	2018-10-16 05:00:00	2020-02-20 00:00:00	None	INDICATOR-SCAN SSH brute force | updated by RR with reason Failed password - Failed Logons (IP=35,CN)
140.153.15.66	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168
140.153.196.66	32	JKC	None	2020-06-12 00:00:00	2020-09-12 00:00:00	None	substandard VPN ENCRYYPTION IP CTO-20-162 (IP=66,US)
140.153.28.103	32	GM	None	2020-09-05 00:00:00	2020-12-05 00:00:00	None	Unauthorized Access-Probe - TT # 20C03844 (IP=103,NL)
140.153.8.118	32	dbc	None	2019-10-11 00:00:00	2020-10-11 00:00:00	None	KR TO-S-2020-0027 Burnished Pyrite IOCs Malware Activity
140.16.1.33	32	jkc	None	2020-06-26 00:00:00	2020-07-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 INTEL recommended block IP (ip=33,US)
140.16.1.39	32	dbc	None	2019-10-11 00:00:00	2020-10-11 00:00:00	None	KR TO-S-2020-0027 Burnished Pyrite IOCs Malware Activity
140.16.144.128	32	dbc	None	2019-10-11 00:00:00	2020-10-11 00:00:00	None	KR TO-S-2020-0027 Burnished Pyrite IOCs Malware Activity
140.16.31.102	32	jkc	None	2020-06-26 00:00:00	2020-07-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 INTEL recommended block IP (ip=102,US)
140.16.31.11	32	jkc	None	2020-06-26 00:00:00	2020-07-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 INTEL recommended block IP (ip=11,US)
140.194.100.254	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168
140.194.138.160	24	KF	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=160,)
140.194.204.32	24	BMP	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=32,CN)
140.194.48.20	32	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=20,US)
140.194.48.20	32	KF	None	2020-05-31 00:00:00	2020-08-29 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=20,US)
140.194.48.31	32	KF	None	2020-05-23 00:00:00	2020-05-23 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - Web Attacks (IP=31,US)
140.194.48.33	32	KF	None	2020-06-11 00:00:00	2020-09-09 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=33,US)
140.194.48.38	32	KF	None	2020-05-24 00:00:00	2020-08-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=38,US)
140.194.48.38	32	KF	None	2020-05-24 00:00:00	2020-08-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=38,US)
140.194.48.39	32	KF	None	2020-05-23 00:00:00	2020-05-23 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - Web Attacks (IP=39,US)
140.194.49.85	24	BMP	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=85,CN)
140.194.82.21	32	BMP	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=21,US)
140.211.37.108	32	RW	None	2019-10-28 00:00:00	2020-01-28 00:00:00	None	- 6hr Failed Logon (IP=108,US)
140.224.171.67	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=67,CN)
140.227.238.13	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	JP TO-S-2020-0056 Malware Activity
140.237.187.121	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_6 Hr Failed Logons (IP=121 CN)
140.238.228.147	24	RW	None	2020-03-09 00:00:00	2020-06-09 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=147,US)
140.238.244.166	24	BMP	None	2020-03-10 00:00:00	2020-06-08 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=166,IN)
140.238.58.8	32	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=8,US)
140.238.8.12	24	RW	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=12,ES)
140.240.202.20	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=20,CN)
140.246.120.3	24	RR	None	2020-09-29 00:00:00	2020-12-28 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=3,CN)
140.246.124.36	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=36,CN)
140.246.125.190	24	KF	None	2019-01-21 00:00:00	2020-01-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=190,CN) | updated by KF Block was inactive. Reactivated on 20191004 with reason Authentication Failed_6 Hr Failed Logons (IP=190 CN)
140.246.190.43	24	GM	None	2020-04-21 00:00:00	2020-07-21 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=43,CN)
140.246.191.130	32	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - 6hr Failed Logon (IP=130,CN) | updated by RW Block was inactive. Reactivated on 20191015 with reason Illegal user - 6hr Failed Logon (IP=130,CN)
140.246.207.140	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=140,CN)
140.246.219.37	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=37,HK)
140.246.229.195	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=195,CN)
140.246.231.192	24	RR	None	2020-01-29 00:00:00	2020-05-13 00:00:00	None	Authentication Failed - Failed Logons (IP=192,CN) | updated by KF Block expiration extended with reason INDICATOR-SCAN SSH brute force login attempt - 12 Hour ET Scan (IP=192,CN)
140.246.234.18	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=18,CN)
140.246.34.221	24	KF	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=221,CN)
140.246.84.156	24	KF	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	Authentication Failed - Failed Logons (IP=156,CN)
140.249.196.49	24	CW	None	2019-07-01 00:00:00	2020-01-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_6hr failed logon (IP=49,CN) | updated by KF Block was inactive. Reactivated on 20191004 with reason Authentication Failed_6 Hr Failed Logons (IP=49 CN)
140.249.249.181	24	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=181,CN)
140.82.16.81	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
140.82.17.161	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
140.82.39.123	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	DE TO-S-2020-0047 Malicious Email Activity
140.82.39.57	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	DE TO-S-2020-0190 Malware Activity
140.82.39.57	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	DE TO-S-2020-0190 Malware Activity
140.82.39.57	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	DE TO-S-2020-0190 Malware Activity
140.82.40.199	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=199,US)
140.82.52.231	24	ABC	None	2018-04-07 05:00:00	2020-03-04 00:00:00	None	ET POLICY Suspicious inbound to PostgreSQL port 5432 (IP=231 XX) | updated by RWB with reason Hive Case 1527 - FE (IP=189,US)
140.82.54.137	24	ABC	None	2018-04-07 05:00:00	2020-03-18 00:00:00	None	ET POLICY Suspicious inbound to PostgreSQL port 5432 (IP=137 XX) | updated by dbc with reason FR TO-S-2019-0508 Malware Activ
140.82.54.176	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	FR TO-S-2020-0190 Malware Activity
141.126.59.29	32	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=29,US)
141.134.196.93	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=93,BE)
141.134.47.65	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed - 6hr Logon (IP=65,BE)
141.135.239.180	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=180,BE)
141.136.47.0	24	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	LT TO-S-2019-0608 Malware Activity
141.138.168.127	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	NL TO-S-2020-0056 Malicious Email Activity
141.138.168.155	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	NL TO-S-2019-0351 Malicious Email Activity
141.138.182.42	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - SourceFire (IP=42,LB)
141.223.12.41	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason KR TO-S-2020-0212.01 Malicious Web Application Activity
141.223.91.72	24	BMP	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	Illegal user - 6 Logons (IP=72,KR)
141.226.121.190	24	FT	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=190,IL)
141.226.142.161	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=161,US)
141.226.192.0	19	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
141.226.89.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
141.255.145.131	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=131,FR)
141.255.147.45	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=45,FR)
141.255.155.236	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=236,FR)
141.255.181.38	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=38,NL)
141.255.68.91	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=91,GR)
141.8.192.31	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=31,RU)
141.8.225.0	24	GLM	None	2016-10-27 05:00:00	2020-01-24 00:00:00	None	MALWARE-CNC Win.Trojan.InstantAccess variant outbound connection (IP=72,CH) | updated by wmp with reason COLS-NA TIP 18-0336
141.98.10.141	32	FT	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	Unauthorized Access-Probe - TT# 20C03627 (IP=141,LT)
141.98.10.169	32	BMP	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C03635 (IP=169,LT)
141.98.10.33	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=33,EU)
141.98.10.47	32	GM	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	Unauthorized Access-Probe -TT# 20C01635 (IP=47,US)
141.98.100.180	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	GB TO-S-2019-0864 Malicious Email Activity
141.98.214.4	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=4,AT)
141.98.255.151	24	RWB	None	2019-10-24 00:00:00	2020-01-23 00:00:00	None	SQL use of sleep function in HTTP header - likely SQL injection attempt - sourcefire (IP=151,SE) | updated by CW Block expiration extended with reason Generic ArcSight scan attempt (IP=151,SE)
141.98.80.58	32	RR	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	Possible SQLi attempt / HTTP: Blind SQL Injection - Timing - TT# 20C02449 (IP=58,NL)
141.98.80.95	24	RR	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=95,EU)
141.98.81.178	32	GM	None	2019-06-29 00:00:00	2020-02-29 00:00:00	None	Possible SQLi attempt - 19C02434 (IP=178,US) | updated by RB with reason SQL union select - possible sql injection attempt - GET parameter_Sourcefire (IP=178,PA) | 2020-02-29 | 2019-09-29
141.98.81.81	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	NL TO-S-2019-0864 Malware Activity
141.98.83.39	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=39,PA)
141.98.9.20	24	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=20,LT)
141.98.9.222	32	CR	None	2019-12-21 00:00:00	2020-01-21 00:00:00	None	Known Attack Tool User Agent / HTTP: SqlMap SQL Injection - Scanning I (IP=222,US)
142.0.197.4	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
142.11.193.43	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
142.11.195.135	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3604 COLS-NA-TIP-20-0262 (IP=135,US)
142.11.201.26	32	BMP	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=26,US)
142.11.209.161	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	US TO-S-2019-0634 Malicious Email Activity
142.11.210.150	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
142.11.212.46	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.47	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.48	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.49	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.50	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.51	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.52	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.53	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.54	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.55	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.56	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.57	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.58	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.59	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.60	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.61	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.62	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.63	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.64	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.65	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.66	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.212.67	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Command and Control Exploit
142.11.213.254	32	RR	None	2020-03-04 00:00:00	2020-10-13 00:00:00	None	TCP: SYN Host Sweep (IP=254,US) | updated by wmp Block was inactive. Reactivated on 20200713 with reason HIVE Case #3322 CTO-20-193 (IP=254,US)
142.11.219.228	32	wmp	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3493 COLS-NA-TIP-20-0250 (IP=228,US)
142.11.227.204	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3322 CTO-20-193 (IP=204,US)
142.11.236.143	32	RB	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	Unauthorized Access-Probe/TCP: SYN Port Scan - TT# 20C01256 (IP=143,US)
142.11.238.29	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	US TO-S-2019-0634 Malicious Email Activity
142.112.87.158	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logons (IP=158,CA)
142.129.163.112	32	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=112,US)
142.217.113.250	32	KF	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	Known Attack Tool User / BOT: Mirai Echobot Activity Detected - TT# 010420-00024 (IP=250,CA)
142.234.157.114	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
142.234.157.168	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malware Activity
142.234.200.99	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malware Activity
142.252.248.171	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=171,no ISC data)
142.252.248.196	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
142.252.249.179	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=179,no ISC data)
142.252.250.136	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malicious Web Application Activity
142.252.250.165	32	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=165,US)
142.252.250.166	32	ABC	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=166,US)
142.252.250.169	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=169,US)
142.252.250.172	32	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=172,US)
142.252.250.177	32	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt (IP=177,US)
142.252.251.118	32	GM	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	ABC Generic ArcSight scan attempt (IP=118,US)
142.252.251.16	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532.01 Malware Activity
142.252.251.169	32	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=169,US)
142.252.251.170	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=170,US)
142.252.252.0	24	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	CN TO-S-2019-0734.01 Malicious Email Activity
142.4.110.232	32	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=232,US)
142.4.123.60	32	wmp	None	2020-07-02 00:00:00	2020-10-02 00:00:00	None	HIVE Case #3212 CTO-20-182 (IP=60,US)
142.4.126.68	32	KF	None	2019-10-19 00:00:00	2020-01-18 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=68,US) | updated by KF Block expiration extended with reason Command Injection Attempt (IP=68,US)
142.4.2.181	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
142.4.204.122	24	KF	None	2018-08-19 05:00:00	2020-02-16 00:00:00	None	Illegal user (IP=122,CA) | updated by dlb with reason IO TO-S-2018-1080 Malware Activity | updated by RR with reason Invalid user - Failed Logons (IP=122,CA)
142.4.205.238	24	DT	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=238,CA)
142.4.208.13	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	CA TO-S-2019-0634 Malicious Email Activity
142.44.136.2	32	DT	None	2020-04-23 00:00:00	2020-07-22 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02554 (IP=2,US)
142.44.136.52	32	RW	None	2020-05-23 00:00:00	2020-06-23 00:00:00	None	Unauthorized Access-Probe / Unknown - TT# 20C02901 (IP=52,US)
142.44.138.213	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=213,FR)
142.44.139.205	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	CA TO-S-2019-0972 Malware Activity
142.44.151.25	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	CA TO-S-2019-0488 Malicious Email Activity
142.44.160.91	24	MLJ	None	2017-08-08 05:00:00	2020-02-18 00:00:00	None	ET SCAN Potential SSH Scan (IP=91,CA) | updated by RR with reason Failed password for invalid user (IP=49,CA) 2017-11-08 201 | updated by RR with reason Failed password for invalid user - Failed Logons (IP=173,CA)
142.44.162.209	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	CA TO-S-2019-1036 Malicious Email Activity
142.44.174.182	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	CA TO-S-2019-0658 Malware Activity
142.44.184.156	24	RR	None	2018-12-31 06:00:00	2020-03-03 00:00:00	None	Failed password for invalid user (IP=156,CA) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=226,CA)
142.44.196.225	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=225,CA)
142.44.240.12	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password (IP=12,CA)
142.44.240.132	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=132,CA)
142.44.243.161	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=161,FR)
142.54.164.189	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malware Activity
142.54.179.69	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Web Application Activity
142.54.182.170	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Command Injection Attempt (IP=170,US)
142.93.102.38	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity
142.93.102.38	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0212.01 Malicious Web Application Activity
142.93.110.250	32	jkc	None	2020-07-20 00:00:00	2020-10-21 00:00:00	None	hive case # 3387 CTO 20-199 Malicious IP (IP=250,ca)
142.93.113.239	32	GM	None	2020-09-30 00:00:00	2020-12-30 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=239,US)
142.93.115.234	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malware Activity
142.93.120.55	32	RR	None	2020-05-19 00:00:00	2020-08-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=55,US)
142.93.122.177	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
142.93.126.141	24	RW	None	2020-04-11 00:00:00	2020-07-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=141,US)
142.93.128.238	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=238,US)
142.93.132.28	32	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=28,NL)
142.93.132.28	24	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Sourcefire (IP=28,NL)
142.93.133.174	24	GM	None	2020-08-12 00:00:00	2020-11-12 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - Sourcefire (IP=174,NL)
142.93.138.116	32	RW	None	2019-12-23 00:00:00	2020-01-23 00:00:00	None	Immediate Inbound Network Block Known Attack Tool User Agent//BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C01218 (IP=116,US)
142.93.139.55	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	Attempted User Privilege Gain - OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=55,NL)
142.93.143.149	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	NL TO-S-2019-0613 Malware Activity
142.93.147.252	24	CR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=252,CA)
142.93.150.126	32	RW	None	2020-01-24 00:00:00	2020-02-24 00:00:00	None	Muieblackcat Security Scanner - - TT# 20C01532 (IP=126,US)
142.93.151.21	24	RR	None	None	2020-06-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=21,CA)
142.93.153.203	32	BMP	None	2020-11-04 00:00:00	2020-02-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=203,US)
142.93.155.51	24	CR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=51,CA)
142.93.160.19	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=19,DE)
142.93.174.47	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=47,DE)
142.93.176.234	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malicious Email Activity
142.93.178.105	32	RW	None	2020-07-19 00:00:00	2020-10-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=105,US)
142.93.179.244	32	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C01481 (IP=244,US)
142.93.187.70	32	RR	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	Known Attack Tool User Agent/ HTTP: Masscan Scanner Traffic Detected - TT# 20C01997 (IP=70,US)
142.93.195.56	32	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password - 6hr Logon (IP=56,US)
142.93.198.15	32	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user (IP= 15 , US )
142.93.198.152	32	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user (IP= 152 , US )
142.93.200.40	32	BMP	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=40,US)
142.93.203.185	32	GM	None	2020-09-30 00:00:00	2020-12-30 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=185,US)
142.93.209.138	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	IN TO-S-2019-0420 Malicious Email Activity
142.93.212.168	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=168,IN)
142.93.214.20	24	RR	None	2019-01-19 00:00:00	2020-03-02 00:00:00	None	Failed password for invalid user (IP=20,CA) | updated by KF Block was inactive. Reactivated on 20191203 with reason Failed password (IP=20,CA)
142.93.227.194	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	NL TO-S-2019-1036 Malicious Email Activity
142.93.232.173	32	DT	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	Unauthorized Access-Probe - TT# 20C03528 (IP=173,NL)
142.93.235.138	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	Timeout before authentication - Failed Logons (IP=138,NL)
142.93.238.68	24	CR	None	2019-03-18 00:00:00	2020-03-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=68,NL) | updated by GM with reason Invalid user - Failed Logons (IP=162,NL)
142.93.241.93	24	RR	None	2019-01-19 00:00:00	2020-01-26 00:00:00	None	Illegal user (IP=93,CA) | updated by RWB Block was inactive. Reactivated on 20191028 with reason Failed password for invalid user - sourcefire (IP=93,CA)
142.93.245.188	32	BP	None	2019-11-27 00:00:00	2020-03-02 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=188,US) | updated by BP Block expiration extended with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=188,US
142.93.251.1	32	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=1,US)
142.93.251.1	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=1,CA)
142.93.254.232	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	CA TO-S-2019-0488 Malicious Email Activity
142.93.32.147	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=147,GB)
142.93.33.127	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=127,UK)
142.93.48.216	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
142.93.58.177	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malware Activity
142.93.58.2	32	RB	None	2020-07-31 00:00:00	2020-10-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=2,US)
142.93.69.92	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
142.93.74.45	24	RR	None	2019-01-29 00:00:00	2020-03-05 00:00:00	None	Failed password for invalid user (IP=45,CA) | updated by RB with reason Failed password_6 hr Failed Logons (IP=45 US) | 2020-03-05 | 2019-04-29
142.93.8.247	32	BMP	None	2020-09-29 00:00:00	2020-12-28 00:00:00	None	HTTP: rConfig ajaxServerSettingsChk.php Command Injection Vulnerability - 6hr Web Attacks (IP=247,US)
142.93.88.16	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
142.93.92.164	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	US TO-S-2019-0409 Malicious Email Activity
142.93.97.100	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=100,DE)
143.0.124.200	32	KF	None	2020-03-07 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02052 (IP=200,US)
143.0.244.0	22	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AR TO-S-2019-1036 Malicious Email Activity
143.0.52.117	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=117,BR)
143.137.178.221	24	BMP	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01876 (IP=221,BR)
143.137.235.233	24	GM	None	2020-02-27 00:00:00	2020-05-27 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=233,BR)
143.166.135.76	32	RWB	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Attempted User Privilege Gain - FTPP_FTP_RESPONSE_LENGTH_OVERFLOW - sourcefire (IP=76,US)
143.166.147.76	32	alj	None	2018-11-23 06:00:00	2020-06-10 00:00:00	None	FTPP_FTP_RESPONSE_LENGTH_OVERFLOW | updated by CR with reason FTPP_FTP_RESPONSE_LENGTH_OVERFLOW - SourceFire (IP=76,US) | updated by RW Block was inactive. Reactivated on 20200310 with reason FTPP_FTP_RESPONSE_LENGTH_OVERFLOW - Sourcefire (IP=76,US)
143.176.230.43	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Failed password for invalid user - Failed Logons (IP=43,NL)
143.202.116.93	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=93,)
143.202.252.0	22	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	NI TO-S-2019-0734.01 Malicious Email Activity
143.202.58.52	24	BMP	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	Known Attack Tool User Agent/ BOT: Mirai Echobot Activity Detected - TT# 20C01931 (IP=0,BR)
143.204.178.77	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=77,US)
143.215.247.68	32	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Generic ArcSight scan attempt (IP=68,US)
143.225.55.0	24	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	BR TO-S-2019-1002 Malware Activity
143.255.104.67	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user - Failed Logons (IP=67 ,CL)
143.255.124.175	32	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C01911 (IP=175,US)
143.255.140.247	24	KF	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=247,PY)
143.255.198.242	24	BMP	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - 6hr Web Attacks (IP=242,BR)
143.69.217.174	32	dbc	None	2019-10-11 00:00:00	2020-10-11 00:00:00	None	KR TO-S-2020-0027 Burnished Pyrite IOCs Malware Activity
143.69.217.186	32	dbc	None	2019-10-11 00:00:00	2020-10-11 00:00:00	None	KR TO-S-2020-0027 Burnished Pyrite IOCs Malware Activity
143.69.23.46	32	dbc	None	2019-10-11 00:00:00	2020-10-11 00:00:00	None	KR TO-S-2020-0027 Burnished Pyrite IOCs Malware Activity
143.69.31.46	32	dbc	None	2019-10-11 00:00:00	2020-10-11 00:00:00	None	KR TO-S-2020-0027 Burnished Pyrite IOCs Malware Activity
143.81.72.144	32	JKC	None	2020-06-12 00:00:00	2020-09-12 00:00:00	None	substandard VPN ENCRYYPTION IP CTO-20-162 (Ip=144,US)
143.84.70.2	32	RW	None	2020-09-08 00:00:00	2020-12-08 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and CVE-2017-12617) - TT#20C03861 (IP=2,US)
143.92.56.10	24	GM	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=10,KH)
143.92.58.150	24	CR	None	2020-01-06 00:00:00	2020-04-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=150,HK)
143.92.59.73	32	CW	None	2020-01-04 00:00:00	2020-02-04 00:00:00	None	Unauthorized Access Attempt-TT# 20C01344 (IP=73,HK)
143.95.105.250	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
143.95.146.143	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
143.95.149.99	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
143.95.226.82	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	US TO-S-2019-0800 Malicious Email Activity
143.95.232.59	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=59, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
143.95.236.62	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0747 Malicious Email Activity
143.95.238.91	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
143.95.239.96	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=96, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
143.95.251.117	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
143.95.32.194	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malware Activity
143.95.32.96	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
143.95.38.231	32	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	US TO-S-2019-0515 Malicious Web Application Activity
143.95.42.94	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=94, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
143.95.44.94	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
143.95.73.244	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	LK TO-S-2019-0409 Malware Activity
143.95.80.233	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
143.95.82.3	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
144.135.85.184	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=184,AU)
144.139.247.220	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AU TO-S-2019-1036 Malicious Email Activity
144.140.117.164	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	AU TO-S-2020-0088 Malware Activity
144.172.79.28	32	GM	None	2020-08-14 00:00:00	2020-11-14 00:00:00	None	Unauthorized Access-Probe // UDP: Host Sweep - TT # 20C03706 (IP=28,US)
144.178.138.13	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=13,ES)
144.178.139.96	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=,ES)
144.202.15.18	32	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=18,US)
144.202.85.4	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=100,US)
144.202.87.15	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malware Activity
144.208.67.28	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malicious Email Activity
144.208.71.114	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
144.208.73.145	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=145,US)
144.208.78.48	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
144.217.109.218	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
144.217.113.192	24	CW	None	2020-02-01 00:00:00	2020-05-05 00:00:00	None	HTTP: Blind SQL Injection - Timing_Web attacks (IP=92,CA) | updated by KF Block expiration extended with reason HTTP: Blind SQL Injection - Timing (IP=192,CA) | updated by RR Block expiration extended with reason SQL use of sleep function with and -
144.217.128.11	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	CA TO-S-2019-0747 Malicious Email Activity
144.217.164.104	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	FR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason FR TO-S-2020-0212.01 Malicious Web Application Activity
144.217.166.92	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=92,CA)
144.217.169.90	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Invalid user - Failed Logons (IP=90,)
144.217.170.235	24	GM	None	2020-01-08 00:00:00	2020-04-08 00:00:00	None	Illegal user - Failed Logons (IP=235,CA)
144.217.178.150	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	CA TO-S-2019-0409 Malicious Email Activity
144.217.188.81	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user - Failed Logons (IP=81 ,CA)
144.217.189.109	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=109,FR)
144.217.191.145	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	FR TO-S-2019-0604 Malware Activity
144.217.199.129	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
144.217.204.212	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
144.217.207.15	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=15,FR)
144.217.214.100	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=100,CA)
144.217.215.174	24	RR	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	DLINK Command Injection - New Exploit URL (IP=174,CA)
144.217.216.189	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	FR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason FR TO-S-2020-0212.01 Malicious Web Application Activity
144.217.219.31	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	CA TO-S-2019-0747 Malicious Email Activity
144.217.220.146	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	FR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason FR TO-S-2020-0212.01 Malicious Web Application Activity
144.217.235.143	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malware Activity
144.217.243.216	24	RR	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Failed password for invalid user - Failed Logons (IP=216,CA)
144.217.253.21	24	RW	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	- Hive case 1163 (IP=21,CA)
144.217.254.125	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	US TO-S-2019-0613 Malicious Email Activity
144.217.34.147	32	RW	None	2020-02-05 00:00:00	2020-03-05 00:00:00	None	Unauthorized Access-Probe - TT# 20C01612(IP=147,CA)
144.217.34.148	32	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	Unauthorized Access Attempt-TT#
144.217.34.151	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=151,FR)
144.217.38.16	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	CA TO-S-2019-0468 Malicious Email Activity
144.217.42.212	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	Invalid user (IP=212,CA)
144.217.50.242	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Failed password_Failed Logon (IP=42,CA)
144.217.7.33	24	GM	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=33,CA)
144.217.72.94	24	CW	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	HTTP: SQL Injection - Exploit II_Web Attacks (IP=94,CA)
144.217.76.62	32	GM	None	2020-06-10 00:00:00	2020-08-10 00:00:00	None	Unauthorized Access-Probe/ UDP Host Sweep - TT# 20C03124 (IP=62,CA)
144.217.77.21	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=21,FR)
144.217.83.201	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Invalid user - Failed Logons (IP=201,CA)
144.217.84.164	24	KF	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	Failed password for invalid user_6 Hr Failed Logons (IP=164,CA) 183.109.88.165/24
144.217.85.146	24	ABC	None	2018-04-07 05:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=146 FR) | updated by GM with reason Failed password - Failed Logons (IP=239,CA)
144.217.89.196	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	CA TO-S-2019-0890.01 Malicious Email Activity
144.217.89.55	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=55,CA)
144.217.91.86	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=86,CA)
144.34.144.200	32	GM	None	2020-04-28 00:00:00	2020-07-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=200,US)
144.34.201.221	32	RR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=221,US)
144.48.240.0	22	jky	None	2017-08-23 05:00:00	2020-02-25 00:00:00	None	HK TO-S-2017-1427 Potential Intrusion Set | updated by CR with reason Known Attack Tool User Agent - TT# 19C00726 (IP=70,US) | updated by CR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=59,
144.52.187.130	24	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=130,CN)
144.7.122.95	24	KF	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=95,CN)
144.76.106.213	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	DE TO-S-2019-0658 Malware Activity
144.76.115.36	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	DE TO-S-2019-0723 Malicious Email Activity
144.76.152.185	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=185,DE)
144.76.175.181	24	GM	None	2020-07-05 00:00:00	2020-10-05 00:00:00	None	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt - Web Attacks (IP=181,DE)
144.76.202.73	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	DE TO-S-2019-0420 Malicious Email Activity
144.76.28.67	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	DE TO-S-2019-0972 Malicious Email Activity
144.76.56.199	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	DE TO-S-2019-0420 Malicious Email Activity
144.76.65.163	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	DE TO-S-2019-0577 Malicious Email Activity
144.91.104.58	32	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=58,US)
144.91.107.47	24	BMP	None	2020-03-17 00:00:00	2020-06-15 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=47,DE)
144.91.108.220	32	RR	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	UDP: Host Sweep (IP=220,US)
144.91.117.138	32	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=138,US)
144.91.118.152	32	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=152,US)
144.91.68.122	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=122,US)
144.91.69.195	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	DE TO-S-2020-0006 Malicious Email Activity
144.91.69.220	32	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	UDP: Host Sweep - ARCSight Sauron (IP=220,US)
144.91.74.184	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	DE TO-S-2020-0109.01 Malicious Email Activity
144.91.76.173	32	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=173,US)
144.91.78.107	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=107,DE)
144.91.83.116	24	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=116,DE)
144.91.86.145	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=145,US)
144.91.92.2	32	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	UDP: Host Sweep (IP=2,US)
144.91.93.239	32	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=239,US)
144.91.93.59	32	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=59,US)
144.91.94.141	32	GM	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	ABC Generic ArcSight scan attempt (IP=141,US)
144.91.94.148	32	GM	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	ABC Generic ArcSight scan attempt (IP=148,US)
144.91.95.208	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=208,US)
145.131.209.119	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	NL TO-S-2020-0088 Malware Activity
145.131.25.136	24	CW	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	SQL HTTP URI blind injection attempt_web attacks (IP=36,NL)
145.131.32.232	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=232,NL)
145.132.14.171	24	BMP	None	2020-06-01 00:00:00	2020-09-01 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=171,NL)
145.14.131.0	20	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	CY TO-S-2019-0532 Malicious Email Activity
145.14.144.249	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=249,US)
145.14.144.43	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=43,US)
145.14.144.47	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=47,US)
145.14.144.86	32	wmp	None	2020-07-29 00:00:00	2020-10-29 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=86,US)
145.14.145.130	32	wmp	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HIVE Case #3445 COLS-NA-TIP-20-0243 (IP=130,US)
145.14.145.228	32	wmp	None	2020-08-03 00:00:00	2020-11-03 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=228,US)
145.14.145.38	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=38,US)
145.14.145.92	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=92,US)
145.14.157.223	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	NL TO-S-2019-0613 Malware Activity
145.236.132.87	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=87,CN)
145.239.73.103	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=103,GB)
145.239.89.243	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logon (IP=243,GB)
145.249.106.48	24	RB	None	2018-09-15 05:00:00	2020-02-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=48,NL) | updated by dbc with reason NL TO-S-2019-0400 Malware Activity
145.255.8.107	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=107,RU)
145.255.8.107	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=107,RU)
146.0.128.157	24	RR	None	2018-12-31 06:00:00	2020-03-04 00:00:00	None	Illegal user (IP=157,RO) | updated by RR with reason Failed password for invalid user -Failed Logons (IP=31,LU)
146.0.32.0	24	sym	None	2014-05-28 05:00:00	2020-08-06 00:00:00	None	Port Sweep (ip=163,RO) | updated by DJS with reason WannaCry ransomware C2 IOC | updated by jky with reason DE TO-S-2017-111 | updated by dbc with reason ID TO-S-2019-0864 Malware Activity
146.0.35.22	32	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	DE TO-S-2019-0839 Malicious Email Activity
146.0.75.172	24	tpr	None	2014-02-04 06:00:00	2020-01-19 00:00:00	None	ZmEu exploit scanner (ip=172, IN) | updated by MLJ with reason ET SCAN MS Terminal Server Traffic on Non-standard Port (IP=216 | updated by GM with reason ABC Generic ArcSight scan attempt (IP=203,NL)
146.112.61.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	AR TO-S-2019-0626.01 Malware Activity
146.148.31.199	32	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=199,US)
146.148.61.141	32	RR	None	2020-09-19 00:00:00	2020-12-19 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03946 (IP=141,US)
146.185.130.101	24	RR	None	2018-12-15 06:00:00	2020-03-05 00:00:00	None	Failed password for invalid user (IP=101,NL) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=101,NL)
146.185.141.95	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=95,US)
146.185.142.70	32	GM	None	2019-11-12 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent/28744: HTTP: MASSCAN Tool Usage - 20C00908 (IP=70,US) | updated by BMP Block was inactive. Reactivated on 20200305 with reason Known Attack Tool User Agent / HTTP: Masscan Scanner Traffic Detected - TT# 20C02011 (IP=70,NL)
146.185.145.202	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NL TO-S-2019-0626.01 Malware Activity
146.185.149.245	24	CR	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	Illegal user_6 hr failed logon (IP=245,NL)
146.185.160.0	19	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NL TO-S-2020-0006 Malicious Email Activity
146.185.171.227	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NL TO-S-2020-0006 Malicious Email Activity
146.185.200.216	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	EE TO-S-2019-0430 Malware Activity
146.185.214.94	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=94,AU)
146.20.161.77	32	wmp	None	2020-09-14 00:00:00	2020-12-13 00:00:00	None	HIVE Case #3853 COLS-NA-TIP-20-0291 (IP=77,US)
146.20.161.91	32	wmp	None	2020-09-14 00:00:00	2020-12-13 00:00:00	None	HIVE Case #3853 COLS-NA-TIP-20-0291 (IP=91,US)
146.247.144.83	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=83,SW)
146.247.255.4	24	CR	None	2020-03-01 00:00:00	2020-06-01 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C01916 (IP=4,SE)
146.255.103.71	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=71,ES)
146.255.152.251	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=251,BA)
146.255.193.10	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	RU TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason RU TO-S-2020-0212.01 Malicious Web Application Activity
146.60.123.182	24	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Illegal user (IP=182,DE)
146.66.113.56	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	BG TO-S-2019-0400 Malicious Email Activity
146.66.21.43	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Illegal user - 6hr Failed Logon (IP=43,KZ)
146.66.244.246	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=246,HK)
146.71.87.11	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=11,US)
146.83.204.141	32	wmp	None	2020-07-13 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3289 COLS-NA-TIP-20-0211 (IP=141,CL) | updated by wmp Block expiration extended with reason HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=141,CL)
146.88.240.128	32	CR	None	2019-01-07 06:00:00	2020-02-06 00:00:00	None	Unauthorized Access-Probe - TT# 19C00821 (IP=128,US) | updated by CR with reason Unauthorized Access-Probe (IP=128,US) | updated by GM with reason Unauthorized Access-Probe - 19C02341 (IP=128,US) | updated by CW with reason Unauthorized Access Attem
146.88.240.21	32	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	Unauthorized Scanning- ARCSight Sauron (IP=21,US)
146.88.26.140	24	RB	None	2018-12-27 06:00:00	2020-04-04 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=140,IN) | updated by dbc with reason IN TO-S-2019-0571 Malicious Email Activi
146.88.36.154	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	TH TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason TH TO-S-2020-0212.01 Malicious Web Application Activity
146.88.36.236	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	TH TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason TH TO-S-2020-0212.01 Malicious Web Application Activity
146.90.99.0	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=0,GB)
147.102.25.70	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	GR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GR TO-S-2020-0212.01 Malicious Web Application Activity
147.127.120.13	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	FR TO-S-2020-0031 Malicious Email Activity
147.135.116.24	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
147.135.117.173	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malicious Web Application Activity
147.135.120.100	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malicious Web Application Activity
147.135.144.254	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	FR TO-S-2019-0468 Malicious Email Activity
147.135.168.173	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Invalid user - Failed Logons (IP=173,DE)
147.135.208.234	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=234,FR)
147.135.21.158	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity
147.135.21.158	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0212.01 Malicious Web Application Activity
147.135.220.31	24	CR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - Web Attacks (IP=31,FR)
147.135.222.182	32	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT # 20C03649 (IP=182,FR)
147.135.229.28	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	FR TO-S-2019-0604 Malicious Email Activity
147.135.255.107	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=107,FR)
147.135.95.253	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malicious Web Application Activity
147.139.129.213	24	RR	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt (1:54794:2) - SourceFire (IP=213,ID)
147.139.135.52	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=52,ID)
147.139.137.213	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	ID TO-S-2020-0187 Malicious Email Activity
147.139.138.183	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=183,ID)
147.30.13.86	16	jkc	None	2016-07-24 05:00:00	2020-01-27 00:00:00	None	SQL generic sql with comments injection attempt - GET parameter (IP=13,KZ) | updated by RR with reason APP-DETECT failed FTP l | updated by GM with reason ABC Generic ArcSight scan attempt (IP=167,KZ)
147.30.172.85	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=85,KZ)
147.46.40.211	24	RR	None	2020-09-02 00:00:00	2020-12-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=211,KR)
147.50.3.30	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=30,TH)
147.75.100.117	32	RR	None	2020-09-05 00:00:00	2020-12-04 00:00:00	None	Unauthorized Access-Probe - TT# 20C03835 (IP=117,US)
147.75.100.243	32	RW	None	2020-09-10 00:00:00	2020-12-10 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03873 (IP=243,US)
147.75.102.194	24	MLJ	None	2017-02-13 06:00:00	2020-02-06 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=194,CH) | updated by RR with reason Generic ArcSight scan attempt (IP=71,US)
147.78.64.0	22	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	RU TO-S-2020-0031 Malicious Email Activity
147.78.65.0	24	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	RU TO-S-2019-0658 Malware Activity
147.83.156.162	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	ES TO-S-2019-0508 Malware Activity
147.98.9.96	32	dbc	None	2019-02-14 00:00:00	2020-02-15 00:00:00	None	FR TO-S-2019-0400 Malware Activity | updated by dbc with reason FR TO-S-2019-0409 Malware Activity
148.0.162.242	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=242,DO)
148.0.195.206	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=206,DO)
148.101.135.75	24	GM	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	Automated Block Calculations (IP=75,DO) | unblocked: False Positive DrayTek and DD-WRT signature hits
148.101.141.182	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02391 (IP=162,DO)
148.101.141.182	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=182,DO) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=182,DO)
148.101.77.39	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=39,DR)
148.153.0.22	32	dbc	None	2019-02-27 00:00:00	2020-02-27 00:00:00	None	US TO-S-2019-0444 Malicious Reconnaissance Activity
148.153.37.2	32	RW	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=2,US)
148.153.65.30	32	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=30,US)
148.163.100.141	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
148.163.124.8	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
148.163.148.40	32	wmp	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HIVE Case #3479 COLS-NA-TIP-20-0246 (IP=40,US)
148.163.166.108	32	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=108,US)
148.163.166.222	32	CW	None	2019-10-25 00:00:00	2020-01-25 00:00:00	None	Command Injection Attempt (IP=222,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr web attacks (IP=222,US)
148.217.200.15	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	MX TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason MX TO-S-2020-0212.01 Malicious Web Application Activity
148.217.200.15	24	wmp	None	2019-01-07 06:00:00	2020-01-08 00:00:00	None	authentication bypass vulnerability (IP=15,MX) | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=15,MX)
148.235.57.184	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=184,MX)
148.235.82.68	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user - Failed Logons (IP=68,MX)
148.243.142.35	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	MX TO-S-2020-0088 Malware Activity
148.243.206.110	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	MX TO-S-2019-0508 Malware Activity
148.244.220.101	32	DT	None	2020-08-16 00:00:00	2020-11-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03721 (IP=220,MX)
148.245.131.94	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=94,MX)
148.247.74.203	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Failed password - Failed Logons (IP=203,MX)
148.251.12.49	32	wmp	None	2020-08-03 00:00:00	2020-12-09 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=49,DE) | updated by wmp Block expiration extended with reason HIVE Case #3826 COLS-NA-TIP-20-0285 (IP=49,DE)
148.251.122.211	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	DE TO-S-2019-0640.01 Malware Activity
148.251.152.202	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	DE TO-S-2019-0551.02 Malicious Email Activity
148.251.155.71	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=71,DE)
148.251.164.91	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=91,DE)
148.251.202.93	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	CA TO-S-2019-0577 Malicious Email Activity
148.251.203.92	24	RB	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - 6hr failed logon (IP=92,DE)
148.251.245.138	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	DE TO-S-2019-0938 Malicious Email Activity
148.251.82.210	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	DE TO-S-2019-0363.01 Malicious Email Activity
148.255.139.40	32	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C01905 (IP=40,US)
148.255.225.11	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=135,DO)
148.66.135.156	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	SG TO-S-2019-0631 Malicious Email Activity
148.66.136.217	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	SG TO-S-2020-0190 Malicious Email Activity
148.66.137.115	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	SG TO-S-2019-0430 Malicious Email Activity
148.66.137.16	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	SG TO-S-2019-0363.01 Malicious Email Activity
148.66.137.27	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Web Application Activity
148.66.138.107	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=107,SG)
148.66.142.135	24	RR	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Failed password - Failed Logons (IP=135,)
148.66.145.153	24	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=153,SG)
148.66.145.36	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=36,SG)
148.66.145.42	24	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=42,SG)
148.66.146.35	32	RWB	None	2019-12-22 00:00:00	2020-01-21 00:00:00	None	Signature: HTTP: PHP File Inclusion Vulnerability - TT# 20C01201 (IP=35,SG)
148.66.147.11	24	KF	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C01564 (IP=11,SG)
148.66.147.18	24	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=18,SG)
148.66.152.120	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	SG TO-S-2019-0551.02 Malicious Email Activity
148.66.157.162	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=162,SG)
148.66.8.0	24	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	HK TO-S-2019-0831 Malicious Email Activity
148.67.196.247	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=247,JP)
148.70.0.0	16	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	CN TO-S-2019-1036 Malicious Web Application Activity
148.72.102.229	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Immediate Inbound Network Block - TT# 20C00499 (IP=229,US)
148.72.116.194	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
148.72.120.181	32	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	US TO-S-2019-0985 Malicious Email Activity
148.72.150.10	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
148.72.171.87	32	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=87,US)
148.72.172.205	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=205,US)
148.72.193.24	32	RW	None	2020-02-01 00:00:00	2020-05-09 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C01574 (IP=24,US) | updated by RW Block expiration extended with reason SQL generic convert injection attempt - GET parameter - Sourcefire (IP=24,US) | updated by KF Block expiration extended with reason H
148.72.198.230	32	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=230,US)
148.72.201.121	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
148.72.208.213	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
148.72.208.74	32	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user - Failed Logon (IP=74,US)
148.72.209.37	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
148.72.216.247	32	GM	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	ABC Generic ArcSight scan attempt (IP=247,US)
148.72.216.28	24	RR	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=28,US)
148.72.218.175	32	RW	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SQL Injection (IP=175,US)
148.72.232.102	32	KF	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C01565 (IP=102,US)
148.72.232.116	32	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=116,US)
148.72.232.130	32	RW	None	2020-05-15 00:00:00	2020-08-13 00:00:00	None	SQL Injection - ABC report (IP=130,US)
148.72.232.134	32	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=134,US)
148.72.232.137	32	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=137,US)
148.72.232.150	32	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=150,US)
148.72.232.155	32	RW	None	2020-02-01 00:00:00	2020-08-25 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=155,US) | updated by BMP Block was inactive. Reactivated on 20200527 with reason HTTP: SQL Injection - Exploit II - Web Attacks (IP=155,US)
148.72.232.159	32	BMP	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=159,US)
148.72.232.160	32	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=160,US)
148.72.232.164	32	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=164,US)
148.72.232.26	24	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=26,FL)
148.72.232.54	32	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=54,US)
148.72.232.93	32	BMP	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=93,US)
148.72.27.117	32	KF	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=117,US)
148.72.48.217	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
148.72.49.8	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Immediate Inbound Network Block - TT# 20C00508 (IP=8,US)
148.72.71.29	24	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=29,NG)
148.72.72.178	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
148.72.81.35	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Immediate Inbound Network Block - TT# 20C00505 (IP=35,US)
149.12.217.226	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=226,ES)
149.129.175.17	24	RB	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=17,SG)
149.129.192.0	18	dcg	None	2018-07-06 05:00:00	2020-02-12 00:00:00	None	ID TO-S-2018-0903 associated with Malware and Malicious Web Application Activity | updated by GM with reason Failed Password - Failed Logons (IP=152,ID)
149.129.92.0	18	dbc	None	2018-07-03 05:00:00	2020-07-29 00:00:00	None	ID TO-S-2018-0903 Malware and Malicious Web Application Activity | updated by dbc with reason HK TO-S-2019-0852 Malicious Email Activity
149.135.121.242	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=242,AU)
149.154.64.219	24	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=219,RU)
149.172.55.24	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malicious Web Application Activity
149.200.132.93	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_6 hr web attacks (IP=93,JO)
149.200.151.218	32	RB	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C01826 (IP=218,JO)
149.200.252.68	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
149.202.102.36	24	ET	None	2018-03-19 05:00:00	2020-02-20 00:00:00	None	SCAN Potential SSH Scan (IP=36 FR) 24 90 | updated by dbc with reason FR TO-S-2019-0420 Malicious Email Activity
149.202.153.252	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	FR TO-S-2019-1036 Malicious Email Activity
149.202.195.77	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	FR TO-S-2019-0640.01 Malware Activity
149.202.199.93	24	GLM	None	2017-06-01 05:00:00	2020-02-15 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=93,FR) | updated by RR with reason HTTP: Blind SQL Injection - Timing (IP=23
149.202.206.152	24	wmp	None	2018-07-02 05:00:00	2020-03-03 00:00:00	None	Possible SQL injection attempt (IP=152,FR) | updated by RR with reason Failed password - Failed Logons (IP=206,FR)
149.202.208.29	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=29,FR)
149.202.212.114	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	DE TO-S-2019-0640.01 Malware Activity
149.202.214.40	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=40,FR)
149.202.237.85	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	FR TO-S-2019-0551.02 Malicious Email Activity
149.202.251.78	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP ACTi ASOC command injection attempt - Web Attacks (IP=78,FR)
149.202.50.236	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt (IP=236,FR)
149.202.64.88	32	RW	None	2020-06-18 00:00:00	2020-07-18 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03216 (IP=88,FR)
149.202.65.173	24	GLM	None	2019-01-18 00:00:00	2020-03-08 00:00:00	None	Illegal user (IP=173,FR) | updated by BP Block was inactive. Reactivated on 20191209 with reason Failed password for invalid user (IP=173,FR)
149.202.66.213	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=213,FR)
149.202.83.171	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=171,FR)
149.210.143.182	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=182,NL)
149.210.160.245	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	NL TO-S-2019-0571 Malicious Email Activity
149.210.170.3	24	EDBT	None	2017-12-06 06:00:00	2020-08-06 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=3 NL) | updated by dbc with reason NL TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason NL TO-S-2019-0864 Malware Activity
149.210.195.33	24	GLM	None	2017-10-13 05:00:00	2020-03-16 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=33,NL) | updated by KF with reason HTTP: Blind SQL Injection - Timing (IP=66,NL)
149.210.228.126	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malicious Web Application Activity
149.210.242.175	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	NL TO-S-2020-0190 Malicious Email Activity
149.233.225.221	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=221,DE)
149.248.11.205	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
149.248.39.49	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=49,US)
149.248.55.186	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	CA TO-S-2019-0577 Malicious Email Activity
149.248.56.168	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	CA TO-S-2020-0056 Malicious Web Application Activity
149.248.57.231	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
149.255.36.164	24	ABC	None	2017-12-02 06:00:00	2020-09-02 00:00:00	None	ET SCAN Potential VNC Scan 5900-5920 (IP=164,GB) | updated by dbc with reason US TO-S-2019-0952 Malicious Email Activity
149.255.58.108	24	RR	None	2018-06-16 05:00:00	2020-02-04 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=108,GB) | updated by kmw with reason GB TO-S-2019-0382 Malicious Email Activi
149.255.58.8	24	KF	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=8,GB)
149.255.59.16	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr web attacks (IP=16,UK)
149.255.60.149	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	GB TO-S-2019-0551.02 Malicious Email Activity
149.255.60.159	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	GB TO-S-2019-0604 Malicious Email Activity
149.255.62.105	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=105,GB)
149.255.62.48	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	GB TO-S-2019-0577 Malicious Email Activity
149.255.62.61	24	BMP	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=61,GB)
149.255.62.63	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	GB TO-S-2019-0468 Malware Activity
149.28.128.132	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	SG TO-S-2019-0816 Malicious Email Activity
149.28.133.31	24	ABC	None	2018-05-12 05:00:00	2020-05-06 00:00:00	None	ET POLICY Suspicious inbound to PostgreSQL port 5432 (IP=31 XX) | updated by dbc with reason SG TO-S-2019-0640.01 Malware Activity
149.28.155.88	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=88,SG)
149.28.165.249	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	AU TO-S-2020-0056 Malware Activity
149.28.177.159	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	AU TO-S-2019-0608 Malware Activity
149.28.180.182	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	AU TO-S-2019-0800 Malicious Email Activity
149.28.182.78	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	AU TO-S-2019-0747 Malware Activity
149.28.186.35	32	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=35,US)
149.28.255.233	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
149.28.51.55	32	RR	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - SourceFire (IP=55,US)
149.28.56.84	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
149.28.77.26	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
149.54.0.0	17	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	AF TO-S-2020-0006 Malware Activity
149.56.107.144	24	KF	None	2020-07-01 00:00:00	2020-09-29 00:00:00	None	Unauthorized Access-Probe - TT# 20C03353 (IP=144,CA)
149.56.109.28	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	CA TO-S-2019-0769 Malicious Email Activity
149.56.131.73	24	GM	None	2019-11-13 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logons (IP=73,CA)
149.56.132.202	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=202,CA)
149.56.141.69	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	CA TO-S-2019-0723 Malicious Email Activity
149.56.15.98	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=98,CA)
149.56.157.199	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	CA TO-S-2019-0571 Malicious Email Activity
149.56.177.248	24	KF	None	2019-11-23 00:00:00	2020-02-21 00:00:00	None	Failed password (IP=248,CA)
149.56.18.17	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	CA TO-S-2019-0532 Malware Activity
149.56.18.179	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	CA TO-S-2019-0577 Malicious Email Activity
149.56.204.143	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	CA TO-S-2019-0351 Malicious Email Activity
149.56.22.192	24	YM	None	2018-06-07 05:00:00	2020-04-04 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=192,CA) | updated by dbc with reason CA TO-S-2019-0571 Malicious Email Activity
149.56.229.120	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=120,CA)
149.56.23.154	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Invalid user -Failed Logons (IP=154,CA)
149.56.240.219	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=219,FR)
149.56.44.101	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logons (IP=101,CA)
149.56.45.87	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=87,CA)
149.56.71.52	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=52,FR)
149.56.84.195	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	CA TO-S-2019-0864 Malware Activity
149.56.89.123	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password for invalid user - Failed Logons (IP=123,CA)
149.56.97.251	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password - Failed Logons (IP=251,CA)
149.62.173.235	24	MLJ	None	2016-11-11 06:00:00	2020-02-20 00:00:00	None	Failed keyboard-interactive (IP=235,ES) | updated by dcg with reason ES TO-S-2018-1177 associated with malware activity | u
149.72.131.17	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=17,US)
149.72.144.141	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=141,US)
149.72.173.128	32	wmp	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3493 COLS-NA-TIP-20-0250 (IP=128,US)
149.72.194.253	32	wmp	None	2020-04-22 00:00:00	2020-07-22 00:00:00	None	HIVE Case #2614 COLS-NA-TIP-20-0121 (IP=253,US)
149.72.245.76	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=76,US)
149.72.39.137	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=137,US)
149.72.40.9	32	wmp	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3506 COLS-NA-TIP-20-0252 (IP=9,US)
149.72.45.84	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3560 COLS-NA-TIP-20-0259 (IP=84,US)
149.72.45.85	32	wmp	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HIVE Case #3479 COLS-NA-TIP-20-0246 (IP=85,US)
149.72.51.229	32	wmp	None	2020-09-11 00:00:00	2020-12-10 00:00:00	None	HIVE Case #3845 COLS-NA-TIP-20-0289 (IP=229,US)
149.72.67.200	32	wmp	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3493 COLS-NA-TIP-20-0250 (IP=200,US)
149.72.67.86	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3361 COLS-NA-TIP-20-0227 (IP=86,US)
149.72.76.77	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=77,US)
149.72.86.178	32	wmp	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	HIVE Case #3343 COLS-NA-TIP-20-0220 (IP=178,US)
149.72.90.169	32	wmp	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	HIVE Case #3755 COLS-NA-TIP-20-0278 (IP=169,US)
149.90.210.193	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=193,PT) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=193,PT)
15.206.100.146	24	BMP	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=146,IN)
15.222.255.61	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=61,CA)
15.236.2.25	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - Failed Logons (IP=25,FR)
15.236.43.174	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457 :1) - Sourcefire (IP=174,FR)
150.107.103.193	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=193,IN)
150.107.106.118	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=118,NP)
150.107.188.48	24	RW	None	2020-04-19 00:00:00	2020-07-19 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=146,IN)
150.107.221.196	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	Command Injection Attempt (IP=196,TH)
150.107.31.63	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	TH TO-S-2019-0640.01 Malicious Email Activity
150.107.8.44	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=44,IN)
150.109.0.0	16	dcg	None	2018-06-05 05:00:00	2020-04-21 00:00:00	None	CN TO-S-2018-0811 associated with malicious web application and malware activity | updated by KF with reason Immediate Inbound Network Block - TT# 19C02845 (IP=8,US) | updated by KF with reason Immediate Inbound Network Block - TT# 19C03036 (IP=14,U
150.109.108.19	24	RWB	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	Attempted User Privilege Gain - SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=19,SG)
150.109.113.12	32	BMP	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=12,US)
150.109.113.12	24	RW	None	2020-09-26 00:00:00	2020-12-26 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability
150.109.118.194	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=94,HK)
150.109.148.118	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=118,US)
150.109.148.118	24	RR	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (1:46316:4) - SourceFire (IP=118,SG)
150.109.164.133	24	BMP	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=133,SG)
150.109.164.15	24	RB	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=15,TH) | not blocked because No valid destinations in IDS Report (not routed on CorpsNet), SOC blocked destination subnet on IGFW
150.109.180.100	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Attempted Information Leak - INDICATOR-SCAN DNS version.bind string information disclosure attempt - sourcefire (IP=100,SG)
150.109.181.254	24	RWB	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Attempted Information Leak - INDICATOR-SCAN DNS version.bind string information disclosure attempt - sourcefire (IP=254,SG)
150.109.182.197	24	RR	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=197,SG)
150.109.193.247	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) (IP=247,JP)
150.109.235.105	24	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Information Leak - INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=105,KR)
150.109.237.188	24	RWB	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Attempted Information Leak - INDICATOR-SCAN DNS version.bind string information disclosure attempt - sourcefire (IP=188,KR)
150.109.239.89	24	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Information Leak - INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=89,KR)
150.109.34.175	24	RR	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=175,SG)
150.109.43.226	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=226,HK)
150.109.58.14	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=14,HK)
150.109.78.53	32	RW	None	2020-05-04 00:00:00	2020-06-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02613 (IP=53,SG)
150.109.99.100	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=100,HK)
150.109.99.129	32	GM	None	2020-05-06 00:00:00	2020-08-06 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C02625 (IP=129,SG)
150.116.165.71	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=71,TW)
150.129.151.0	24	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	IN TO-S-2020-0012 Malware Activity
150.129.216.0	22	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	CN TO-S-2019-1036 Malicious Web Application Activity
150.129.8.16	24	CR	None	2020-07-14 00:00:00	2020-10-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=16,NL)
150.129.82.152	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=152,HK)
150.136.178.222	32	GM	None	2020-07-24 00:00:00	2020-10-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=222,US)
150.136.187.36	32	GM	None	2020-03-08 00:00:00	2020-06-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=36,US)
150.136.220.44	32	KF	None	2020-02-02 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (IP=44,US) | updated by KF Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (IP=44,US)
150.136.59.107	32	BMP	None	2020-03-26 00:00:00	2020-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=107,US)
150.138.145.4	24	DT	None	2020-09-11 00:00:00	2020-12-11 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=4,CN)
150.158.106.145	24	KF	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	TCP: SYN Host Sweep (IP=145,CN)
150.158.110.142	24	RR	None	2020-07-19 00:00:00	2020-10-17 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=142,CN)
150.161.8.120	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=120,BR)
150.163.141.22	24	BMP	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	FTPP_FTP_RESPONSE_LENGTH_OVERFLOW - SourceFire (IP=22,BR)
150.164.90.49	32	wmp	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	HIVE Case #3555 COLS-NA-TIP-20-0254 (IP=49,BR)
150.165.67.34	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password (IP=34,BR)
150.223.0.22	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Failed password - Failed Logons (IP=22,CN)
150.223.17.130	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=130,CN)
150.223.21.177	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logon (IP=177,CN)
150.223.23.56	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user - Failed Logons (IP=56,CN)
150.223.3.71	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=71,CN)
150.223.31.248	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password - Failed Logons (IP=248,CN)
150.223.5.3	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logon (IP=3,CN)
150.242.182.74	24	RB	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attack (IP=74,MY)
150.242.185.17	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=17,CN)
150.242.27.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
150.249.114.20	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password_6 Hr Failed Logons (IP=20,JP)
150.255.12.24	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=24,CN)
150.255.166.62	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shellarbitrary command execution attempt (IP=62,CN)
150.95.110.236	24	RR	None	2019-05-18 00:00:00	2020-01-29 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=236,VN) | updated by GM with reason Failed password - Failed Logons (IP=90,VN)
150.95.111.82	24	RR	None	2019-01-04 06:00:00	2020-01-26 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=82,JP) | updated by KF with reason Failed Password_6 Hr Failed Logons (IP=223,JP)
150.95.137.163	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	JP TO-S-2019-0351 Malicious Web Application Activity
150.95.183.80	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason JP TO-S-2020-0212.01 Malicious Web Application Activity
150.95.199.179	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=179,JP)
150.95.212.72	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=72,JP)
150.95.30.251	24	KF	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=251,TH)
150.95.54.153	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=153,JP)
150.95.55.43	32	wmp	None	2020-07-10 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3269 COLS-NA-TIP-20-0206 (IP=43,JP) | updated by wmp Block expiration extended with reason HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=43,JP)
150.95.78.176	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	SG TO-S-2019-0420 Malicious Email Activity
150.95.8.228	24	BMP	None	2020-01-31 00:00:00	2020-05-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6hr Web Attacks (IP=228,JP) | updated by RB Block expiration extended with reason SQL use of sleep function with and - likely SQL injection_Sourcefire (IP=228,JP)
151.1.48.1	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=1,IT)
151.1.48.1	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=1,IT)
151.1.96.170	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	IT TO-S-2019-0640.01 Malicious Email Activity
151.101.130.49	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
151.101.196.133	32	dbc	None	2019-12-25 00:00:00	2020-12-25 00:00:00	None	US TO-S-2020-0212 Malicious Email Activity
151.101.206.2	32	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	US TO-S-2019-0593 Malware Activity
151.101.41.194	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	US TO-S-2019-0926 Malicious Email Activity
151.101.74.109	32	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	US TO-S-2020-0077 Malicious Web Application
151.106.0.111	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	FR TO-S-2019-0938 Malware Activity
151.106.8.43	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	FR TO-S-2020-0206 Malicious Web Application Activity
151.106.8.43	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	FR TO-S-2020-0212.01 Malicious Web Application Activity
151.139.128.14	32	GM	None	2020-08-14 00:00:00	2020-11-14 00:00:00	None	Self-Report // Multiple USARC hosts generating alerts associated w/Emotet - TT # 20C03707 (IP=14,US)
151.15.179.162	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=162,IT)
151.15.83.95	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=95,IT)
151.16.105.171	32	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02364 (IP=171,NL)
151.177.152.9	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=9,SE)
151.177.164.235	32	KF	None	2020-03-08 00:00:00	2020-06-06 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02064 (IP=235,US)
151.177.23.186	32	KF	None	2020-03-07 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02053 (IP=186,US)
151.177.23.190	24	KF	None	2020-03-09 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02084 (IP=190,SE)
151.177.99.22	32	RB	None	2020-03-10 00:00:00	2020-04-09 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02103 (IP=22,SE)
151.20.154.233	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=233,IT)
151.21.61.14	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=14,IT)
151.224.170.233	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=233,GB)
151.226.111.206	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=206,GB)
151.227.34.150	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=150,GB)
151.231.84.80	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=80,GB)
151.236.60.17	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=17,GB)
151.236.61.187	32	RB	None	2020-02-12 00:00:00	2020-03-12 00:00:00	None	Generic Scanning - TT# 20C01716 (IP=187,GB)
151.24.125.141	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=141,IT)
151.25.79.190	24	BMP	None	2020-03-17 00:00:00	2020-06-15 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=190,IT)
151.250.222.198	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=198,TR)
151.250.234.123	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=123,TR)
151.26.235.210	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=210,IT)
151.27.109.215	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=215,IT)
151.27.89.109	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=109,IT)
151.28.250.141	24	GM	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=141,IT)
151.29.160.186	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=186,IT)
151.29.180.8	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed_6 hr Failed Logons_CPC (IP=8 IT) | not blocked because covered under a DUPLICATE SUBNET
151.29.227.184	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=184,IT)
151.29.253.125	32	RW	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01866 (IP=125,IT)
151.30.4.159	32	RW	None	2020-03-10 00:00:00	2020-04-10 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02111 (IP=159,IT)
151.31.66.44	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	FR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason FR TO-S-2020-0212.01 Malicious Web Application Activity
151.32.225.186	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - 6hr Logons (IP=186,IT)
151.45.250.98	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=98,IT)
151.50.232.248	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=248,IT)
151.52.255.132	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=132,IT)
151.53.192.89	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
151.53.196.81	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=81,IT)
151.53.201.166	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=66,IT)
151.53.209.220	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=220,IT)
151.62.71.98	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - Failed Logons (IP=98,IT)
151.63.31.162	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=162,IT)
151.63.46.213	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=213,IT)
151.64.124.126	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=126,IT)
151.65.193.38	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=38,IT)
151.66.177.211	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=211,IT)
151.70.111.135	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=135,IT)
151.70.118.60	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
151.70.152.162	24	BMP	None	2020-03-26 00:00:00	2020-06-24 00:00:00	None	Known Attack Tool User Agent/ BOT: Mirai Echobot Activity Detected - TT# 20C02230 (IP=162,IT)
151.70.196.5	24	RB	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=5 IT) | updated by RW Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=5,IT)
151.70.201.70	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=70,IT)
151.70.214.54	24	KF	None	2020-03-16 00:00:00	2020-06-14 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02149 (IP=54,IT)
151.70.226.206	24	RW	None	2020-01-16 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=206,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=206,IT)
151.70.228.222	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=222,IT)
151.70.234.62	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=62,IT)
151.70.237.88	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=88,IT)
151.73.1.59	24	GM	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=59,IT)
151.73.10.127	24	BMP	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=127,IT)
151.73.101.228	24	KF	None	2020-02-02 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=228,IT) | updated by RR Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=228,IT)
151.73.137.130	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=130,IT)
151.73.157.57	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=57,IT)
151.73.19.46	24	BMP	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=46,IT)
151.73.196.121	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=121,IT)
151.73.205.196	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=96,IT)
151.73.213.238	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=238,IT)
151.73.215.85	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=85,IT)
151.73.231.67	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=67,)
151.73.240.108	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=108,IT)
151.73.247.141	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=141,IT)
151.73.29.137	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=137,IT)
151.73.67.227	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=227 IT)
151.74.82.75	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=75,IT)
151.75.109.67	24	BMP	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=67,IT)
151.75.115.83	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=83,IT)
151.75.142.67	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=67,IT)
151.75.143.36	24	BMP	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=36,IT)
151.75.146.8	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=8,IT)
151.75.200.35	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=35,IT)
151.75.204.170	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=170,IT)
151.76.127.201	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt_12 hr web attacks (IP=201,IT)
151.76.178.71	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=71,IT)
151.76.182.199	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=99,IT)
151.76.187.235	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=235,IT)
151.77.200.14	24	RR	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=14,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=14,IT)
151.77.74.125	24	KF	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=125,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=125,IT)
151.80.105.3	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	FR TO-S-2019-0640.01 Malware Activity
151.80.110.105	32	RW	None	2020-04-27 00:00:00	2020-05-27 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02564 (IP=105,FR)
151.80.111.172	32	RW	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	Unauthorized Access-Probe - TT# 20C03764 (IP=172,FR)
151.80.129.116	24	RW	None	2019-12-12 00:00:00	2020-03-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=116,FR)
151.80.140.145	24	GM	None	2018-04-14 05:00:00	2020-02-06 00:00:00	None	ET SCAN Potential SSH Scan (IP=145,IT) | updated by GLM with reason Failed password (IP=166,FR) | updated by RR with reason Failed password - Failed Logons (IP=166,FR)
151.80.142.33	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	FR TO-S-2019-1036 Malicious Email Activity
151.80.16.162	24	GM	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=162,IT)
151.80.173.36	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP= 36 , CZ )
151.80.181.185	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	FR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason FR TO-S-2020-0212.01 Malicious Web Application Activity
151.80.181.186	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	FR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason FR TO-S-2020-0212.01 Malicious Web Application Activity
151.80.195.71	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	FR TO-S-2019-1002 Malicious Email Activity
151.80.203.180	32	GM	None	2019-02-15 00:00:00	2020-09-02 00:00:00	None	HTTP: Cross Site Scripting (String.fromCharCode) 19C01099 (IP=180,US) | updated by GM with reason HTTP: Cross Site Scripting (String.fromCharCode) - 19C02405 (IP=180,US) | updated by dbc with reason FR TO-S-2019-0952 Malware Activity
151.80.237.96	24	RW	None	2020-07-18 00:00:00	2020-10-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=96,FR)
151.80.36.188	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Generic ArcSight scan attempt (IP=188,FR)
151.80.37.18	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=18,FR)
151.80.41.124	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=124,FR)
151.80.45.126	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password - 6hr Logon - 6hr Logon (IP=126,FR)
151.80.46.33	24	YM	None	2018-05-28 05:00:00	2020-03-08 00:00:00	None	ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack (IP=33,IT) | updated by GM with reason Failed password - Failed Logons (IP=40,FR)
151.80.60.151	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=151,FR)
151.80.61.103	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=103,FR)
151.80.96.140	32	dlb	None	2016-03-20 05:00:00	2020-02-15 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt (IP=140, IT) | updated by jkc with reason POLICY-OTHER Adobe Cold
151.80.98.17	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=17,FR)
151.84.64.165	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Illegal user - 6hr Logons (IP=165,IT)
151.99.146.218	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2/BOT: Mirai Echobot Activity Detected - TT# 20C02405 (IP=218,IT)
151.99.146.218	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=218,IT)
152.0.15.156	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=156,DO)
152.0.155.215	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=215,DO)
152.0.99.4	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	Authentication Failed - Failed Logons (IP=4,DO)
152.136.108.220	24	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	TCP: SYN Host Sweep (IP=220,CN)
152.136.110.211	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=211,CN)
152.136.119.174	32	BMP	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=174,US)
152.136.121.186	24	DT	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=186,CN)
152.136.125.146	24	CR	None	2019-12-24 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=146, CN) | updated by CR Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=
152.136.127.120	32	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=120,US)
152.136.129.102	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=102,CN)
152.136.137.67	24	BMP	None	2020-08-03 00:00:00	2020-11-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=67,CN)
152.136.142.12	24	RW	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=12,CN)
152.136.154.169	32	KF	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=169,US)
152.136.154.169	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Command Injection Attempt (IP=169,CN)
152.136.161.105	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=105,CN)
152.136.168.38	24	RR	None	2019-12-07 00:00:00	2020-03-06 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SoureFire (IP=38,CN)
152.136.17.56	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=56 CN)
152.136.171.168	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=168,CN)
152.136.20.75	32	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=75,US)
152.136.206.158	24	GM	None	2020-07-29 00:00:00	2020-10-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=158,CN)
152.136.220.61	24	RR	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=61,CN)
152.136.221.179	24	RW	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	TCP: SYN Host Sweep (IP=179,CN)
152.136.228.140	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C02687 (IP=140,CN)
152.136.41.189	32	BMP	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=189,US)
152.136.43.147	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=147,CN)
152.136.61.152	24	GM	None	2019-11-18 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=152,CN)
152.136.62.232	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=232,CN)
152.136.69.250	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=250,CN)
152.136.95.118	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password_6 hr Failed Logons (IP=118,CN)
152.136.96.93	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=93,CN)
152.136.98.101	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=101 CN)
152.160.50.3	32	RW	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr web attacks (IP=3,US)
152.168.0.0	14	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AR TO-S-2019-1036 Malicious Email Activity
152.172.192.75	32	BMP	None	2020-03-17 00:00:00	2020-06-16 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02169 (IP=75,CL)
152.172.192.75	24	BMP	None	2020-03-17 00:00:00	2020-06-15 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=75,CL)
152.231.114.18	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=18,CL)
152.241.100.47	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Authentication Failed - Failed Logons (IP=47,BR)
152.241.131.7	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	Authentication Failed - Failed Logon (IP=7,BR)
152.241.157.147	24	KF	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Authentication Failed - Failed Logins (IP=147,BR)
152.241.25.76	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - Failed Logons (IP=76,BR)
152.241.59.163	24	MLJ	None	2017-07-07 05:00:00	2020-02-20 00:00:00	None	ET SCAN Potential SSH Scan (IP=163,BR) | updated by RR with reason Authentication Failed - Failed Logons (IP=231,BR)
152.241.66.237	24	CR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6 hr Failed (IP=237,BR)
152.241.8.201	24	KF	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	Authentication Failed (IP=201,BR)
152.242.121.158	24	MLJ	None	2018-05-09 05:00:00	2020-01-04 00:00:00	None	ET SCAN Potential SSH Scan | updated by RB with reason Authentication Failed (IP=125 BR) | 2020-01-04 | 2018-08-09
152.242.15.137	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	Authentication Failed - 6hr Logons (IP=137,BR)
152.242.16.210	24	MLJ	None	2018-04-02 05:00:00	2020-01-04 00:00:00	None	ET SCAN Potential SSH Scan (IP=210,BR) | updated by RB with reason Authentication Failed (IP=152 BR) | 2020-01-04 | 2018-07-02
152.242.38.179	24	EDBT	None	2018-03-04 06:00:00	2020-01-29 00:00:00	None	ET SCAN Potential SSH Scan (IP=179 BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=167 BR) | 2020-01-29 | 2018-06-02
152.242.41.105	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=105,BR)
152.242.54.167	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Authentication Failed - Failed Logons (IP=167,BR)
152.242.69.13	24	CW	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	Authentication Failed_Failed Logon (IP=13,BR)
152.242.82.196	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=196,BR)
152.242.91.111	24	RWB	None	2019-10-24 00:00:00	2020-01-23 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - sourcefire (IP=111,BR) | updated by CW Block expiration extended with reason Authentication Failed_Failed Logon (IP=11,BR)
152.243.113.102	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	Authentication Failed (IP=102 BR)
152.245.150.183	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=183,BR)
152.245.155.92	24	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	Illegal user - Failed Logons (IP=92,BR)
152.245.185.17	24	MLJ	None	2017-08-31 05:00:00	2020-01-28 00:00:00	None	ET SCAN Potential SSH Scan (IP=17,BR) | updated by RW with reason - 6hr Failed Logon (IP=181,BR)
152.245.195.242	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Authentication Failed (IP=242,BR)
152.245.237.87	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=87,BR)
152.246.14.109	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=109,BR)
152.246.16.192	24	RR	None	2017-07-08 05:00:00	2020-02-06 00:00:00	None	ET SCAN Potential SSH Scan (IP=192,BR) | updated by RB with reason INDICATOR-SCAN SSH brute force login attempt_Sourcefire (IP=251 BR) | 2020-02-06 | 2017-10-06
152.246.17.78	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	Authentication Failed_Failed Logon
152.246.211.54	24	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	Authentication Failed - 6hr Logons (IP=54, BR)
152.246.54.231	24	YM	None	2018-04-26 05:00:00	2020-03-05 00:00:00	None	ET SCAN Potential SSH Scan (IP=231,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=246 BR) | 2020-03-05 | 2018-07-25
152.246.61.120	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=120,BR)
152.246.68.200	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	Authentication Failed_Failed Logon (IP=0,BR)
152.247.106.138	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	Authentication Failed_Failed Logon (IP=38,BR)
152.247.86.159	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=159,BR)
152.252.122.234	24	YM	None	2017-10-08 05:00:00	2020-02-17 00:00:00	None	ET SCAN Potential SSH Scan (IP=234,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=32,BR) | 2020-02-17 | 2018-01-06
152.252.19.216	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - Failed Logons (IP=216,BR)
152.252.2.134	24	BMP	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Authentication Failed - 6hr Logon (IP=134,BR)
152.253.125.14	24	CR	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	Authentication Failed_6 hr failed logon (IP=14,BR)
152.253.132.74	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Authentication Failed - Failed Logon (IP=74,BR)
152.253.173.217	24	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=217,BR)
152.253.178.9	24	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=9,BR)
152.253.217.240	24	RR	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Authentication Failed - Failed Logons (IP=240,BR)
152.253.9.30	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=30,BR)
152.253.94.14	24	KF	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	Authentication Failed (IP=14,BR)
152.32.130.93	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Failed password - Failed Logons (IP=93,HK)
152.32.213.22	24	RR	None	2020-07-27 00:00:00	2020-10-25 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=22,HK)
152.32.254.193	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=193,HK)
152.32.72.122	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	Invalid user - Failed Logons (IP=122,PH)
152.32.76.186	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	Illegal User - Failed Logons (IP=186,PH)
152.44.40.219	32	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=219,US)
152.89.161.0	24	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	RO TO-S-2019-0952 Malicious Web Application Activity
153.0.171.22	24	GM	None	2019-11-12 00:00:00	2020-02-12 00:00:00	None	Invalid user - Failed Logons (IP=22,CN)
153.121.33.40	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	JP TO-S-2019-0577 Malware Activity
153.122.16.38	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	JP TO-S-2019-0640.01 Malware Activity
153.122.30.123	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=123,JP)
153.122.40.40	24	GLM	None	2018-07-12 05:00:00	2020-03-08 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (IP=40,BR) | updated by RR with reason Invalid user - Failed Logons (IP=6,JP)
153.126.183.188	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=188,JP)
153.127.214.206	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	JP TO-S-2019-0640.01 Malicious Email Activity
153.130.239.44	24	RR	None	2020-04-08 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=44,JP) | not blocked:This is a signature for home routers.
153.148.77.235	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	JP TO-S-2019-0430 Malicious Web Application Activity
153.149.12.217	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	JP TO-S-2019-0734.01 Malicious Email Activity
153.149.162.217	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	JP TO-S-2019-0734.01 Malicious Email Activity
153.155.122.87	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	JP TO-S-2019-0852 Malicious Email Activity
153.164.245.58	24	GM	None	2020-04-15 00:00:00	2020-07-15 00:00:00	None	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt - Web Attacks (IP=58,JP)
153.193.247.188	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web attacks (IP=88,JP)
153.224.76.13	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason JP TO-S-2020-0212.01 Malicious Web Application Activity
153.226.212.66	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity
153.226.212.66	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0212.01 Malicious Web Application Activity
153.226.221.120	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason JP TO-S-2020-0212.01 Malicious Web Application Activity
153.227.161.241	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason JP TO-S-2020-0212.01 Malicious Web Application Activity
153.227.177.82	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity
153.227.177.82	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0212.01 Malicious Web Application Activity
153.227.184.58	24	CR	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt - 6 hr Web Attacks (IP=58,JP)
153.227.184.9	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason JP TO-S-2020-0212.01 Malicious Web Application Activity
153.236.239.30	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	JP TO-S-2019-0634 Malicious Web Application Activity
153.25.176.38	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168
153.26.177.22	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168
153.3.250.139	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=139,CN)
153.34.10.170	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_6 hr web attacks (IP=170,CN)
153.35.239.92	24	KF	None	2019-10-19 00:00:00	2020-01-18 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=92,CN) | updated by KF Block expiration extended with reason Command Injection Attempt (IP=92,CN)
153.36.34.225	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=225,CN)
153.37.97.211	24	MLJ	None	2017-06-12 05:00:00	2020-02-23 00:00:00	None	ET SCAN Potential SSH Scan (IP=211,CN) | updated by BP with reason Failed password for invalid user - Failed Logons (IP=184,CN)
153.9.191.43	32	RR	None	2017-09-01 05:00:00	2020-01-17 00:00:00	None	APP-DETECT failed FTP login attempt (IP=43,US) | updated by GM with reason APP-DETECT failed FTP login attempt - Sourcefire (IP=43,US)
153.92.0.12	24	YM	None	2017-10-18 05:00:00	2020-09-02 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=12,DE) | updated by RB with reason SQL 1 = 1 - possible sql injection attempt (IP=19,US) | updated by KF with reason SQL HTTP URI blind injection attempt_Web Attacks (IP=23,DE) | updated by dbc with reason US TO-
153.92.180.13	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	GR TO-S-2020-0031 Malicious Email Activity
153.92.225.193	24	GLM	None	2017-10-12 05:00:00	2020-03-29 00:00:00	None	SMTP_COMMAND_OVERFLOW (IP=193,FR) | updated by dbc with reason FR TO-S-2019-0551.02 Malicious Email Activity
153.92.5.109	32	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=109,US)
153.92.6.152	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	UK TO-S-2019-0747 Malicious Email Activity
154.0.160.138	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=138,ZA)
154.0.162.118	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=118,ZA)
154.0.162.179	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=179,ZA)
154.0.162.3	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=3,ZA)
154.0.169.225	24	RW	None	2019-12-17 00:00:00	2020-03-17 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=225,ZA)
154.0.174.251	24	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=251,ZA)
154.0.26.0	24	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	CI TO-S-2019-0831 Malicious Email Activity
154.113.16.226	24	GM	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=226,NG)
154.118.58.69	24	KF	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Authentication Failed (IP=69,NG)
154.120.242.70	24	RR	None	2018-12-06 06:00:00	2020-02-03 00:00:00	None	Illegal user (IP=70,ZW) | updated by RWB Block was inactive. Reactivated on 20191105 with reason Failed password - Failed Logon (IP=,VN)
154.124.131.111	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=111,SN)
154.124.251.71	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=71,SN)
154.124.47.34	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=34,SE)
154.125.11.123	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=123,SN)
154.125.150.177	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=177,SN)
154.125.151.116	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=116,SN)
154.126.212.64	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
154.126.33.78	24	BMP	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - 6hr Web Attacks (IP=78,MG)
154.126.56.85	24	RB	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	Illegal user_6 hr Failed Logons_CPC (IP=85,MG)
154.126.79.223	24	KF	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=223,MG)
154.16.136.100	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=100,US)
154.16.67.143	32	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=143,US)
154.16.67.155	32	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=155,US)
154.179.113.157	24	FT	None	2020-08-28 00:00:00	2020-11-26 00:00:00	None	BOT: SQL Injection - Danmec Bot SQL Injection Attack Detected - 6hr Web Attacks (IP=157,EG)
154.194.3.173	32	RW	None	2020-02-26 00:00:00	2020-03-26 00:00:00	None	TO-S-2020-0113 / DVR NVMS-900 - TT# 20C01832 (IP=130,HK)
154.197.136.6	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=6,HK)
154.197.26.142	24	RR	None	2020-08-28 00:00:00	2020-11-26 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=142,HK)
154.197.27.26	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=26,HK)
154.202.13.17	32	RW	None	2019-12-25 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire - Sourcefire (IP=17,US) | updated by KF Block expiration extended with reason Immediate Inbound Network Block - TT# 20C01298 (IP=17,US)
154.202.14.252	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=252,ZA)
154.202.57.179	32	RR	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	BOT: China Chopper Webshell Traffic Detected - TT# 20C01798 (IP=179,US)
154.204.50.60	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	HTTP: WordPress portable phpmyadminplugin authentication bypass vulnerability (IP=60,ZA)
154.204.53.70	24	BMP	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=70,HK)
154.208.158.98	32	CR	None	2019-05-06 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_CIRT Web Attacks - Prior 6 hours (IP=98,US) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=98,HK)
154.209.1.116	24	GM	None	2019-04-14 00:00:00	2020-02-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=116,HK) | updated by RB with reason Command Injection Attempt (IP=74,HK) | 2020-01-18 | 2019-06-14 | updated by KF with reason Immediate Inbound Network Block - TT# 20C00938 (IP=7,US)
154.209.1.74	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=74,)
154.209.237.6	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=6,HK)
154.209.244.196	24	RB	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Sourcefire (IP=196,HK)
154.209.3.210	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=210,HK)
154.209.4.164	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=164,HK)
154.209.4.164	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=164,HK)
154.209.4.178	24	wmp	None	2019-01-14 06:00:00	2020-01-25 00:00:00	None	authentication bypass vulnerability (IP=178,CN) | updated by RR with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=148,US)
154.209.5.154	24	RR	None	2020-08-04 00:00:00	2020-11-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=154,HK)
154.209.5.154	24	RR	None	2020-08-04 00:00:00	2020-11-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=154,HK)
154.210.65.106	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=106,HK)
154.211.101.6	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=6,HK)
154.211.13.113	24	RR	None	2020-07-27 00:00:00	2020-10-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=113,HK)
154.211.13.149	32	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	Immediate Inbound Network Block - TT# 20C00160 (IP=149,US)
154.211.7.136	24	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=136,HK)
154.213.162.177	24	ABC	None	2019-10-14 00:00:00	2020-01-12 00:00:00	None	Command Injection Attempt (IP=177,HK)
154.213.17.212	24	BMP	None	2020-11-04 00:00:00	2020-02-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=212,HK)
154.213.28.67	24	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=67,HK)
154.213.29.253	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=253,HK)
154.215.142.26	32	RW	None	2019-12-18 00:00:00	2020-01-18 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01166 (IP=26,US)
154.218.1.189	24	RB	None	2019-06-26 00:00:00	2020-01-06 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=189 HK) | updated by ABC with reason Generic ArcSight scan attempt (IP=193,US)
154.221.18.246	24	RB	None	2019-05-31 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=246,HK) | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=55,HK) | 2020-01-02 | 2019-08-29
154.221.20.129	32	RR	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Command Injection Attempt (IP=129,US)
154.221.22.76	32	RB	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00148 (IP=76,HK)
154.221.24.135	32	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Failed password for invalid user - Failed Logon (IP=135,US)
154.221.24.69	24	CR	None	2019-12-21 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=69,CN)
154.221.25.220	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=220,HK)
154.221.26.179	24	GM	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=179,HK)
154.221.29.208	24	DT	None	2020-07-12 00:00:00	2020-10-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=208,HK)
154.221.30.235	24	RR	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=235,HK)
154.221.31.118	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP= 118 , HK )
154.221.31.149	32	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Immediate Inbound Network Block - TT# 20C00956 (IP=149,US)
154.222.16.88	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Command Injection Attempt (IP=88,HK)
154.223.134.99	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=99,HK)
154.223.151.242	24	DT	None	2020-04-20 00:00:00	2020-07-19 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=242,HK)
154.223.154.125	24	BMP	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01929 (IP=125,HK)
154.223.162.42	24	RB	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_6 hr web attacks (IP=42 HK) | 2020-04-14 | 2019-03-23
154.223.40.82	24	RR	None	2019-03-31 00:00:00	2020-02-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=82,HK) | updated by RB with reason HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=237,SG) | 2020-02-01 | 2019-06-29
154.233.0.158	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logon (IP=158,CI)
154.46.204.144	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	DE TO-S-2019-0420 Malicious Email Activity
154.48.233.119	24	RR	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=119,DE)
154.48.234.82	32	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Generic ArcSight scan attempt (IP=82,US)
154.48.236.166	24	KF	None	2019-01-20 00:00:00	2020-01-02 00:00:00	None	Hello Peppa Scan (IP=166,) | updated by RR with reason INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=62,DE)
154.48.237.38	32	ABC	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	Generic ArcSight scan attempt (IP=38,US)
154.48.237.51	24	RW	None	2019-12-17 00:00:00	2020-03-17 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=51,DE)
154.48.237.51	32	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=51,US)
154.48.241.19	32	KF	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=19,US)
154.48.242.113	24	BMP	None	2020-08-03 00:00:00	2020-11-01 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=113,DE)
154.48.246.82	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=82,US)
154.49.213.26	24	GM	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=26,FR)
154.5.161.199	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	CA TO-S-2019-0546 Malware Activity
154.66.217.218	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	UG TO-S-2019-0409 Malicious Email Activity
154.66.66.115	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=115,ZA)
154.70.132.24	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=24,ZA)
154.70.134.71	24	RR	None	None	2020-07-09 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=71,ZA)
154.73.108.51	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logons (IP=51,LY)
154.79.53.17	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=17,KE)
154.8.128.0	17	dcg	None	2018-09-28 05:00:00	2020-02-24 00:00:00	None	BR TO-S-2018-1186 associated with malicious web activity | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=61,CN) | updated by KF with reason HTTP: SQL Injection Attempt Detec
154.8.136.117	24	RW	None	2020-07-19 00:00:00	2020-10-19 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=117,CN)
154.8.154.135	24	RW	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=146,IN)
154.8.182.225	24	BMP	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=225,CN)
154.8.200.196	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=196,CN)
154.8.201.45	24	CR	None	2020-06-15 00:00:00	2020-09-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=45,CN)
154.8.209.25	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=25,GB)
154.8.232.205	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=205,GB)
154.8.234.164	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=164,CN)
154.83.12.186	32	RW	None	2020-07-25 00:00:00	2020-10-25 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=186,US)
154.83.12.245	24	RR	None	2019-05-24 00:00:00	2020-01-27 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 hr Web Attacks (IP=245,SC) | updated by GM with reason ABC Generic ArcSight scan attempt (IP=245,US)
154.83.12.63	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00127 (IP=63,HK)
154.83.13.248	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=248,HK)
154.83.13.248	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=248,HK)
154.83.14.189	24	RR	None	2020-07-27 00:00:00	2020-10-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=189,HK)
154.83.14.2	24	RR	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=2,HK)
154.83.14.54	32	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Command Injection Attempt (IP=54,US)
154.84.2.116	32	BMP	None	2020-03-22 00:00:00	2020-06-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=116,US)
154.84.4.248	32	GM	None	2020-03-05 00:00:00	2020-06-05 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=248,US)
154.85.13.220	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=220,US)
154.85.13.71	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
154.86.6.175	24	RB	None	2020-06-22 00:00:00	2020-09-20 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=175,HK)
154.89.208.116	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=116,HK)
154.89.4.221	24	RW	None	2020-05-23 00:00:00	2020-08-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=221,HK)
154.89.4.243	32	KF	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=243,US)
154.91.199.129	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=129,SC)
154.91.2.15	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=15,HK)
154.91.3.56	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=56,HK)
154.91.33.38	24	RW	None	2019-10-02 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6 hr web attacks (IP=38,HK)
154.92.14.228	24	GM	None	2019-05-27 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=228,HK) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=136,HK)
154.92.16.72	24	DT	None	2020-07-12 00:00:00	2020-10-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=72,HK)
154.92.18.60	24	RR	None	2019-04-14 00:00:00	2020-01-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=60,SC) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=245,HK) | 2020-01-03 | 2019-07-13
154.92.22.110	24	GM	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=110,HK)
154.92.72.230	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password_6 hr Failed Logons (IP=230,HK)
154.94.7.170	32	DT	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03383 (IP=170,DE)
155.133.132.3	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	FR TO-S-2019-0577 Malicious Email Activity
155.133.132.65	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	FR TO-S-2019-0952 Malware Activity
155.133.142.66	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=66,no ISC data)
155.138.138.162	32	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=162,US)
155.138.139.101	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
155.138.139.136	32	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=136,US)
155.138.201.95	24	ABC	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	Generic ArcSight scan attempt (IP=95,XX)
155.138.213.252	32	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (IP=252,US)
155.22.121.211	32	JKC	None	2020-06-12 00:00:00	2020-09-12 00:00:00	None	substandard VPN ENCRYYPTION IP CTO-20-162 (IP=211,US)
155.230.35.195	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=195,KR)
155.232.195.63	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Failed password for invalid user - Failed Logons (IP=63,ZA)
155.252.139.188	32	jkc	None	2020-06-26 00:00:00	2020-07-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 INTEL recommended block IP (ip=188,US)
155.254.19.244	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
155.254.28.156	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Web Application Activity
155.29.0.10	32	RW	None	2020-08-18 00:00:00	2020-09-18 00:00:00	None	Unauthorized Access-Probe - TT# 20C03733 (IP=10,NL)
155.4.125.54	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=54,SE)
155.4.237.172	32	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01935 (IP=172,SE)
155.4.52.17	24	BMP	None	2020-05-02 00:00:00	2020-07-31 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=17,SE)
155.75.135.3	32	FT	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	HTTP: PHP Include - PHP Includedir Include Code Execution - 6hr Web Attacks (IP=3,US)
155.76.215.50	32	BP	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=50,US)
155.81.193.12	24	BMP	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=12,CN)
155.82.108.67	32	BP	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=67,US)
155.85.6.137	32	RR	None	2019-07-08 00:00:00	2020-05-03 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6 hr Web Attacks (IP=137,US) | updated by KF with reason HTTP: Apache mod_cgi Bash Environment Variable Code Injection_Web Attacks (IP=137,US) | updated by KF with reason HTTP: Apache mo
155.93.216.68	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=68,ZF)
155.93.240.0	20	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	ZA TO-S-2019-0952 Malware Activity
155.94.131.150	32	RB	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C02462 (IP=150,US)
155.94.196.161	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=161,US)
155.94.72.164	32	RW	None	2020-01-09 00:00:00	2020-02-09 00:00:00	None	Unauthorized Access-Probe - TT# 20C01389 (IP=164,US)
156.110.25.26	32	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=26,US)
156.112.98.111	32	jkc	None	2020-06-26 00:00:00	2020-07-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 INTEL recommended block IP (ip=111,US)
156.146.35.13	32	CR	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02882 (IP=13,UK)
156.194.148.63	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=63,EG)
156.194.22.101	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=101,HKG (Hong Kong))
156.194.96.55	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=55,EG)
156.195.119.128	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=128,EG)
156.195.125.4	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - Failed Logons (IP=4,EG)
156.195.138.79	24	BMP	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=79,EG)
156.195.194.168	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=168,EG)
156.195.40.240	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=240,EG)
156.195.66.214	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=214,EG)
156.195.71.76	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=76,EG)
156.196.122.66	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=66,EG)
156.196.205.169	24	BMP	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=169,EG)
156.196.248.200	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=200,EG)
156.196.48.41	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=41,EG)
156.196.58.223	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=223,EG)
156.197.121.178	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=178,EG)
156.197.146.89	24	RB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	HTTP: SQL Injection - Exploit II_6 hr web attacks (IP=89,EG)
156.197.21.56	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=56,EG)
156.198.96.8	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=8,EG)
156.199.110.91	24	RW	None	2020-01-07 00:00:00	2020-04-09 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=91,EG) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=91,EG)
156.200.166.162	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=162,EG)
156.200.172.148	24	BMP	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=148,EG)
156.200.176.232	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=232,EG)
156.200.204.156	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=156,EG)
156.201.204.137	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=137,EG)
156.201.70.221	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=221,EG)
156.201.81.223	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=223,EG)
156.202.102.80	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=80,EG)
156.202.151.231	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=231,EG)
156.202.229.125	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=125,EG)
156.202.231.106	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=106,EG)
156.202.233.59	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=59,EG)
156.203.10.196	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=196,EG)
156.203.119.238	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=238,EG)
156.203.123.20	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=20,EG)
156.203.150.27	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=27,EG)
156.203.203.186	24	BMP	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=186,EG)
156.203.210.142	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=142,EG)
156.203.249.60	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=60,EG)
156.203.50.217	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=217,EG)
156.204.123.134	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=134,EG)
156.204.131.76	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=76,EG)
156.204.140.1	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=1,EG)
156.204.156.185	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=185,EG)
156.204.159.20	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=20,EG)
156.204.186.234	24	BMP	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=234,EG)
156.204.200.125	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=125,EG)
156.204.21.168	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=168,EG)
156.204.251.9	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=9,EG)
156.204.58.23	24	BMP	None	2019-12-30 00:00:00	2020-03-30 00:00:00	None	Invalid username - 6hr Failed Logon (IP=23,EG)
156.205.97.118	24	KF	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	Illegal user (IP=118,EG)
156.206.198.157	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=157,EG)
156.206.217.70	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=70,EG)
156.207.117.27	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=27,EG)
156.207.149.140	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=140,EG)
156.207.232.254	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=254,EG)
156.207.243.40	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=40,EG)
156.207.249.33	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=33,EG)
156.207.26.217	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=217,EG)
156.207.68.83	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=83,EG)
156.208.103.2	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=2,EG)
156.208.153.36	24	RR	None	2020-01-21 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=36,EG) | updated by RWB with reason Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Failed Logon (IP=
156.208.166.146	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=146,EG)
156.208.56.53	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=53,EG)
156.209.100.135	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=135,EG)
156.209.12.61	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=61,EG)
156.209.136.137	24	BMP	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=137,EG)
156.210.203.164	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=164,EG)
156.211.103.126	24	BP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=126,EG)
156.212.54.69	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=69,EG)
156.213.163.184	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=184,EG)
156.214.110.98	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=98,EG)
156.214.130.66	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=66,EG)
156.214.190.68	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=68,EG)
156.215.191.199	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=199,EG)
156.215.93.125	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=125,EG)
156.216.183.117	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=117,EG)
156.216.28.200	24	BMP	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=200,EG)
156.216.71.241	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed - 6hr Logon (IP=241,EG)
156.217.187.169	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=169,EG)
156.217.3.148	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=148,EG)
156.218.131.222	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=222,EG)
156.218.149.197	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=197,EG)
156.218.160.146	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_Web Attacks (IP=46,EG)
156.219.11.121	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=121,EG)
156.219.114.36	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=36,EG)
156.219.140.17	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=17,EG)
156.219.191.95	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=95,EG)
156.219.210.69	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=69,EG)
156.219.90.2	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=2,EG)
156.219.99.197	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=197,EG)
156.220.111.0	24	KF	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=0,EG)
156.220.124.24	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=24,EG)
156.221.127.64	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=64,EG)
156.221.215.70	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=70,EG)
156.221.224.134	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=134,EG)
156.221.58.135	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=135,EG)
156.221.8.69	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=69,EG)
156.221.89.244	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=244,EG)
156.222.136.170	24	RR	None	2020-01-21 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=170,EG) | updated by RWB with reason Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Failed Logon (IP=,EG
156.222.197.201	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=201,EG)
156.222.198.232	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=232,EG)
156.222.237.124	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=124,EG)
156.222.44.118	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=118,EG)
156.222.75.125	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=125,EG)
156.223.108.252	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=252,EG)
156.224.10.203	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=203,HK)
156.226.17.181	32	RB	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01594 (IP=181 HK)
156.226.18.81	24	RR	None	2020-01-31 00:00:00	2020-05-05 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=81,HK) | updated by RR Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=81,HK)
156.226.18.81	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=81,ZA)
156.226.22.117	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Web (HTTP) Attacks (IP=117,ZA) | updated by DT Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=117,HK)
156.227.24.87	24	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=87,HK)
156.230.55.108	24	BMP	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=108,ZA)
156.232.6.179	32	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=179,US)
156.232.94.40	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=40,US)
156.232.94.55	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=55,US)
156.233.64.118	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=118,)
156.233.64.83	32	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01605 (IP=83,US)
156.235.193.226	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01443 (IP=226,HK)
156.236.110.77	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=77,HK)
156.236.126.41	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
156.236.126.42	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
156.236.65.193	24	CR	None	2018-12-14 06:00:00	2020-03-08 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=193,HK) | updated by GM with reason Invalid user - Failed Logons (IP=187,US)
156.236.69.145	32	KF	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=145,US)
156.236.69.145	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=145,HK)
156.236.70.141	24	RB	None	2018-12-01 06:00:00	2020-01-24 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=141,CN) | updated by GLM with reason ABC Command Injection Attempt (IP=19,US)
156.236.72.6	32	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=6,US)
156.236.73.106	24	RR	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=106,JP)
156.236.74.106	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
156.236.74.109	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
156.236.96.16	32	KF	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=16,US)
156.236.98.30	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Command Injection Attempt (IP=30,no ISC data)
156.237.140.197	32	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	HTTP: SQL Injection AttemptDetected (IP=197,US)
156.237.148.76	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Web Application Activity
156.238.15.25	32	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Generic ArcSight scan attempt (IP=25,US)
156.238.190.211	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	Unauthorized Scanning (IP=211,US)
156.238.250.74	32	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=74,US)
156.239.158.250	32	BMP	None	2020-02-23 00:00:00	2020-03-23 00:00:00	None	vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) Immediate Inbound Network Block - TT# 20C01808 (IP=250,US)
156.239.159.104	32	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=104,US)
156.241.11.152	24	CR	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=152,ZA)
156.245.160.98	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - WebAttacks (IP=98,ZA)
156.249.63.45	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=45,ZA)
156.251.174.140	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=140,ZA)
156.253.11.133	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=133,ZA)
156.255.211.130	24	RR	None	None	2020-06-28 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=130,HK)
156.38.171.181	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=181,ZA)
156.38.87.51	24	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=51,TG)
156.54.148.152	24	YM	None	2017-10-20 05:00:00	2020-04-13 00:00:00	None	ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (IP=152,IT) | updated by RR with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01447 (IP=22,IT) | updated by RR with reason HTTP: Joomla HTTP Header
156.54.148.22	24	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=22,IT)
156.54.152.143	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	IT TO-S-2019-0508 Malicious Web Application Activity
156.54.171.54	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=54,IT)
156.67.107.1	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	PL TO-S-2019-0972 Malicious Web Application Activity
156.67.208.54	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	SQL Injection (IP=54,LT)
156.67.211.177	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=177,SG)
156.67.222.133	32	wmp	None	2020-08-03 00:00:00	2020-11-03 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=133,SG)
156.67.222.183	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=183,IN)
156.67.222.183	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=183,CY)
156.67.222.183	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=183,CY)
156.67.250.205	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP=205,GB)
156.67.53.154	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	Unauthorized Scanning (IP=154,DE)
156.96.112.243	32	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=243,US)
156.96.112.252	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=252,US)
156.96.114.98	24	KF	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	TCP: SYN Host Sweep (IP=98,US)
156.96.117.42	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=42,no ISC data)
156.96.150.87	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=87,no ISC data)
156.96.153.26	32	GM	None	2019-11-13 00:00:00	2020-02-13 00:00:00	None	Failed password - Failed Logons (IP=26,US)
156.96.155.230	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=230,US)
156.96.155.238	32	GLM	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	ABC Generic ArcSight scan attempt (IP=238,US)
156.96.156.75	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=75,no ISC data)
156.96.47.131	32	DT	None	2020-07-05 00:00:00	2020-10-03 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C03374 (IP=131,US)
156.96.58.114	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Unauthorized Scanning (IP=114,no ISC data)
156.96.62.251	32	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=251,US)
157.0.132.250	32	nab	None	2020-09-25 00:00:00	2020-12-25 00:00:00	None	HIVE Case #3568 CTR-20-1055 Network scanning (IP=250,CN)
157.100.54.189	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=189,EC)
157.100.81.82	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=82,EC)
157.119.180.0	22	jky	None	2017-03-29 05:00:00	2020-03-08 00:00:00	None	LA TO-S-2017-0783 Malicious activity | updated by GM with reason Invalid user - Failed Logons (IP=207,LA)
157.119.189.93	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=93,IR)
157.119.71.178	24	ABC	None	2018-02-26 06:00:00	2020-09-02 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=178,HK) | updated by dbc with reason CN TO-S-2019-0952 Malware Activity
157.122.204.6	24	RB	None	2020-01-07 00:00:00	2020-04-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Soucefire (IP=6 CN)
157.230.104.254	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=254,DE)
157.230.106.228	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	DE TO-S-2019-0546 Malicious Email Activity
157.230.107.181	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=181,DE)
157.230.109.208	24	RB	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	INDICATOR-SCAN DNS version.bind
157.230.111.133	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	SG TO-S-2020-0206 Malicious Web Application Activity
157.230.111.133	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	SG TO-S-2020-0212.01 Malicious Web Application Activity
157.230.117.77	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=77,DE)
157.230.120.63	32	wmp	None	2020-09-11 00:00:00	2020-12-10 00:00:00	None	HIVE Case #3845 COLS-NA-TIP-20-0289 (IP=63,DE)
157.230.126.210	32	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=210,US)
157.230.128.195	32	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=195,US)
157.230.153.75	32	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=75,US)
157.230.179.221	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
157.230.18.195	24	GM	None	2019-11-13 00:00:00	2020-02-13 00:00:00	None	Failed password - Failed Logons (IP=195,DE)
157.230.184.19	32	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=19,US)
157.230.208.92	32	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=92,US)
157.230.211.101	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malicious Email Activity
157.230.215.248	32	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=248,US)
157.230.216.203	32	KF	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02779 (IP=203,US)
157.230.226.7	32	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=7,US)
157.230.240.17	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=17,XX)
157.230.29.219	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	DE TO-S-2019-0658 Malware Activity
157.230.40.169	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	SG TO-S-2020-0006 Malicious Email Activity
157.230.45.206	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	SG TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason SG TO-S-2020-0212.01 Malicious Web Application Activity
157.230.47.57	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=57,US)
157.230.51.36	32	RR	None	2020-09-20 00:00:00	2020-12-19 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Web Attacks (IP=36,US)
157.230.51.37	32	RR	None	2020-09-20 00:00:00	2020-12-19 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Web Attacks (IP=37,US)
157.230.58.196	32	RB	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	Failed password_6 hr Failed Logons (IP=196,US)
157.230.6.220	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malware Activity
157.230.65.226	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
157.230.84.18	32	BMP	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - Web Attacks (IP=18,US)
157.230.87.32	24	RR	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Web Attacks (IP=32,US)
157.230.88.241	32	BMP	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=241,US)
157.230.95.242	32	BMP	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=242,US)
157.245.104.96	24	RB	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	Illegal user_6 hr Failed Logons_WPC (IP=96,IN)
157.245.109.127	24	RW	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Generic ArcSight scan attempt (IP=127,IN)
157.245.124.203	32	KF	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=203,US)
157.245.127.46	32	RB	None	2020-02-27 00:00:00	2020-05-27 00:00:00	None	SERVER-WEBAPP Blueimp jQuery File Upload arbitrary PHP file upload attempt_Sourcefire (IP=46,US)
157.245.135.227	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=227,XX)
157.245.146.78	24	RR	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=78,US)
157.245.158.97	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=97,SG)
157.245.165.138	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=138,XX)
157.245.168.11	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	TCP: SYN Host Sweep (IP=11,US)
157.245.180.165	32	BMP	None	2020-03-26 00:00:00	2020-06-24 00:00:00	None	SQL HTTP URI blind injection attempt - SourceFire (IP=165,US)
157.245.187.143	32	GM	None	2019-10-01 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Web Attacks (IP=143,US)
157.245.188.53	32	DT	None	2020-04-20 00:00:00	2020-07-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=53,US)
157.245.188.9	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
157.245.199.127	24	GM	None	2019-11-12 00:00:00	2020-02-12 00:00:00	None	Failed Password - Failed Logons (IP=127,SG)
157.245.235.139	32	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C00793 (IP=139,US)
157.245.241.112	32	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=112,US)
157.245.246.38	32	DT	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=38,US)
157.245.250.190	32	RW	None	2020-05-20 00:00:00	2020-08-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=190,US)
157.245.250.190	24	RB	None	2020-05-20 00:00:00	2020-08-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt -Sourcefire (IP=190,US)
157.245.252.2	32	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=2,US) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
157.245.254.47	32	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	Known Attack Tool User Agent/BOT: Potential Muieblackcat Scanner (IP=47,US)
157.245.32.41	32	DT	None	2020-06-19 00:00:00	2020-09-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=41,US)
157.245.33.57	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C00121 (IP=57,US)
157.245.34.150	24	RR	None	2020-01-20 00:00:00	2020-04-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=150,GB) | updated by RB Block expiration extended with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_S
157.245.43.117	24	RW	None	2020-05-31 00:00:00	2020-09-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=117,UK) | updated by RW Block expiration extended with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
157.245.44.195	24	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=131,GB)
157.245.46.17	24	RB	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=17,GB)
157.245.47.0	24	BMP	None	2020-06-14 00:00:00	2020-09-12 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=0,GB)
157.245.48.44	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=44,XX)
157.245.56.93	32	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=93,US)
157.245.65.159	32	DT	None	2020-06-23 00:00:00	2020-09-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=159,US)
157.245.66.174	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=174,NL)
157.245.67.100	32	DT	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=100,US)
157.245.68.188	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
157.245.69.82	32	RW	None	2020-09-02 00:00:00	2020-12-01 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03811 (IP=82,US)
157.245.69.97	32	DT	None	2020-06-08 00:00:00	2020-09-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire - (IP=97,US)
157.245.70.180	24	RB	None	2020-06-06 00:00:00	2020-09-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=180,NL)
157.245.73.144	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=144,NL)
157.245.74.137	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=137,NL)
157.245.76.148	32	DT	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire - (IP=148,US)
157.245.83.170	32	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	TCP: SYN Host Sweep (IP=170,US)
157.245.93.34	32	BMP	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	NetScaler Vulnerability Attempted - TT# 20C01477 (IP=34,US)
157.245.98.130	32	RR	None	2020-07-28 00:00:00	2020-10-26 00:00:00	None	SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt - SourceFire (IP=130,US)
157.245.98.130	24	GM	None	2020-07-28 00:00:00	2020-10-28 00:00:00	None	FIREEYE Web: Infection Match (blocked) - Hive Case # 3418 (IP=130,IN)
157.25.189.247	24	KF	None	2019-11-23 00:00:00	2020-02-21 00:00:00	None	Illegal user (IP=247,PL)
157.253.205.71	24	RR	None	2018-12-08 06:00:00	2020-02-18 00:00:00	None	Failed password for invalid user (IP=71,CO) | updated by RR with reason Invalid user - Failed Logons (IP=51,CO)
157.32.0.0	12	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	IN TO-S-2019-0972 Malware Activity
157.48.0.0	14	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	IN TO-S-2019-0952 Malware Activity
157.48.25.154	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	IE TO-S-2019-0952 Malware Activity
157.52.144.2	32	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00176 (IP=2,US)
157.52.252.113	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=113,XX)
157.52.255.126	32	GM	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	ABC Generic ArcSight scan attempt (IP=126,US)
157.55.39.103	32	KF	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=103,US)
157.55.39.104	32	BP	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	Possible SQLi attempt - TT# 20C01133 (IP=104,US)
157.7.107.246	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	JP TO-S-2020-0031 Malicious Email Activity
157.7.107.43	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=43,JP)
157.7.170.13	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason JP TO-S-2020-0212.01 Malicious Web Application Activity
157.7.184.11	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	JP TO-S-2019-0431 Malicious Web Application Activity
157.7.184.13	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	JP TO-S-2019-0734.01 Malicious Email Activity
157.7.184.15	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	JP TO-S-2019-0409 Malware Activity
157.7.184.23	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	JP TO-S-2019-1002 Malicious Web Application Activity
157.7.188.123	32	wmp	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=123,JP)
157.7.52.245	24	20200120	None	None	2020-01-20 00:00:00	None	Illegal user - Fail Logins (IP=245,JP) | updated by 20200120 Block was inactive. Reactivated on RWB with reason Illegal user - Fail Logins (IP=245,JP) | updated by RWB Block was inactive. Reactivated on 20191022 with reason Illegal user - Fail Login
157.86.248.13	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Invalid user - Failed Logon (IP=,CN)
158.101.23.30	32	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=30,US)
158.106.189.209	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malware Activity
158.108.215.146	32	DT	None	2020-05-26 00:00:00	2020-08-26 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02913 (IP=146,TH)
158.109.168.73	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	ES TO-S-2019-0532 Malware Activity
158.140.109.25	24	GM	None	2019-12-24 00:00:00	2020-03-24 00:00:00	None	Authentication Failed - Failed Logons (IP=25,PS)
158.140.137.78	24	RB	None	2017-11-26 06:00:00	2020-08-22 00:00:00	None	ET SCAN Potential SSH Scan (IP=78,SG) | updated by dbc with reason SG TO-S-2019-0926 Malicious Reconnaissance Activity
158.140.138.243	24	RB	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=243,SG)
158.140.140.10	24	CR	None	2017-12-10 06:00:00	2020-08-22 00:00:00	None	ET SCAN Potential SSH Scan (IP=10,SG) | updated by GM with reason Illegal user_Failed Logons (IP=23,SG) | updated by dbc with reason SG TO-S-2019-0926 Malicious Reconnaissance Activity
158.140.175.104	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=4,ID)
158.174.112.149	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=149,SW)
158.174.113.81	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	SE TO-S-2020-0206 Malicious Web Application Activity
158.174.113.81	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	SE TO-S-2020-0212.01 Malicious Web Application Activity
158.174.122.199	24	GM	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=199,SE)
158.174.207.211	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	SE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason SE TO-S-2020-0212.01 Malicious Web Application Activity
158.174.67.40	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=40,SW)
158.174.75.38	24	KF	None	2020-03-07 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent/BOT; Mirai Echobot Activity Detected - TT# 20C02024 (IP=38,SW)
158.174.92.138	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	Known Attack Tool User Agent - TT# 20C01888 (IP=138,SE)
158.177.154.245	32	wmp	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	HIVE Case #3071 COLS-NA-TIP-20-0188 (IP=245,US)
158.214.35.124	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=124,JP)
158.255.238.210	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=210,ES)
158.255.47.178	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=178,GB)
158.69.1.167	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	CA TO-S-2019-0769 Malicious Email Activity
158.69.102.27	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
158.69.109.217	24	RR	None	2020-02-26 00:00:00	2020-05-26 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (1:13990:26) - SourceFire (IP=217,CA)
158.69.115.115	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	CA TO-S-2019-0864 Malware Activity
158.69.133.68	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	CA TO-S-2020-0006 Command and Control Exploit
158.69.133.75	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	CA TO-S-2020-0006 Command and Control Exploit
158.69.145.20	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=20,FR)
158.69.151.238	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	CA TO-S-2019-0769 Malicious Email Activity
158.69.192.159	24	MLJ	None	2017-08-31 05:00:00	2020-01-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=159,CA) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=35,CA)
158.69.192.239	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malicious Web Application Activity
158.69.193.32	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity
158.69.193.32	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0212.01 Malicious Web Application Activity
158.69.201.47	24	GM	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=47,CA)
158.69.204.172	24	RWB	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user - Failed Logon (IP=,ZW) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=172,CA)
158.69.216.242	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
158.69.217.248	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malicious Web Application Activity
158.69.223.91	24	CR	None	2019-12-04 00:00:00	2020-03-04 00:00:00	None	Failed password for invalid user - 6 hr failed logon (IP=91,CA)
158.69.225.109	24	GLM	None	2017-01-03 06:00:00	2020-09-10 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=109,CA) | updated by RW with reason Possible sql injection attempt - 6 hr web attacks (IP=108,CA) | updated by dbc with reason CA TO-S-2019-0938 Malicious Email Activity | updated by dbc with reason C
158.69.227.13	24	ABC	None	2018-04-20 05:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=13 FR) | updated by dbc with reason CA TO-S-2019-0351 Malicious Email Activity
158.69.235.105	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	CA TO-S-2019-0551.02 Malicious Email Activity
158.69.242.199	24	sjl	None	2016-03-21 05:00:00	2020-04-26 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=199 CA) | updated by jky with reason CA TO-S-2017-1273 Phishing
158.69.248.197	24	GLM	None	2017-10-14 05:00:00	2020-09-13 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=197,CA) | updated by dbc with reason CA TO-S-2019-0985 Malicious Email Activity
158.69.252.83	24	EDBT	None	2018-02-18 06:00:00	2020-04-04 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt (IP=83,FR) | updated by ABC with reason Generic ArcSight scan att
158.69.40.92	24	ABC	None	2018-02-01 06:00:00	2020-04-19 00:00:00	None	Generic ArcSight scan attempt (IP=92,FR) | updated by dbc with reason CA TO-S-2019-0608 Malware Activity
158.69.57.62	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malware Activity
158.69.62.162	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	CA TO-S-2019-0351 Malicious Email Activity
158.69.63.244	24	GM	None	2019-11-18 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=244,CA)
158.69.75.110	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=110,CA)
159.0.77.118	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=118,SA)
159.121.119.142	32	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - sourcefire (IP=142,US) | unblocked: IP: 159.121.119.142 is State of Oregon
159.134.118.222	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3560 COLS-NA-TIP-20-0259 (IP=222,IE)
159.138.102.220	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=220,SG)
159.138.132.88	32	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	HTTP: SQL Injection Attempt etected _ Web Attacks (IP=88,US)
159.138.20.65	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00132 (IP=65,HK)
159.138.229.34	24	RW	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	TCP: SYN Host Sweep (IP=34,TH)
159.138.55.255	24	BMP	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=255,SG)
159.138.62.158	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	Web (HTTP) Attacks (IP=158,SG)
159.138.83.83	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	SG TO-S-2020-0206 Malicious Web Application Activity
159.138.83.83	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	SG TO-S-2020-0212.01 Malicious Web Application Activity
159.146.31.206	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=206,TR)
159.148.85.185	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=185,LV)
159.192.136.187	24	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - Failed Logons (IP=187,TH)
159.192.237.10	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=10,TH)
159.192.237.10	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=10,TH)
159.203.10.6	32	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=6,US)
159.203.12.171	32	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=171,US)
159.203.122.81	32	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=81,US)
159.203.124.114	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=114,US)
159.203.124.92	32	RB	None	2019-07-03 00:00:00	2020-09-13 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt_6 hr web attacks (IP=92,US) | updated by dbc with reason US TO-S-2019-0985 Application Vulnerability Exploit
159.203.125.115	24	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=115,US)
159.203.141.208	32	RB	None	2019-01-29 00:00:00	2020-02-01 00:00:00	None	Failed password for invalid user (IP=208,US) | updated by RW Block was inactive. Reactivated on 20191101 with reason Authentication Failed - 6hr Failed Logon(IP=208,US)
159.203.169.16	32	CR	None	2019-02-02 00:00:00	2020-01-17 00:00:00	None	Masscan TCP Port Scanner (IP=16,US) | updated by RR with reason Generic ArcSight scan attempt (IP=16,US)
159.203.18.175	24	DT	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - Sourcefire (IP=175,CA)
159.203.182.127	32	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=127,US)
159.203.184.36	32	RB	None	2019-11-02 00:00:00	2020-05-28 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C00790 (IP=36,US) | updated by KF Block was inactive. Reactivated on 20200228 with reason HTTP: PHP-FPM Remote Code Execution Vulnerability - TT# 20C01851 (IP=36,US)
159.203.190.189	32	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Web Attacks (IP=189,US)
159.203.193.240	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=240,US)
159.203.193.241	32	GM	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	ABC Generic ArcSight scan attempt (IP=241,US)
159.203.193.242	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=242,US)
159.203.193.243	32	KF	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=243,US)
159.203.193.244	32	ABC	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=244,US)
159.203.193.245	32	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=245,US)
159.203.193.246	32	ABC	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=246,US)
159.203.193.248	32	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=248,US)
159.203.193.249	32	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=249,US)
159.203.193.250	32	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=250,US)
159.203.193.251	32	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=251,US)
159.203.193.253	32	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=253,US)
159.203.193.36	32	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=36,US)
159.203.193.38	32	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=38,US)
159.203.193.41	32	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=41,US)
159.203.193.42	32	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=42,US)
159.203.193.43	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=43,US)
159.203.193.44	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=44,US)
159.203.193.46	32	GM	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	ABC Generic ArcSight scan attempt (IP=46,US)
159.203.193.47	32	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=47,US)
159.203.193.51	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=51,US)
159.203.193.54	32	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=54,US)
159.203.197.0	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=0,US)
159.203.197.10	32	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=10,US)
159.203.197.12	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=12,US)
159.203.197.133	32	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=133,US)
159.203.197.14	32	GM	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	ABC Generic ArcSight scan attempt (IP=14,US)
159.203.197.144	32	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=144,US)
159.203.197.148	32	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=148,US)
159.203.197.15	32	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	ABC Generic ArcSight scan attempt (IP=15,US)
159.203.197.152	32	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=152,US)
159.203.197.154	32	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=154,US)
159.203.197.155	32	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=155,US)
159.203.197.156	32	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=156,US)
159.203.197.157	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=157,US)
159.203.197.16	32	GLM	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	ABC Generic ArcSight scan attempt (IP=16,US)
159.203.197.169	32	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=169,US)
159.203.197.17	32	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=17,US)
159.203.197.170	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=170,US)
159.203.197.172	32	KF	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=172,US)
159.203.197.175	32	GM	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	ABC Generic ArcSight scan attempt (IP=175,US)
159.203.197.18	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=18,US)
159.203.197.2	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=2,US)
159.203.197.20	32	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Generic ArcSight scan attempt (IP=20,US)
159.203.197.22	32	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=22,US)
159.203.197.23	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=23,US)
159.203.197.25	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=25,US)
159.203.197.26	32	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=26,US)
159.203.197.27	32	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=27,US)
159.203.197.28	32	KF	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=28,US)
159.203.197.30	32	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=30,US)
159.203.197.31	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=31,US)
159.203.197.32	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=32,US)
159.203.197.5	32	KF	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=5,US)
159.203.197.6	32	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=6,US)
159.203.197.7	32	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=7,US)
159.203.197.8	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=8,US)
159.203.197.9	32	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=9,US)
159.203.201.137	32	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=137,US)
159.203.201.163	32	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=163,US)
159.203.201.21	32	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=21,US)
159.203.201.218	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=218,US)
159.203.201.5	32	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=5,US)
159.203.201.51	32	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=51,US)
159.203.201.64	32	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=64,US)
159.203.204.126	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
159.203.251.90	32	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Failed password for invalid user - Failed Logon (IP=,US)
159.203.26.191	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=191,CA)
159.203.29.101	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=101,CA)
159.203.30.120	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Invalid user - Failed Logons (IP=120,CA)
159.203.31.96	32	RR	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=96,US)
159.203.32.1	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=1,CA)
159.203.36.154	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logons (IP=154,CA)
159.203.40.89	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=89,CA)
159.203.42.219	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=219,CA)
159.203.58.237	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	CA TO-S-2019-0546 Malicious Email Activity
159.203.63.70	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat - Web Attacks (IP=70,CA)
159.203.64.241	32	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=241,US)
159.203.67.33	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=33,US)
159.203.74.227	32	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Invalid user - Failed Logon (IP=,US)
159.203.83.217	32	GM	None	2020-03-05 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent/TTP: Masscan Scanner Traffic Detected - TT# 20C01983 (IP=217,US)
159.203.98.121	32	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=121,US)
159.213.38.42	24	BMP	None	2020-03-22 00:00:00	2020-06-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=42,IT)
159.224.194.240	24	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - Failed Logons (IP=240,UA)
159.226.118.178	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=178,CN)
159.226.169.49	24	RR	None	2018-03-06 06:00:00	2020-05-12 00:00:00	None	Illegal user (IP=49,CN) | updated by GM Block was inactive. Reactivated on 20200212 with reason Illegal user - Failed Logons (IP=49,CN)
159.226.170.18	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password - Failed Logons (IP=18,CN)
159.253.25.197	24	KF	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=197,SE)
159.253.28.197	24	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=197,GB)
159.253.28.253	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	GB TO-S-2019-0420 Malicious Email Activity
159.65.10.63	24	ABC	None	2018-02-24 06:00:00	2020-02-18 00:00:00	None	Generic ArcSight scan attempt (IP=63 XX) | updated by GM with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=1,SG)
159.65.103.167	32	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	TCP: SYN Host Sweep (IP=167,US)
159.65.108.55	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=55,US)
159.65.11.106	32	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent / HTTP: Masscan Scanner Traffic Detected - TT# 20C02038 (IP=106,US)
159.65.111.117	32	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	TCP: SYN Host Sweep (IP=117,US)
159.65.130.10	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=10,US)
159.65.131.106	24	RW	None	2019-12-12 00:00:00	2020-03-12 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=106,SG)
159.65.136.141	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=141,SG)
159.65.137.150	24	RW	None	2019-12-12 00:00:00	2020-03-12 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=150,SG)
159.65.140.38	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=38,SG)
159.65.146.250	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=250,IN)
159.65.146.49	24	FT	None	2020-09-26 00:00:00	2020-12-26 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt - Web Attacks (IP=49,IN)
159.65.151.8	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=8,IN)
159.65.152.201	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=201,IN)
159.65.153.236	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 020420-00057 (IP=236,US)
159.65.157.194	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=194,IN)
159.65.164.210	32	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=210,US)
159.65.174.81	32	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=81,US)
159.65.184.103	32	DT	None	2020-09-18 00:00:00	2020-12-17 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - Web Attacks (IP=103,US)
159.65.189.115	32	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=115,US)
159.65.202.4	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	NL TO-S-2019-0488 Malware Activity
159.65.225.18	32	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=18,US)
159.65.226.38	32	DT	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=38,US)
159.65.237.81	32	GM	None	2020-09-06 00:00:00	2020-12-06 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=81,US)
159.65.239.104	32	RB	None	2019-01-10 06:00:00	2020-03-08 00:00:00	None	Illegal user (IP=104,US) | updated by GM with reason Failed password - Failed Logons (IP=104,US)
159.65.239.48	32	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=48,US)
159.65.24.244	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	GB TO-S-2019-0420 Malicious Email Activity
159.65.24.7	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	Failed password - Failed Logons (IP=7,GB)
159.65.39.68	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=68,US)
159.65.4.86	24	RW	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=86,SG)
159.65.42.115	24	ABC	None	2018-02-24 06:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=115 XX) | updated by RB with reason HTTP: test-cgi Directory Listing_12 hr web attacks (IP=166,US) | 2020-01-17 | 2018-05-25
159.65.72.153	32	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=153,US)
159.65.76.114	32	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=114,US)
159.65.77.254	32	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password_6 hr Failed Logons (IP=254,US)
159.65.8.65	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=65,SG)
159.65.86.32	24	RB	None	2020-06-06 00:00:00	2020-09-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=32,GB)
159.65.88.97	32	RW	None	2020-05-09 00:00:00	2020-08-09 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - Web Attacks (IP=97,US)
159.65.88.97	24	RR	None	2020-05-09 00:00:00	2020-08-07 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - SourceFire (IP=97,GB)
159.65.89.174	24	EDBT	None	2018-03-12 05:00:00	2020-03-26 00:00:00	None	ET POLICY Suspicious inbound to PostgreSQL port 5432 (IP=174,GB) | updated by CR with reason INDICATOR-SCAN DNS version.bind s
159.65.9.28	32	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=28,US)
159.65.95.16	32	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=16,US)
159.65.99.138	32	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=138,US)
159.65.99.182	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=182,US)
159.69.137.146	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=146,DE)
159.69.180.151	32	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C01472 (IP=151,DE)
159.69.182.20	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malicious Web Application Activity
159.69.83.207	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	DE TO-S-2019-0351 Malicious Web Application Activity
159.89.10.77	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user - Failed Logons (IP=77,CA)
159.89.100.7	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=7,DE)
159.89.104.101	32	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=101,US)
159.89.112.183	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=183,CA)
159.89.113.145	32	GM	None	2020-03-23 00:00:00	2020-06-23 00:00:00	None	Known Attack Tool User Agent - TT# 20C02201 (IP=145,US)
159.89.113.87	32	DT	None	2020-09-12 00:00:00	2020-12-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=87,US)
159.89.115.158	32	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=158,US)
159.89.122.231	24	KF	None	2020-06-28 00:00:00	2020-09-26 00:00:00	None	APP-DETECT SSH server detected on non-standard port (1:13586:5) - SourceFire (IP=231,CA)
159.89.123.56	24	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Web Attacks (IP=56,CA)
159.89.124.210	24	GM	None	2020-09-09 00:00:00	2020-12-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=210,CA)
159.89.132.91	32	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=91,US)
159.89.134.169	24	ABC	None	2017-12-30 06:00:00	2020-03-10 00:00:00	None	Generic ArcSight scan attempt (IP=169,XX) | updated by GM with reason Failed password - Failed Logons (IP=64,US)
159.89.136.35	24	RR	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=35,CA)
159.89.137.243	32	CR	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6 hr Web Attacks (IP=243,US) | updated by KF Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (IP=243,US)
159.89.138.176	32	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=176,US)
159.89.139.167	24	RR	None	2018-08-14 05:00:00	2020-03-05 00:00:00	None	Illegal user (IP=167,CA) | updated by RB with reason Failed password_6 hr Failed Logons (IP=228 US) | 2020-03-05 | 2018-11-12
159.89.144.231	24	RR	None	None	2020-06-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=231,US)
159.89.146.47	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=47,US)
159.89.150.2	32	BMP	None	2020-05-15 00:00:00	2020-08-13 00:00:00	None	External scanning - Hive case 2807 (IP=2,US)
159.89.151.248	32	KF	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Known Attack Tool User Agent/20086: HTTP: Muieblackcat Security - TT# 20C01709 (IP=248,US)
159.89.154.19	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Failed password for invalid user - Failed Logons (IP=19,CA)
159.89.16.121	32	RW	None	2020-01-17 00:00:00	2020-06-05 00:00:00	None	28744: HTTP: MASSCAN Tool Usage - TT# 20C01478 (IP=121,DE) | updated by KF Block was inactive. Reactivated on 20200307 with reason Known Attack Tool User Agent/HTTP: Masscan Scanner Traffic - TT# 20C02022 (IP=121,US)
159.89.160.91	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=91,IN)
159.89.167.232	24	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - SourceFire (IP=232,IN)
159.89.169.137	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=137,IN)
159.89.172.45	32	RW	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=45,US)
159.89.172.45	24	RR	None	None	2020-06-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=45,IN)
159.89.194.103	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=103,CA)
159.89.231.172	32	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=172,US)
159.89.235.159	32	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=159,US)
159.89.235.61	32	RB	None	2019-01-03 06:00:00	2020-02-21 00:00:00	None	Illegal user (IP=61,US) | updated by KF with reason Illegal user (IP=61,CA) | updated by BP Block was inactive. Reactivated on 20191121 with reason Authentication Failed - 6hr Failed Logon(IP=61,US)
159.89.33.57	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=57,US)
159.89.33.58	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=58,US)
159.89.46.57	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=57,US)
159.89.85.202	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=202,US)
159.90.82.100	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=100,VE)
160.0.193.107	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=107,ZA)
160.119.142.20	24	CW	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password for invalid user_Failed Logon (IP=20,ZA)
160.120.18.117	24	CW	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	SERVER-WEBAPP GPON Router
160.124.14.234	24	RB	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 hr web attacks (IP=234,ZA)
160.124.192.0	19	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	ZA TO-S-2019-0551.02 Malicious Email Activity
160.142.7.10	32	dbc	None	2019-10-11 00:00:00	2020-10-11 00:00:00	None	KR TO-S-2020-0027 Burnished Pyrite IOCs Malware Activity | unblocked TO-S-2020-0036.01 Mitigations issued in TO-S-2020-0027 was inadvertetly blocked and no longer required.
160.153.128.25	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
160.153.128.43	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
160.153.129.19	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
160.153.129.236	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
160.153.129.28	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	US TO-S-2019-0613 Malicious Email Activity
160.153.131.139	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
160.153.131.153	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	NL TO-S-2019-0769 Malicious Email Activity
160.153.131.192	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
160.153.136.3	32	dcg	None	2018-10-12 05:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0034 Indicator associated with malware activity | updated by dbc with reason US TO-S-2019-0351 Malicious Email Ac
160.153.146.149	32	RB	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=149,US)
160.153.147.132	32	RR	None	2017-01-31 06:00:00	2020-03-21 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=132,US) | updated by BMP Block was inactive. Reactivated on 20191222 with reason HTTP: Blind SQL Injection - Timing (IP=132,US)
160.153.147.138	32	BMP	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL use of sleep function with and - likely SQL injection - SourceFire (IP=138,US)
160.153.153.142	32	RB	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=142,US)
160.153.153.29	32	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr Web Attacks (IP=29,US)
160.153.153.3	32	BMP	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL use of sleep function with and - likely SQL injection - SourceFire (IP=3,US)
160.153.153.5	32	RW	None	2020-05-15 00:00:00	2020-09-01 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=5,US) | updated by RW Block expiration extended with reason HTTP: PHP File Inclusion Vulnerability - TT# 20C03019 (IP=5,US)
160.153.154.142	32	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=142,US)
160.153.154.153	32	RWB	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Web Application Attack - SQL HTTP URI blind injection attempt - SourceFire (IP=153,US)
160.153.154.169	32	RB	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=169,US)
160.153.154.19	24	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=19,NL)
160.153.154.23	32	GM	None	2020-06-18 00:00:00	2020-08-18 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03214 (IP=23,US)
160.153.154.31	32	CR	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=31,US)
160.153.155.12	32	RB	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=12,US)
160.153.156.143	32	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=143,US)
160.153.157.141	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Immediate Inbound Network Block - TT# 20C00501 (IP=141,US)
160.153.177.251	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=251,US)
160.153.197.189	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
160.153.198.183	32	RWB	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Web Application Attack - SQL use of sleep function with and - likely SQL injection - SourceFire (IP=183,US)
160.153.199.34	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
160.153.201.210	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
160.153.204.72	32	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Hive Case 1870 - Malicious.LIVE.DTI.URL (IP=72,US)
160.153.204.75	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
160.153.207.252	32	GM	None	2020-03-11 00:00:00	2020-06-11 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=252,US)
160.153.209.4	32	RB	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C01673 (IP=4,US)
160.153.244.195	32	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Failed password - Failed Logons (IP=195,US)
160.153.250.165	32	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=165,US)
160.153.32.68	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
160.153.44.66	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Web Application Activity
160.153.46.198	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
160.153.47.33	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=33 US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
160.153.47.70	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
160.153.48.135	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
160.153.49.71	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=71, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
160.153.61.68	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0363.01 Malicious Email Activity
160.153.61.72	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
160.153.72.0	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	US TO-S-2019-0613 Malicious Email Activity
160.153.72.8	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
160.153.77.194	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
160.153.89.100	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=100,US)
160.153.89.70	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=70,US)
160.153.92.33	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
160.153.94.40	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0363.01 Malicious Email Activity
160.153.96.192	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
160.156.12.38	24	GM	None	2019-10-17 00:00:00	2020-01-17 00:00:00	None	SQL use of sleep function in HTTP header - likely SQL injection attempt - Sourcefire (IP=38,TN)
160.16.111.215	24	RB	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=215,JP)
160.16.148.131	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=131,JP)
160.16.149.56	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	JP TO-S-2019-0952 Malware Activity
160.16.221.143	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=143,JP)
160.16.75.119	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=119,JP)
160.16.85.117	24	GM	None	2020-03-11 00:00:00	2020-06-11 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=117,JP)
160.16.93.80	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason JP TO-S-2020-0212.01 Malware Activity
160.176.221.82	32	DT	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	Possible SQLi attempt / HTTP: Blind SQL Injection - Timing - TT# 20C02877 (IP=82,MA)
160.178.171.15	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 020420-00061 (IP=15,MA)
160.178.4.112	32	RW	None	2020-04-03 00:00:00	2020-05-03 00:00:00	None	Known Attack Tool User Agent - TT# 20C02343 (IP=112,MA)
160.181.150.21	24	RR	None	2020-04-18 00:00:00	2020-07-17 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=21,BG)
160.19.49.123	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00119 (IP=123,HK)
160.19.49.52	24	BMP	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=52,MO)
160.19.49.52	24	BMP	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=52,MO)
160.19.51.67	24	wmp	None	2019-01-10 06:00:00	2020-03-13 00:00:00	None	authentication bypass vulnerability (IP=67,CN) | updated by RB with reason HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=48,HK) | 2020-03-13 | 2019-04-10
160.20.57.149	24	GM	None	2019-10-09 00:00:00	2020-01-09 00:00:00	None	SERVER-WEBAPP Joomla
160.238.181.9	24	KF	None	2020-04-21 00:00:00	2020-07-20 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=9,)
160.238.74.0	23	kmw	None	2019-02-04 00:00:00	2020-02-14 00:00:00	None	IN TO-S-2019-0382 Malware Activity | updated by dbc with reason JP TO-S-2019-0400 Malicious Email Activity
160.238.75.228	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	IN TO-S-2019-0382 Malicious Email Activity
160.238.86.102	24	RR	None	2020-08-23 00:00:00	2020-11-21 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=102,HK)
160.238.87.169	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=169,HK)
160.248.110.50	24	BMP	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	HIVE Case #1704 FE WEB Riskware (IP=50,JP)
161.0.42.94	24	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=94,NI)
161.117.0.0	17	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CN TO-S-2019-0952 Malware Activity
161.117.182.74	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	SG TO-S-2019-1002 Malicious Email Activity
161.117.192.8	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=8,SG)
161.117.224.46	24	CR	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=46,SG)
161.129.65.53	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	NL TO-S-2019-0747 Malware Activity
161.129.67.146	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malicious Web Application Activity
161.129.71.10	32	BMP	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr Web Attacks (IP=10,US)
161.129.71.2	32	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=2,US)
161.129.71.34	32	BMP	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr Web Attacks (IP=34,US)
161.221.85.145	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0610 Malicious Email Activity
161.230.116.172	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	PT TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason PT TO-S-2020-0212.01 Malicious Web Application Activity
161.35.101.82	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=82,XX)
161.35.124.58	32	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03893 (IP=58,US)
161.35.126.184	32	GM	None	2020-06-25 00:00:00	2020-08-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=184,US)
161.35.127.172	32	GM	None	2020-08-29 00:00:00	2020-11-29 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - Web Attacks (IP=172,US)
161.35.136.240	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=240,XX)
161.35.139.30	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02970 (IP=30,US)
161.35.14.12	24	RR	None	None	2020-06-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=12,US)
161.35.172.9	32	BMP	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=9,US)
161.35.216.165	24	BMP	None	2020-07-01 00:00:00	2020-10-01 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - 6hr Web Attacks (IP=165,DE)
161.35.29.220	24	GM	None	2020-04-15 00:00:00	2020-07-15 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=220,DE)
161.35.46.248	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=248,US)
161.35.5.101	32	RR	None	2020-09-20 00:00:00	2020-12-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=101,US)
161.35.68.124	32	DT	None	2020-04-23 00:00:00	2020-07-22 00:00:00	None	MALWARE-BACKDOOR Win.Backdoor.Chopper webshell inbound request attempt - SourceFire (IP=124,US)
161.35.70.173	32	RB	None	2020-05-05 00:00:00	2020-08-03 00:00:00	None	TO-S-2020-0495/ Multiple Blocks - TT# 20C02618 (IP=173,US)
161.35.93.27	24	FT	None	2020-09-19 00:00:00	2020-12-18 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=27,NL)
161.35.97.10	32	DT	None	2020-06-23 00:00:00	2020-09-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=10,US)
161.69.123.10	32	dbc	None	2019-09-02 00:00:00	2020-03-24 00:00:00	None	US TO-S-2019-0952 Malware Activity | unblocked INC000007738802 IP address is now owned by McAfee
161.77.56.31	32	GM	None	2020-03-24 00:00:00	2020-06-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=31,US)
161.97.74.121	24	RW	None	2020-08-08 00:00:00	2020-11-08 00:00:00	None	POLICY-OTHER Cisco IOS XE default one-time password login detected - Sourcefire (IP=121,DE)
162.125.4.1	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
162.125.4.6	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malware Activity
162.125.67.6	32	wmp	None	2020-08-03 00:00:00	2020-11-03 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=6,US)
162.13.161.71	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=71,GB)
162.13.172.46	24	RR	None	2020-08-06 00:00:00	2020-11-04 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=46,GB)
162.144.105.230	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
162.144.113.23	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
162.144.119.216	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
162.144.129.26	32	GM	None	2020-02-10 00:00:00	2020-05-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 20C01674 (IP=26,US) | updated by RB Block expiration extended with reason HTTP: PHP File Inclusion Vulnerability - TT# 20C01674 (IP=26,US)
162.144.14.245	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
162.144.148.215	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
162.144.16.130	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
162.144.178.228	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
162.144.179.138	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	NL TO-S-2019-0926 Malicious Email Activity
162.144.184.121	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0734.01 Malicious Email Activity
162.144.194.171	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malicious Email Activity
162.144.197.61	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malicious Email Activity
162.144.204.177	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=177,US)
162.144.208.198	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malicious Email Activity
162.144.214.26	32	KF	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	SQL HTTP URI blind injection attempt (IP=26,US)
162.144.214.91	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
162.144.22.76	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
162.144.255.104	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
162.144.29.27	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=27,US)
162.144.35.78	24	klb	None	2015-03-16 05:00:00	2020-02-22 00:00:00	None	Malware CnC Callouts (IP=78 US) | updated by dbc with reason US TO-S-2019-0431 Malicious Email Activity
162.144.36.6	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
162.144.49.228	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Web Application Activity
162.144.51.56	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Web Application Activity
162.144.55.80	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Web Application Activity
162.144.66.103	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
162.144.68.2	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
162.144.72.14	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malicious Email Activity
162.144.74.38	32	KF	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	SQL HTTP URI blind injection attempt (IP=38,US)
162.144.80.21	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
162.144.82.185	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0747 Malicious Email Activity
162.155.39.37	32	RW	None	2020-04-11 00:00:00	2020-07-11 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - 6hr web attacks (IP=37,US)
162.208.117.53	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
162.208.89.62	32	jky	None	2017-12-07 06:00:00	2020-11-18 00:00:00	None	CA TO-S-2018-0198 Malware activity | updated by wmp Block was inactive. Reactivated on 20200820 with reason HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=62,CA)
162.209.175.138	32	KF	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=138,US)
162.209.213.50	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=50,CN)
162.209.225.90	32	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Immediate Inbound Network Block - TT# 20C00812 (IP=90,US)
162.211.127.78	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=78,DE)
162.211.86.133	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=133,US)
162.212.113.44	24	KF	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=44,CA)
162.212.57.211	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=211,US)
162.214.11.182	32	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Generic ArcSight scan attempt (IP=182,US)
162.214.110.98	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=98,US)
162.214.16.191	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=191,US)
162.214.16.23	32	KF	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	SQL HTTP URI blind injection attempt (IP=23,US)
162.214.54.145	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=145,US)
162.214.76.195	32	GL	None	2020-08-12 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=195,US) | updated by wmp Block expiration extended with reason HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=195,US)
162.214.77.153	32	RR	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Blueimp jQuery File Upload arbitrary PHP file upload attempt - Web Attacks (IP=153,US)
162.214.77.8	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=8,US)
162.214.79.145	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=145,US)
162.214.92.117	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=117,US)
162.214.92.43	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=43,US)
162.214.95.239	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=239,US)
162.215.240.160	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
162.215.248.174	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	US TO-S-2019-0608 Malicious Email Activity
162.215.249.87	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
162.215.253.210	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
162.215.253.215	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	US TO-S-2019-0634 Malware Activity
162.217.250.243	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
162.217.70.57	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=57,XX)
162.219.176.58	24	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=58,CA)
162.219.179.138	32	GM	None	2020-10-02 00:00:00	2020-01-02 00:00:00	None	Unauthorized Access-Probe - TT # 21C00008 (IP=138,CA)
162.219.248.137	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
162.219.248.247	32	JKC	None	2017-12-08 06:00:00	2020-04-26 00:00:00	None	TIP-17-1243 (IP=247,US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
162.219.250.98	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0747 Malicious Email Activity
162.220.11.2	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
162.220.52.117	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Web Application Activity
162.220.52.129	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Web Application Activity
162.220.53.43	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	US TO-S-2019-0409 Malicious Service Disruption Activity
162.220.8.212	32	GLM	None	2017-01-03 06:00:00	2020-07-18 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=212,US) | updated by dbc with reason US TO-S-2019-0831 Malicious Email Activity
162.221.189.210	32	dbc	None	2019-08-22 00:00:00	2020-05-27 00:00:00	None	US TO-S-2019-0926 Malicious Email Activity | unblocked: TO-S-2020-0570 Lift block since mitigations from TO-S-2019-0926 on this IP is no longer required
162.221.190.147	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
162.222.215.216	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
162.222.225.77	24	dbc	None	2014-12-10 06:00:00	2020-02-15 00:00:00	None	Danmec Bot SQL Injection Attack (IP=77, VG) | updated by kmw with reason VG TO-S-2019-0194 Malicious Email Activity | update
162.222.226.70	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=70,US)
162.223.89.190	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NL TO-S-2020-0006 Malicious Email Activity
162.223.89.211	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NL TO-S-2020-0006 Malicious Email Activity
162.223.89.51	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NL TO-S-2020-0006 Malicious Email Activity
162.223.89.53	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
162.223.89.75	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	CA TO-S-2020-0006 Malicious Email Activity
162.223.91.10	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NL TO-S-2020-0006 Malicious Email Activity
162.223.91.112	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NL TO-S-2020-0006 Malicious Email Activity
162.223.91.25	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NL TO-S-2020-0006 Malicious Email Activity
162.241.104.141	32	GM	None	2020-06-23 00:00:00	2020-08-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=141,US)
162.241.105.43	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=43,US)
162.241.114.13	32	wmp	None	2020-07-08 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3254 COLS-NA-TIP-20-0204 (IP=13,US) | updated by wmp Block expiration extended with reason HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=13,US)
162.241.115.159	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=159,US)
162.241.115.70	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=70,US)
162.241.12.221	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
162.241.130.39	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
162.241.133.235	32	RW	None	2020-02-26 00:00:00	2020-05-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=235,US)
162.241.138.75	32	RWB	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Web Application Attack - SQL HTTP URI blind injection attempt - SourceFire (IP=75,US)
162.241.148.100	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
162.241.148.21	32	RW	None	2020-08-09 00:00:00	2020-11-09 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=21,US)
162.241.148.33	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
162.241.149.224	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=224,US)
162.241.155.125	32	wmp	None	2020-07-07 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=125,US) | updated by wmp Block expiration extended with reason HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=125,US) | updated by wmp Block expiration extended with reason HIVE Case #3601 COLS-NA-TIP-20
162.241.157.87	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
162.241.159.183	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	US TO-S-2019-0608 Malicious Email Activity
162.241.177.220	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
162.241.178.219	32	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=219,US)
162.241.186.207	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
162.241.188.45	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
162.241.191.35	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malware Activity
162.241.193.116	32	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=116,US)
162.241.2.197	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=197, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
162.241.2.89	32	RW	None	2020-08-09 00:00:00	2020-11-09 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=89,US)
162.241.201.82	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Web Application Activity
162.241.203.100	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
162.241.203.101	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
162.241.203.110	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=110,US)
162.241.216.143	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0363.01 Malicious Email Activity
162.241.216.179	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=179,US)
162.241.217.126	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
162.241.218.226	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=226,US)
162.241.219.104	32	dbc	None	2019-01-30 00:00:00	2020-01-30 00:00:00	None	US TO-S-2019-0370 Malicious Email Activity
162.241.224.119	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
162.241.224.242	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
162.241.225.129	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
162.241.225.141	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
162.241.225.66	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=66, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
162.241.226.25	32	RW	None	2020-08-09 00:00:00	2020-11-09 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=25,US)
162.241.226.73	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
162.241.230.104	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
162.241.24.173	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=173,US)
162.241.24.176	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=176,US)
162.241.24.182	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3576 CTO-20-226 (IP=182,US)
162.241.24.194	32	KF	None	2019-12-02 00:00:00	2020-03-02 00:00:00	None	SQL HTTP URI blind injection attempt (IP=194,US) | updated by KF Block expiration extended with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=194,US)
162.241.24.212	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	US TO-S-2020-0012 Malicious Email Activity
162.241.24.221	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=221,US)
162.241.24.227	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=227,US)
162.241.24.26	32	KF	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	SQL HTTP URI blind injection attempt (IP=26,US)
162.241.24.29	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=29,US)
162.241.24.68	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=68,US)
162.241.24.80	32	KF	None	2019-12-02 00:00:00	2020-03-02 00:00:00	None	SQL HTTP URI blind injection attempt (IP=80,US) | updated by KF Block expiration extended with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=80,US)
162.241.24.98	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=98,US)
162.241.242.172	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
162.241.243.169	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=169,US)
162.241.243.65	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
162.241.252.116	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
162.241.252.212	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3576 CTO-20-226 (IP=212,US)
162.241.253.126	32	KF	None	2020-07-01 00:00:00	2020-09-29 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=126,US)
162.241.253.156	32	GM	None	2020-08-11 00:00:00	2020-11-10 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=156,US)
162.241.26.32	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
162.241.35.97	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
162.241.42.36	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
162.241.47.217	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
162.241.50.117	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=117,US)
162.241.60.179	32	RW	None	2020-08-09 00:00:00	2020-11-09 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=179,US)
162.241.67.232	32	BMP	None	2020-11-04 00:00:00	2020-02-02 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=232,US)
162.241.69.94	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=94,US)
162.241.71.226	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=226,US)
162.241.92.219	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
162.241.94.106	32	KF	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C01566 (IP=106,US)
162.241.96.212	24	RR	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=212,US)
162.242.150.205	24	saj	None	2014-04-05 05:00:00	2020-08-06 00:00:00	None	ET SCAN Potential VNC Scan | updated by dbc with reason US TO-S-2019-0864 Malware Activity
162.243.12.235	16	dlb	None	2014-04-23 05:00:00	2020-04-04 00:00:00	None	TCP Host Sweeps (IP=235, US) | updated by sjl with reason ET SCAN Potential VNC Scan 5900-5920 (IP=189 US) | updated by bob
162.243.137.42	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Denial of service - TT# 20C02739 (IP=42,US)
162.243.139.85	32	RW	None	2020-05-13 00:00:00	2020-06-13 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02744 (IP=85,US)
162.243.94.24	32	wmp	None	2020-09-24 00:00:00	2020-12-23 00:00:00	None	HIVE Case #3974 COLS-NA-TIP-20-0301 (IP=24,US)
162.244.253.109	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
162.244.80.180	32	DT	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - Sourcefire (IP=180,US)
162.244.80.192	32	RW	None	2020-05-30 00:00:00	2020-08-30 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (1:29831:3) - Sourcefire (IP=192,US)
162.244.80.38	32	RB	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C00152 (IP=38,US)
162.246.20.118	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=118,US)
162.247.100.177	32	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan
162.247.100.177	32	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=177,US)
162.247.100.177	32	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=177,US)
162.247.97.205	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malicious Web Application Activity
162.247.98.86	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malicious Web Application Activity
162.247.99.34	32	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Immediate Inbound Network Block - TT# 20C00806 (IP=34,US)
162.248.247.184	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NL TO-S-2020-0006 Malicious Email Activity
162.248.247.185	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	CA TO-S-2020-0006 Malicious Email Activity
162.248.54.211	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malware Activity
162.250.120.125	32	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat - SourceFire (IP=125,US)
162.250.123.39	32	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=39,US)
162.250.124.34	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
162.250.145.204	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	JP TO-S-2019-0777 Malicious Email Activity
162.250.145.222	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	JP TO-S-2019-0777 Malicious Email Activity
162.250.145.234	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	JP TO-S-2019-0777 Malicious Email Activity
162.250.97.118	32	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Immediate Inbound Network Block - TT# 20C00953 (IP=118,US)
162.250.97.13	32	KF	None	2020-06-11 00:00:00	2020-09-09 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=13,US)
162.250.97.47	32	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password (IP=47,US)
162.250.98.200	32	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=200,US)
162.251.108.41	32	GM	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - Sourcefire (IP=41,US)
162.251.20.92	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	US TO-S-2020-0206 Malicious Web Application Activity
162.251.20.92	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0212.01 Malicious Web Application Activity
162.251.23.213	24	JKC	None	2019-01-07 06:00:00	2020-01-10 00:00:00	None	WPC REGIONAL Fireeye multiple alerts MPS (IP=213, VG) | updated by RW with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 19C03076 (IP=177,US) | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attem
162.251.232.173	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0781 Malicious Email Activity
162.251.80.24	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
162.251.85.114	32	wmp	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=114,US)
162.252.57.34	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=34, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
162.252.57.68	32	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	US TO-S-2019-0593 Malicious Email Activity
162.252.83.54	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malicious Email Activity
162.253.224.14	32	RR	None	2019-01-29 00:00:00	2020-09-10 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (IP=14,US) | updated by dbc with reason US TO-S-2019-0972 Malware Activity
162.253.225.161	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
162.253.252.10	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	CA TO-S-2019-0604 Malicious Email Activity
162.253.71.36	32	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=36,US)
162.254.9.149	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=149,US)
162.255.119.159	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=159,US)
162.255.119.20	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	US TO-S-2020-0109.01 Malicious Email Activity
162.255.119.240	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
162.255.119.242	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
162.255.119.58	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0781 Malicious Email Activity
162.255.119.9	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=9,US)
162.255.119.93	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
162.255.119.95	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
162.255.167.42	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
163.172.105.120	32	RW	None	2020-02-07 00:00:00	2020-03-07 00:00:00	None	Unauthorized Access-Prove - TT# 20C01642(IP=120,FR)
163.172.105.120	32	RW	None	2020-02-07 00:00:00	2020-03-07 00:00:00	None	Unauthorized Access-Prove - TT# 20C01642(IP=120,FR)
163.172.106.101	32	RW	None	2019-12-30 00:00:00	2020-01-30 00:00:00	None	Unauthorized Access-Probe - TT# 20C01304(IP=101,FR)
163.172.106.188	32	RW	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	Unauthorized Access-Probe - TT# 20C01301 (IP=188,US)
163.172.107.183	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C01734 (IP=183,FR)
163.172.108.219	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=219,FR)
163.172.114.154	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=154,FR)
163.172.12.148	24	GM	None	2020-01-15 00:00:00	2020-04-15 00:00:00	None	FIREEYE Web: Infection Match - Case # 1876 (IP=148 FR) | 2020-04-15 | 2018-03-16
163.172.125.41	24	GM	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=41,FR)
163.172.134.114	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Misc Activity - INDICATOR-SCAN SSH brute force login attempt - sourcefire (IP=114,FR)
163.172.135.13	24	FT	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	SERVER-OTHER Adobe ColdFusion unauthenticated file upload attempt - Sourcefire (IP=244,GB)
163.172.139.21	24	MLJ	None	2017-07-04 05:00:00	2020-02-04 00:00:00	None	ET SCAN Potential VNC Scan 5900-5920 (IP=21,FR) | updated by RR with reason Failed password for invalid user (IP=106,GB) |
163.172.147.35	24	MLJ	None	2016-11-21 06:00:00	2020-08-15 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (IP=35,GB) | updated by RB with reason Illegal user (IP=14,GB) | 2019-01-09 | 2017-02-1 | updated by dbc with reason FR TO-S-2019-0890.01 Malicious Email Activity
163.172.15.47	24	jkc	None	2016-04-13 05:00:00	2020-02-15 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt (IP=47, GB) | updated by dbc with reason FR TO-S-2019-0409 Malici
163.172.156.126	24	MLJ	None	2017-06-02 05:00:00	2020-06-18 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=126,GB) | updated by dbc with reason FR TO-S-2019-0747 Malicious Email Activity
163.172.168.36	24	RW	None	2020-08-28 00:00:00	2020-11-28 00:00:00	None	Exploit attempts - Hive Case #3686 (IP=36,GB)
163.172.176.16	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Authentication Failed 6 hr Failed Logon (IP=16,FR)
163.172.177.222	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=222,FR)
163.172.185.147	24	MLJ	None	2016-12-06 06:00:00	2020-02-24 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (IP=147,GB) | updated by jky with reason FR TO-S-2017-1115 Malicious activity | upda | updated by RR with reason SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=64,FR)
163.172.185.64	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	HTTP: test-cgi Directory Listing - 6hr web attacks (IP=64,FR)
163.172.187.237	24	MLJ	None	2017-07-10 05:00:00	2020-03-06 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=237,GB) | updated by GM with reason Failed password - Failed Logons (IP=30,FR)
163.172.198.253	32	RW	None	2020-03-12 00:00:00	2020-04-12 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C02127(IP=253,FR)
163.172.206.6	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=6,FR)
163.172.226.252	24	jkc	None	2016-09-12 05:00:00	2020-04-22 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (IP=252, GB) | updated by dbc with reason FR TO-S-2019-0613 Malware Activity
163.172.232.61	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=61,FR)
163.172.240.197	24	RR	None	2019-10-28 00:00:00	2020-02-15 00:00:00	None	Generic ArcSight scan attempt (IP=197,FR) | updated by RW Block expiration extended with reason PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=146,IN)
163.172.251.210	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	FR TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason FR TO-S-2020-0212.01 Malware Activity
163.172.251.80	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password - Failed Logons (IP=80 ,FR)
163.172.34.61	24	None	None	None	2020-03-12 00:00:00	None	| updated by dbc with reason FR TO-S-2019-0488 Malicious Email Activity
163.172.40.184	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=184,FR)
163.172.44.172	24	CR	None	2018-05-31 05:00:00	2020-06-18 00:00:00	None	ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack (IP=172,FR) | updated by dbc with reason FR TO-S-2019-0734.01 Malicious Email Activity
163.172.45.46	24	EDBT	None	2018-01-08 06:00:00	2020-03-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=46,GB) | updated by jky with reason FR TO-S-2018-0683 Malware act | updated by GM with reason Failed password - Failed Logons (IP=69,FR)
163.172.5.104	24	RWB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	Web Application Attack - SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=104,FR)
163.172.50.34	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Failed password - Failed Logon (IP=34,FR)
163.172.59.84	24	YM	None	2018-05-21 05:00:00	2020-04-26 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=84,FR) | updated by JKC with reason TIPPR19-0140 (IP=35, FR | updated by db
163.172.66.245	24	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	UDP: Host Sweep - Automated Block Calculations (IP=245,FR)
163.172.66.247	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	FR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason FR TO-S-2020-0212.01 Malicious Web Application Activity
163.172.67.170	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=170,FR)
163.172.7.97	24	MLJ	None	2017-12-18 06:00:00	2020-01-26 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=97,GB) | updated by RR with reason 16311: HTTP: FreePBX config.php Command Execution Vulnerability - TT# 19C02275 (IP=215,FR) | updated by RR with reason OS-OTHER Bash CGI environment vari
163.172.82.44	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=44,FR)
163.172.84.81	24	GM	None	2018-01-09 06:00:00	2020-02-11 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=81,GB) | updated by GM with reason Invalid user - Failed Logons (IP=50,FR)
163.172.9.34	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=34,FR)
163.182.174.197	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
163.239.97.46	24	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	Illegal user_6 hr Failed Logons (IP=46,KR)
163.24.147.140	24	CW	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=40,TW)
163.44.148.132	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02676 (IP=132,US)
163.44.148.197	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	SG TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason SG TO-S-2020-0212.01 Malicious Web Application Activity
163.44.170.33	24	RR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	Illegal user - Failed Logons (IP=33,JP)
163.44.192.0	22	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,VN)
163.44.198.57	32	wmp	None	2020-08-12 00:00:00	2020-11-12 00:00:00	None	HIVE Case #3477 COLS-NA-TIP-20-0244 (IP=57,TH)
163.44.207.13	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
163.47.145.250	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Authentication Failed - Failed Logons (IP=250,BD)
163.47.72.161	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	AU TO-S-2019-0723 Malicious Email Activity
163.53.151.234	24	RR	None	2018-09-27 05:00:00	2020-03-26 00:00:00	None	Illegal user (IP=234,BD) | updated by RB with reason HTTP: ThinkPHP Framework Code Injection Vulnerability - TT# 20C01258 (IP=36,BD)
163.53.185.226	24	CR	None	2020-08-30 00:00:00	2020-11-30 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=226,ID)
163.53.244.51	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=51,IN)
164.115.41.175	24	RR	None	2018-12-13 06:00:00	2020-01-13 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=175,TH) | updated by KF Block was inactive. Reactivated on 20191015 with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_6 hr web attacks (IP=175,TH)
164.132.107.209	24	BLP	None	2016-10-13 05:00:00	2020-02-20 00:00:00	None	failed keyboard interactive (IP=209,FR) | updated by RR with reason Illegal user (IP=245,IT) | updated by RR with reason Invalid user - Failed Logons (IP=2,FR)
164.132.110.223	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=223,FR)
164.132.111.76	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Invalid user - Failed Logon (IP=76,FR)
164.132.137.165	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	GB TO-S-2019-0852 Malicious Email Activity
164.132.145.70	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Failed password - Failed Logons (IP=70,IT)
164.132.156.208	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=208,NL)
164.132.178.20	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	FR TO-S-2019-0488 Malicious Email Activity
164.132.192.5	24	RR	None	2019-01-13 06:00:00	2020-03-08 00:00:00	None	Illegal user (IP=5,IT) | updated by BP Block was inactive. Reactivated on 20191209 with reason Failed password (IP=5,FR)
164.132.213.119	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	FR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason FR TO-S-2020-0212.01 Malicious Web Application Activity
164.132.42.115	24	RR	None	2018-12-13 06:00:00	2020-03-03 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=115,FR) | updated by RR with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 19C03310 (IP=115,FR) | updated by RR with reason Failed password for invalid user - Failed L
164.132.46.197	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=197,FR)
164.132.5.145	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	FR TO-S-2019-0852 Malicious Email Activity
164.132.5.190	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Generic ArcSight scan attempt (IP=190,FR)
164.132.53.1	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=1,FR)
164.132.54.246	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 Hr Failed Logons (IP=246,FR)
164.132.62.241	24	RR	None	2018-01-06 06:00:00	2020-03-03 00:00:00	None	Illegal user (IP=241,IT) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=233,FR)
164.132.67.216	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	FR TO-S-2019-0890.01 Malicious Email Activity
164.132.67.29	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=29,FR)
164.132.73.220	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=220,FR)
164.132.74.64	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=64,FR)
164.132.92.162	32	KF	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	Known Attack Tool User / BOT: Mirai Echobot Activity Detected - TT# 010420-00016 (IP=162,DE)
164.132.98.7	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Invalid user -Failed Logons (IP=7,FR)
164.138.209.41	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	ES TO-S-2019-0577 Malicious Email Activity
164.154.226.90	32	RWB	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Attempted User Privilege Gain - FTPP_FTP_RESPONSE_LENGTH_OVERFLOW - SourceFire (IP=90,US)
164.155.115.147	32	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=147,US)
164.155.228.14	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=14,US)
164.155.76.220	32	GM	None	2020-07-12 00:00:00	2020-10-12 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=220,US)
164.155.77.3	24	RR	None	None	2020-06-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=3,US)
164.155.77.3	32	GM	None	2020-03-24 00:00:00	2020-06-24 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=3,US)
164.160.128.0	22	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	NG TO-S-2019-0985 Application Vulnerability Exploit
164.160.150.4	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=4,ZA)
164.160.91.22	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	ZA TO-S-2019-0640.01 Malicious Email Activity
164.163.224.159	32	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent - TT# 20C02032 (IP=159,US)
164.177.42.33	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Invalid user - Failed Logon (IP=33,FR)
164.40.250.238	24	GM	None	2020-09-15 00:00:00	2020-12-15 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=238,MK)
164.52.12.210	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=210,HK)
164.52.193.155	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=155,IN)
164.52.24.138	24	RB	None	2017-12-28 06:00:00	2020-01-15 00:00:00	None	ET SCAN Potential SSH Scan (IP=138,HK) | updated by RR with reason APP-DETECT failed FTP login attempt - Failed Logons (IP=165,HK)
164.52.29.174	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=174,US)
164.52.42.134	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=134,US)
164.68.100.57	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	AE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason AE TO-S-2020-0212.01 Malicious Web Application Activity
164.68.102.231	24	RB	None	None	2020-06-27 00:00:00	None	HTTP: HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=231,DE)
164.68.108.169	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	DE TO-S-2020-0109.01 Malicious Email Activity
164.68.112.101	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	DE TO-S-2020-0109.01 Malicious Email Activity
164.68.112.178	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	TCP: SYN Host Sweep (IP=178,CN)
164.68.125.156	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Illegal user - 6hr Logon (IP=156,DE)
164.70.162.135	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=146,IN)
164.8.132.62	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=62,SI)
164.88.127.184	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=184,ZA)
165.110.5.66	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malware Activity
165.16.0.0	17	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	LY TO-S-2019-0972 Malicious Web Application Activity
165.169.147.126	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=126,RE)
165.169.235.9	24	BMP	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - 6hr Web Attacks (IP=9,RE)
165.194.86.87	24	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Illegal user - Failed Logons (IP=87,KR)
165.22.101.190	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=190,SG)
165.22.103.19	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=19,SG)
165.22.104.14	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=14,SG)
165.22.109.15	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=15,CN)
165.22.112.87	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=87,GB)
165.22.118.94	24	RB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	SQL generic convert injection attempt - GET parameter_Sourcefire (IP=94,GB)
165.22.125.48	32	BMP	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 20C01568 (IP=48,US)
165.22.126.251	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=251,GB)
165.22.134.180	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malware Activity
165.22.144.1	32	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=1,US)
165.22.154.146	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
165.22.160.32	32	BP	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Failed password for invalid user - Failed Logons (IP=32,US) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=32,US)
165.22.172.93	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
165.22.182.168	32	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password for invalid user - Failed Logons (IP=168,US)
165.22.187.109	32	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	FPSE: administrators.pwd Access - TT# 20C00177 (IP=109,US)
165.22.193.70	24	RB	None	2020-06-06 00:00:00	2020-09-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=70,NL)
165.22.195.27	24	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=27,NL)
165.22.199.31	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	NL TO-S-2019-0952 Malicious Email Activity
165.22.200.136	24	KF	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (1:51370:1) - SourceFire (IP=136,NL)
165.22.202.169	24	CR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=169,NL)
165.22.205.192	32	DT	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=192,US)
165.22.207.148	32	RR	None	2020-06-26 00:00:00	2020-09-25 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C03291 (IP=148,US)
165.22.211.7	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=7,IN)
165.22.211.73	32	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password - 6hr Logon (IP=73,US)
165.22.212.168	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malicious Web Application Activity
165.22.213.206	32	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02788 (IP=206,US)
165.22.215.62	24	RW	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	TCP: SYN Host Sweep (IP=62,IN)
165.22.220.33	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malicious Web Application Activity
165.22.226.4	32	RR	None	2019-09-16 00:00:00	2020-09-30 00:00:00	None	TO-S-2019-1000//Scanning traffic- TT# 19C03274 (IP=4,US) | updated by dbc Block expiration extended with reason CA TO-S-2019-1036 Malicious Reconnaissance Activity
165.22.230.127	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	CA TO-S-2020-0031 Malicious Email Activity
165.22.232.187	24	RR	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=187,CA)
165.22.234.246	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	CA TO-S-2019-0890.01 Malicious Email Activity
165.22.236.128	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malware Activity
165.22.240.146	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=146,SG)
165.22.245.236	24	BP	None	2019-11-20 00:00:00	2020-02-20 00:00:00	None	Authentication Failed (IP=236,SG)
165.22.246.63	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=63,SG)
165.22.251.11	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	SG TO-S-2020-0047 Malicious Email Activity
165.22.31.117	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
165.22.4.8	32	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=8,US)
165.22.51.23	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=23,SG)
165.22.52.20	24	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=20,SG)
165.22.58.237	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=237,XX)
165.22.62.234	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=234,SG) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
165.22.63.55	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02809 (IP=55,US)
165.22.70.56	32	RW	None	2020-07-18 00:00:00	2020-10-18 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=56,US)
165.22.79.166	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity
165.22.79.166	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0212.01 Malicious Web Application Activity
165.22.80.239	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - SourceFire (IP=239,DE)
165.22.81.69	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity
165.22.81.69	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0212.01 Malicious Web Application Activity
165.22.84.195	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=195,XX)
165.22.90.106	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=106,XX)
165.225.72.41	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	DE TO-S-2020-0187 Malicious Email Activity
165.227.115.93	32	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP= 93 , US )
165.227.138.124	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	DE TO-S-2019-0613 Malware Activity
165.227.144.143	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity
165.227.144.143	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0212.01 Malicious Web Application Activity
165.227.15.24	32	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Known Attack Tool User Agent - 20C01707 (IP=24,US)
165.227.166.144	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	DE TO-S-2019-0571 Malicious Email Activity
165.227.18.253	32	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - 20C01705 (IP=253,US)
165.227.187.17	32	BMP	None	2020-05-02 00:00:00	2020-07-31 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=17,US)
165.227.199.253	32	RR	None	2020-04-28 00:00:00	2020-07-27 00:00:00	None	SERVER-WEBAPP CCTV-DVR command injection attempt - Web Attacks (IP=253,US)
165.227.201.194	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
165.227.203.162	32	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=162,US)
165.227.210.114	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=114,US)
165.227.213.164	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
165.227.221.225	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=225,US)
165.227.229.15	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	GB TO-S-2019-0769 Malicious Email Activity
165.227.26.250	32	CR	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=250,US)
165.227.26.69	32	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Failed password - Failed Logons (IP=69,US)
165.227.35.206	24	BMP	None	2020-06-01 00:00:00	2020-09-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=206,CA)
165.227.37.133	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=133,CA)
165.227.38.197	24	BMP	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=197,CA)
165.227.45.12	24	ABC	None	2018-01-06 06:00:00	2020-04-19 00:00:00	None	Generic ArcSight scan attempt (IP=12,XX) | updated by dbc with reason CA TO-S-2019-0608 Malware Activity
165.227.46.53	24	EDBT	None	2018-04-01 05:00:00	2020-02-07 00:00:00	None	ET SCAN Potential SSH Scan (IP=53 CA) | updated by RB with reason Failed password for invalid user_6 hr Failed Logons (IP=221,CA) | 2020-02-07 | 2018-06-30
165.227.48.147	32	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	Immediate Inbound Network Block - TT# 20C00141 (IP=147,US)
165.227.51.46	32	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=46,US)
165.227.73.144	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
165.227.80.114	32	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=114,US)
165.227.83.167	32	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent - TT# 20C00046 (IP=167,US)
165.227.84.119	32	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=119,US)
165.227.84.52	32	RW	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=52,US)
165.227.9.184	32	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=184,US)
165.227.93.57	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
165.227.93.57	32	RB	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Known Attack Tool User Agent - TT# 20C01597 (IP=57 US)
165.227.93.81	24	ABC	None	2018-02-27 06:00:00	2020-01-09 00:00:00	None	ET POLICY Suspicious inbound to PostgreSQL port 5432 (IP=81,XX) | updated by RB with reason Invalid user (IP=58,US) | updated by RR with reason SERVER-WEBAPP Atvise denial of service attempt - Web Attacks (IP=57,US)
165.227.94.247	32	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	US TO-S-2019-0985 Malicious Email Activity
165.227.97.84	32	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	TCP: SYN Host Sweep (IP=84,US)
165.231.161.12	24	CR	None	2019-03-20 00:00:00	2020-03-28 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (IP=12,SE) | updated by dbc with reason FI TO-S-2019-0546 Malware Act
165.232.66.62	24	GM	None	2020-09-05 00:00:00	2020-12-05 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=62,DE)
165.232.73.22	32	DT	None	2020-09-11 00:00:00	2020-12-11 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03880 (IP=22,US)
165.3.120.165	24	BMP	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=165,ZA)
165.98.96.34	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=34,NI)
166.130.90.17	32	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=17,US)
166.155.47.131	32	GM	None	2019-06-27 00:00:00	2020-01-02 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=131,US) | updated by RR with reason APP-DETECT failed FTP login attempt - Failed Logons (IP=131,US)
166.62.10.145	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
166.62.10.28	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
166.62.10.29	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
166.62.103.147	32	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	Web (HTTP) Attacks (IP=147,US)
166.62.103.250	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
166.62.27.63	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
166.62.28.117	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malicious Email Activity
166.62.28.134	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malware Activity
166.62.28.136	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
166.62.28.144	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
166.62.28.83	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
166.62.28.84	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
166.62.28.92	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
166.62.39.27	32	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=27,US)
166.62.41.29	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=29, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
166.62.72.228	32	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity
166.62.78.4	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malicious Email Activity
166.62.92.36	32	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - sourcefire (IP=36,US)
166.62.92.37	32	RR	None	2019-07-28 00:00:00	2020-07-29 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=37,US) | updated by KF Block was inactive. Reactivated on 20200302 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01917 (IP=37,US) | updated by BMP Block was
167.114.0.31	24	GLM	None	2016-12-17 06:00:00	2020-03-26 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=31,CA) | updated by RR with reason Failed password for invalid
167.114.100.72	32	DT	None	2020-06-17 00:00:00	2020-09-17 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03212 (IP=72,US)
167.114.124.47	32	wmp	None	2020-08-25 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=47,CA) | updated by wmp Block expiration extended with reason HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=47,CA)
167.114.152.27	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Failed password_6 Hr Failed Logons (IP=27,CA)
167.114.157.70	24	klb	None	2015-03-18 05:00:00	2020-07-05 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=70 CA) | updated by dbc with reason CA TO-S-2019-0800 Malicious Email Activity
167.114.180.100	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	CA TO-S-2019-0831 Malicious Email Activity
167.114.180.106	32	dbc	None	2019-02-27 00:00:00	2020-02-27 00:00:00	None	CA TO-S-2019-0444 Malware Activity
167.114.185.237	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=237,CA)
167.114.230.252	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Failed password - Failed Logons (IP=252,FR)
167.114.24.142	24	EDBT	None	2017-08-13 05:00:00	2020-02-22 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (IP=142,CA) | updated by dbc with reason CA TO-S-
167.114.242.179	24	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=179,FR)
167.114.83.168	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	CA TO-S-2019-0431 Malicious Email Activity
167.160.174.26	32	KF	None	2018-10-01 05:00:00	2020-02-04 00:00:00	None	Possible SQLi attempt (IP=26,US) | updated by RWB Block was inactive. Reactivated on 20191106 with reason SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Web Attacks (IP=26,US)
167.160.174.26	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Sourcefire (IP=135,JP)
167.160.186.136	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
167.172.104.251	24	RWB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=251,DE)
167.172.105.219	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=219,XX)
167.172.107.210	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=210,XX)
167.172.113.204	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=204,GB)
167.172.132.231	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=231,XX)
167.172.138.137	32	BMP	None	2020-05-02 00:00:00	2020-07-31 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=137,US)
167.172.158.147	32	GM	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02976 (IP=147,US)
167.172.158.192	32	KF	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	Known Attack Tool User Agent / 20086 HTTP Muieblackcat Security - TT# 20C02229 (IP=192,US)
167.172.17.124	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 020420-00068 (IP=124,US)
167.172.17.219	32	GM	None	2019-12-16 00:00:00	2020-03-16 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Sourcefire (IP=219,US)
167.172.176.145	32	BMP	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - TT# 20C03519 (IP=145,US)
167.172.18.228	32	BMP	None	2020-06-14 00:00:00	2020-09-12 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) - SourceFire (IP=228,US)
167.172.183.42	24	RWB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=42,DE)
167.172.199.194	32	RW	None	2020-05-09 00:00:00	2020-08-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=194,US)
167.172.207.15	24	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	UDP: Host Sweep (IP=15,US)
167.172.215.117	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=117,US)
167.172.232.99	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Failed password for invalid user -Failed Logons (IP=99 ,GB)
167.172.255.110	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0196 SAR-2019-069 Pre-stage for Future Campaign Targeting USAFRICOM
167.172.255.69	32	DT	None	2020-07-24 00:00:00	2020-10-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03551 (IP=69,US)
167.172.35.157	32	DT	None	2020-07-31 00:00:00	2020-10-31 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=157,US)
167.172.36.176	24	KF	None	2020-05-24 00:00:00	2020-08-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=176,GB)
167.172.43.117	32	RR	None	2020-07-29 00:00:00	2020-10-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=117,US)
167.172.44.239	32	RW	None	2020-06-16 00:00:00	2020-09-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=239,NL)
167.172.46.71	32	RW	None	2020-06-29 00:00:00	2020-09-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=46,US)
167.172.47.243	32	RR	None	2020-07-28 00:00:00	2020-10-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=243,US)
167.172.49.111	32	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	Known Attack Tool User Agent/28744: HTTP: MASSCAN Tool Usage - TT# 20C01471 (IP=111,US)
167.172.52.204	24	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=204,GB)
167.172.53.64	24	BMP	None	2020-06-05 00:00:00	2020-09-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=64,GB)
167.172.63.102	24	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=102,US)
167.172.66.56	32	RR	None	2020-01-08 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP D-Link DNS-320 ShareCenter command injection attempt - TT# 20C01379 (IP=56,US)
167.172.82.226	32	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=226 US)
167.179.13.84	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=84,NZ)
167.179.86.56	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	JP TO-S-2019-0640.01 Malware Activity
167.206.164.77	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=77,US)
167.249.255.73	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=73,MX)
167.249.38.212	32	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02045 (IP=212,US)
167.250.7.5	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=5,AR)
167.250.72.163	24	RW	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=163,BR)
167.59.21.193	24	RR	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=193,UY)
167.59.70.207	24	RR	None	2020-01-03 00:00:00	2020-04-02 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=207,UY)
167.59.73.254	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=254,UR)
167.60.140.241	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=241,UY)
167.60.30.36	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Authentication Failed Failed_Failed Logon (IP=36,UY)
167.60.43.37	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=37,UY)
167.62.122.252	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logon (IP=252,UY)
167.71.103.255	32	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - 20C01702 (IP=255,US)
167.71.121.229	32	RW	None	2020-04-17 00:00:00	2020-07-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=229,US)
167.71.123.235	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
167.71.135.51	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=51,GB)
167.71.136.50	24	RR	None	None	2020-06-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=50,GB)
167.71.141.149	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malicious Web Application Activity
167.71.158.178	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
167.71.167.24	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malware Activity
167.71.192.113	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malicious Web Application Activity
167.71.199.239	24	GM	None	2020-06-10 00:00:00	2020-08-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=239,SG)
167.71.201.242	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=242,XX)
167.71.210.72	32	BMP	None	2020-06-05 00:00:00	2020-09-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=72,US)
167.71.210.72	24	RW	None	2020-06-05 00:00:00	2020-09-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=72,SG)
167.71.212.202	24	RB	None	2020-06-06 00:00:00	2020-09-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=202,SG)
167.71.214.140	32	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent - TT# 20C00047 (IP=140,US)
167.71.216.86	32	BMP	None	2020-07-07 00:00:00	2020-10-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=86,US) | updated by RR Block expiration extended with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt -
167.71.223.41	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=41,XX)
167.71.226.105	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=105,XX)
167.71.234.85	32	BMP	None	2020-07-01 00:00:00	2020-10-01 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - TT# 20C03346 (IP=85,US)
167.71.234.85	24	RW	None	2020-07-01 00:00:00	2020-10-01 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Sourcefire (IP=85,IN)
167.71.255.193	32	GM	None	2020-01-10 00:00:00	2020-02-10 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - 20C01400 (IP=193,US)
167.71.37.141	24	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=141,DE)
167.71.4.12	32	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent - TT# 20C00044 (IP=12,US)
167.71.4.187	24	GM	None	2020-06-25 00:00:00	2020-08-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=187,NL)
167.71.45.55	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=55,XX)
167.71.6.221	24	GM	None	2019-11-13 00:00:00	2020-02-13 00:00:00	None	Failed password - Failed Logons (IP=221,NL)
167.71.62.3	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malicious Web Application Activity
167.71.66.151	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=151,NL)
167.71.70.100	24	RW	None	2020-06-08 00:00:00	2020-09-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=100,NL)
167.71.73.136	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malicious Web Application Activity
167.71.73.187	32	GM	None	2020-09-15 00:00:00	2020-12-15 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03914 (IP=187,US)
167.71.73.197	24	RB	None	2020-06-06 00:00:00	2020-09-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=197,NL)
167.71.75.62	24	RW	None	2020-06-05 00:00:00	2020-09-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=62,NL)
167.71.77.6	24	RB	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=6,NL)
167.71.79.228	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=228,XX)
167.71.81.78	32	GM	None	2019-10-07 00:00:00	2020-01-07 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=78,US)
167.71.91.228	32	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=228,US)
167.86.100.136	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	DE TO-S-2020-0190 Malicious Email Activity
167.86.100.215	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	DE TO-S-2019-0626.01 Malicious Email Activity
167.86.108.232	24	GM	None	2020-09-06 00:00:00	2020-12-06 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=232,DE)
167.86.112.180	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	DE TO-S-2019-0723 Malicious Email Activity
167.86.113.21	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	DE TO-S-2019-0723 Malicious Email Activity
167.86.113.241	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	DE TO-S-2020-0109.01 Malicious Email Activity
167.86.114.108	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=108,DE)
167.86.115.162	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	DE TO-S-2019-1036 Malicious Email Activity
167.86.116.146	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malicious Web Application Activity
167.86.119.74	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	DE TO-S-2020-0109.01 Malicious Email Activity
167.86.127.115	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	DE TO-S-2020-0109.01 Malicious Email Activity
167.86.127.154	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=154,DE)
167.86.67.211	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=211,DE)
167.86.71.152	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	DE TO-S-2019-0926 Malicious Email Activity
167.86.75.216	32	GL	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	HIVE Case #3605 TO-S-2020-0742 (IP=216,DE)
167.86.75.5	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=5,DE)
167.86.80.159	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=159,DE)
167.86.89.53	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	DE TO-S-2019-0926 Malicious Email Activity
167.86.93.32	32	BMP	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr Web Attacks (IP=32,US)
167.86.94.123	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	DE TO-S-2019-0640.01 Malicious Email Activity
167.88.12.30	32	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=30,US)
167.88.160.248	32	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=248,US)
167.88.161.157	32	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	US TO-S-2019-0593 Malware Activity
167.89.100.128	32	wmp	None	2020-07-02 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3190 COLS-NA-TIP-20-0200 (IP=128,US) | updated by wmp Block expiration extended with reason HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=128,US)
167.89.100.165	32	wmp	None	2020-08-03 00:00:00	2020-11-03 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=165,US)
167.89.100.171	32	wmp	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	HIVE Case #3484 COLS-NA-TIP-20-0249 (IP=171,US)
167.89.100.174	32	wmp	None	2020-08-03 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=174,US) | updated by wmp Block expiration extended with reason HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=174,US)
167.89.100.235	32	wmp	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	HIVE Case #3071 COLS-NA-TIP-20-0188 (IP=235,US)
167.89.100.242	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=242,US)
167.89.82.157	32	wmp	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3493 COLS-NA-TIP-20-0250 (IP=157,US)
167.89.95.171	32	wmp	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3683 COLS-NA-TIP-20-0273 (IP=171,US)
167.99.109.99	32	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over - TT# 20C02690 (IP=99,US)
167.99.140.14	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=14,DE)
167.99.140.14	24	RB	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=14,DE)
167.99.154.28	32	DT	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=28,US)
167.99.157.136	32	RB	None	2020-06-30 00:00:00	2020-09-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=136,US)
167.99.168.144	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	US TO-S-2019-0608 Malware Activity
167.99.172.96	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=96,US)
167.99.181.1	24	RW	None	2020-05-14 00:00:00	2020-08-14 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=1,CA)
167.99.183.188	24	CR	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=188,CA)
167.99.188.179	32	RR	None	2020-09-02 00:00:00	2020-12-02 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and CVE-2017-12617) - TT# 20C03820 (IP=179,US)
167.99.190.90	32	RW	None	2020-04-18 00:00:00	2020-07-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=90,US)
167.99.190.90	24	RR	None	2020-04-18 00:00:00	2020-07-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=90,CA)
167.99.191.2	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=2,CA)
167.99.203.202	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password_6 hr Failed Logons (IP=202,GB)
167.99.207.202	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	GB TO-S-2019-0952 Malware Activity
167.99.234.170	32	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	Invalid user - Failed Logons (IP=170,US)
167.99.236.77	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=77,US)
167.99.252.35	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Web Attacks (IP=35,DE)
167.99.40.186	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	NL TO-S-2019-0571 Malicious Email Activity
167.99.40.72	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	NL TO-S-2019-0358 Malicious Web Application Activity
167.99.65.138	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=138,SG)
167.99.70.25	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	SG TO-S-2019-0734.01 Malicious Email Activity
167.99.75.141	32	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Invalid user - Failed Logon (IP=141,US)
167.99.75.174	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=174,SG)
167.99.83.40	24	BMP	None	2020-05-01 00:00:00	2020-07-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=40,GB)
167.99.86.88	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt (1:34194:4) - Sourcefire (IP=88,GR)
167.99.87.51	24	RB	None	2020-05-07 00:00:00	2020-08-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=51,GB)
167.99.87.51	24	RW	None	2020-05-07 00:00:00	2020-08-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=51,UK)
167.99.88.132	24	RB	None	2020-04-29 00:00:00	2020-07-29 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - 6 hr web attacks(IP=132,GB)
167.99.88.132	24	RB SERVER-WEBAPP	None	2020-04-30 00:00:00	2020-07-29 00:00:00	None	RevSlider information disclosure attempt_Sourcefire (IP=132,GB)
167.99.92.14	24	BMP	None	2020-07-20 00:00:00	2020-10-18 00:00:00	None	External Scanning (Exploit.CVE-2019-11510) - Hive Case 3372 (IP=14,GB)
167.99.94.173	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	GB TO-S-2020-0056 Malicious Email Activity
167.99.97.70	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
168.0.132.0	22	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	BR TO-S-2019-0577 Malicious Email Activity
168.0.138.163	24	BMP	None	2020-03-10 00:00:00	2020-06-08 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr Web Attacks (IP=163,BR)
168.0.68.230	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=230,BR)
168.121.10.14	24	RW	None	2020-03-09 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02093(IP=14,BR)
168.121.133.6	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=6,BR)
168.121.9.231	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=231,BR)
168.128.148.202	24	CR	None	2018-12-05 06:00:00	2020-01-29 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=202,ZA) | updated by GM with reason ABC Command Injection Attempt (IP=202,ZA)
168.144.247.147	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	CA TO-S-2019-0546 Malicious Email Activity
168.181.196.0	22	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BR TO-S-2019-0409 Malicious Email Activity
168.181.60.0	22	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BR TO-S-2019-0409 Malicious Email Activity
168.187.64.0	19	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	KW TO-S-2019-0626.01 Malware Activity
168.194.56.236	32	RW	None	2020-03-25 00:00:00	2020-04-25 00:00:00	None	TO-S-2020-0113 / DVR NVMS-900 - TT# 20C02225 (IP=236,BR)
168.196.203.11	24	DT	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=11,CL)
168.196.222.181	32	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C01904 (IP=181,US)
168.197.140.0	22	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	BR TO-S-2019-0972 Malicious Web Application Activity
168.205.176.0	22	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	BR TO-S-2019-0972 Malicious Web Application Activity
168.205.56.0	24	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,BR)
168.228.220.253	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=253,BR)
168.232.128.147	24	RB	None	2019-10-18 00:00:00	2020-01-16 00:00:00	None	Failed password_6 hr Failed Logons (IP=147 BR)
168.232.163.250	24	RR	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logons (IP=250,BR)
168.232.183.158	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=158,BR)
168.232.197.5	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=5,BR)
168.235.111.110	32	RB	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Unauthorized Access-Probe - TT# 20C01595 (IP=110 US)
168.245.1.75	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3361 COLS-NA-TIP-20-0227 (IP=75,US)
168.245.40.118	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=118,US)
168.245.51.72	32	wmp	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=72,US)
168.245.60.98	32	wmp	None	2020-08-05 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3479 COLS-NA-TIP-20-0246 (IP=98,US) | updated by wmp Block expiration extended with reason HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=98,US)
168.245.68.96	32	wmp	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	HIVE Case #3483 COLS-NA-TIP-20-0248 (IP=96,US)
168.61.159.114	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
168.61.17.58	32	RW	None	2020-04-24 00:00:00	2020-05-24 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - TT# 20C02558 (IP=58,US)
168.61.176.121	32	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=121,US)
168.61.18.248	32	RW	None	2020-04-24 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=248,US) | unblocked: Microsoft owned IP with a neutral reputation. | updated by BMP Block was inactive. Reactivated on 20200528 with reason FE_Webshell_PHP_Gene
168.61.191.102	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02398 (IP=102,US)
168.61.191.109	32	RW	None	2020-04-11 00:00:00	2020-07-11 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat - Sourcefire (IP=109,US)
168.61.214.200	32	GM	None	2020-06-18 00:00:00	2020-08-18 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03213 (IP=200,US)
168.61.214.252	32	RR	None	2020-06-30 00:00:00	2020-09-28 00:00:00	None	Known Attack Tool User Agent V2/20086: HTTP: Muieblackcat Security Scanner - TT# 20C03334 (IP=252,US)
168.63.212.45	32	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03889 (IP=45,US)
168.80.78.45	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logons (IP=45,SC)
168.88.64.201	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
169.149.201.174	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
169.149.240.114	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
169.158.177.132	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=132,CU)
169.197.108.38	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity
169.197.108.38	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malicious Web Application Activity
169.197.108.38	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	NL TO-S-2020-0187 Malware Activity
169.197.108.42	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity
169.197.108.42	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malicious Web Application Activity
169.197.108.6	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity
169.197.108.6	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malicious Web Application Activity
169.239.180.0	22	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	ZA TO-S-2019-1036 Malicious Email Activity
169.239.181.0	24	jky	None	2017-07-03 05:00:00	2020-02-14 00:00:00	None	ZA TO-S-2017-1236 Phishing activity | updated by dbc with reason ZA TO-S-2019-0400 Malicious Email Activity
169.46.56.14	24	BMP	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - SourceFire (IP=14,NL)
169.47.124.22	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0363.01 Malicious Email Activity
169.47.130.75	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=75,US)
169.47.142.207	32	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=207,US)
169.50.144.174	32	wmp	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	HIVE Case #3071 COLS-NA-TIP-20-0188 (IP=174,US)
169.50.144.184	32	wmp	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	HIVE Case #3071 COLS-NA-TIP-20-0188 (IP=184,US)
169.60.230.6	32	CR	None	2020-05-26 00:00:00	2020-08-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=6,US)
169.60.9.11	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=11,US)
169.62.0.246	32	RW	None	2020-07-19 00:00:00	2020-10-19 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=146,US)
170.0.128.10	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=10,BR)
170.0.92.24	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=24,AR)
170.10.161.200	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malicious Email Activity
170.106.5.12	32	RW	None	2019-10-02 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 hr web attacks (IP=12,US)
170.106.65.90	32	RB	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=90,US)
170.106.66.25	24	CR	None	2019-05-31 00:00:00	2020-01-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_SourceFire (IP=25,SG) | updated by RB with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=25 US) | 2020-01-04 | 2019-08-31
170.106.7.228	24	RR	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=228,SG)
170.106.76.171	24	RW	None	2019-10-28 00:00:00	2020-01-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=171,US)
170.106.80.169	24	CR	None	2019-10-14 00:00:00	2020-01-14 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=169,SG)
170.106.81.211	32	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=211 US)
170.106.81.247	24	CR	None	2019-10-14 00:00:00	2020-01-14 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt _Sourcefire (IP=247,SG)
170.130.126.214	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Immediate Inbound Network Block - TT# 20C00516 (IP=214,US)
170.130.172.38	24	RW	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	UDP: Host Sweep (IP=38,DE)
170.130.187.50	32	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=50,US)
170.130.205.111	32	DT	None	2020-09-30 00:00:00	2020-12-30 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT # 20C04028 (IP=111,US)
170.130.3.113	32	wmp	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	HIVE Case #3340 COLS-NA-TIP-20-0218 (IP=113,US)
170.150.155.102	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Failed password for invalid user - Failed Logons (IP=102,AR)
170.210.136.9	24	20200120	None	None	2020-01-20 00:00:00	None	Illegal user - Fail Logins (IP=9,AR) | updated by 20200120 Block was inactive. Reactivated on RWB with reason Illegal user - Fail Logins (IP=9,AR) | updated by RWB Block was inactive. Reactivated on 20191022 with reason Illegal user - Fail Logins (
170.231.196.197	32	RB	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02004 (IP=197,BR)
170.231.196.249	32	BMP	None	2020-03-05 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity DetectedKnown Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02010 (IP=31,SG)
170.231.81.165	24	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - Failed Logons (IP=165,PE)
170.231.83.26	24	RB	None	2020-03-11 00:00:00	2020-06-10 00:00:00	None	HTTP: Blind SQL Injection - Timing_6 hr web attacks (IP=26,PE) | updated by RR Block expiration extended with reason SQL use of sleep function with and - likely SQL injection - SourceFire (IP=26,PE)
170.238.51.173	24	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=173,BR)
170.238.54.140	24	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=140,BR)
170.238.70.146	24	RWB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=146,BR)
170.24.152.38	32	wmp	None	2020-09-11 00:00:00	2020-12-11 00:00:00	None	HIVE Case #3835 COLS-NA-TIP-20-0286 (IP=38,US)
170.244.4.0	22	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BR TO-S-2019-0409 Malicious Email Activity
170.245.49.126	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=126,CL)
170.247.120.0	22	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AR TO-S-2019-1036 Malicious Email Activity
170.247.253.129	32	GM	None	2020-03-05 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01969 (IP=129,US)
170.248.172.77	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
170.253.32.106	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=106,ES)
170.254.3.226	24	KF	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=226,CO)
170.33.9.125	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=125,SG)
170.75.149.10	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	US TO-S-2019-0816 Malicious Email Activity
170.75.248.247	24	RR	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=247,US)
170.78.37.66	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=66,BR)
170.80.104.157	32	GM	None	2020-02-27 00:00:00	2020-05-27 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01845 (IP=157,US)
170.80.157.124	32	RW	None	2020-04-03 00:00:00	2020-05-03 00:00:00	None	Known Attack Tool User Agent - TT# 20C02340 (IP=124,BR)
170.80.176.204	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=204,BR)
170.80.224.233	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	Failed password (IP=233 BR)
170.80.225.68	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Failed password - Failed Logon (IP=68,BR)
170.80.226.75	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=75,BR)
170.80.30.54	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	MX TO-S-2019-0952 Malware Activity
170.80.63.1	32	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C01912 (IP=1,US)
170.82.157.151	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - Failed Logons (IP=151,EC)
170.82.180.0	22	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	BR TO-S-2019-0571 Malicious Email Activity
170.82.74.105	32	KF	None	2020-03-08 00:00:00	2020-06-06 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02055 (IP=105,US)
170.82.74.105	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=105,BR)
170.82.75.58	24	BMP	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01870 (IP=58,BR)
170.84.196.212	32	RR	None	2020-03-05 00:00:00	2020-06-03 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01966 (IP=212,BR)
170.84.48.18	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logons (IP=18,BR)
170.84.64.0	22	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BR TO-S-2019-0409 Malicious Email Activity
171.100.119.102	24	CR	None	2018-12-13 06:00:00	2020-01-10 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=102,TH) | updated by RB with reason TO-S-2019-0753 - TT#19C02309 (IP=102,TH) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks
171.100.61.98	24	GM	None	2019-10-18 00:00:00	2020-01-18 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=98,TH)
171.103.139.94	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=94,TH)
171.113.78.210	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=210,CN)
171.114.103.121	24	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=121,CN)
171.116.147.185	32	GM	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03523 (IP=171,CN)
171.116.72.78	24	KF	None	2020-01-07 00:00:00	2020-04-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=78,CN)
171.127.174.37	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Failed Logon (IP=,CN)
171.13.213.200	32	RB	None	2020-06-30 00:00:00	2020-09-28 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03340 (IP=200,CN)
171.161.202.0	24	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	HK TO-S-2019-0769 Malicious Email Activity
171.161.207.0	24	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	HK TO-S-2019-0769 Malicious Email Activity
171.22.26.20	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	DE TO-S-2019-0658 Malware Activity
171.22.26.29	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	DE TO-S-2019-0571 Malicious Email Activity
171.22.26.77	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	GB TO-S-2019-0571 Malware Activity
171.22.26.90	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	DE TO-S-2019-0577 Malicious Email Activity
171.22.27.101	24	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	SQL HTTP URI blind injection attempt (IP=101,GB)
171.221.174.120	24	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	UDP: Host Sweep (IP=120,CN)
171.223.228.182	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	APP-DETECT failed FTP login attempt (1:13360:7)_SourceFire (IP=182,CH)
171.224.179.167	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=167,VN)
171.225.248.243	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Authentication Failed - 6hr Logons (IP=243,VN)
171.226.37.192	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	Authentication Failed - Failed Logon (IP=192,VN)
171.228.216.152	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=152,VN)
171.228.56.17	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Generic ArcSight scan attempt (IP=17,VN)
171.229.21.132	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=132,VN)
171.229.249.56	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=56,VN)
171.233.50.178	24	RB	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Authentication Failed_6 hr Failed Logons_CPC (IP=178,VN)
171.236.115.242	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=242,VN)
171.236.132.127	24	RR	None	2019-12-11 00:00:00	2020-03-10 00:00:00	None	Illegal user - Failed Logons (IP=127,VN)
171.236.203.228	24	GM	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	Illegal user - Failed Logons (IP=228,VN)
171.236.58.86	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed_Failed Logon (IP=86,VN)
171.236.59.75	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	Authentication Failed_Failed Logon (IP=75,VN)
171.239.161.93	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
171.239.77.52	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
171.240.251.23	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=23,VN)
171.240.56.31	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=31,VN)
171.241.108.79	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=79,VN)
171.244.1.77	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=77,VN)
171.244.10.50	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=50,VN)
171.244.140.145	24	KF	None	2018-11-20 06:00:00	2020-02-11 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (1:46736:2) (IP=145,) | updated by GM with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=160,VN)
171.244.43.52	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=52,VN)
171.244.50.170	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=170,VN)
171.244.51.114	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password for invalid user - sourcefire (IP=114,VN)
171.247.103.19	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	Authentication Failed - Failed Logons (IP=19,VN)
171.250.238.56	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=56,Vietnam)
171.250.87.8	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=8,VN)
171.251.238.66	24	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Illegal user - Failed Logons (IP=66,VN)
171.251.53.24	24	BMP	None	2020-05-02 00:00:00	2020-08-01 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=24,VN) | updated by KF Block expiration extended with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=24,VN)
171.251.78.216	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - Failed Logons (IP=216,VN)
171.34.166.161	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=161,CN)
171.34.173.49	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user (IP= 49 , CN )
171.34.177.223	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=223,CN)
171.36.129.181	24	RB	None	2018-11-25 06:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt (IP=181,CN) | updated by RR with reason Generic ArcSight scan attempt (IP=128,CN)
171.4.230.245	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - Failed Logons (IP=245,TH)
171.43.48.238	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=238,CN)
171.44.183.50	24	RW	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=50,CN)
171.67.70.0	24	KF	None	2019-06-23 00:00:00	2020-01-18 00:00:00	None	Immediate Inbound Network Block - TT# 19C02374 (IP=0,) | updated by RB with reason Generic ArcSight scan attempt (IP=96,US) | 2020-01-18 | 2019-09-21
171.67.70.100	32	RR	None	2019-05-31 00:00:00	2020-01-18 00:00:00	None	Unauthorized Access-Probe - TT# 19C02187 (IP=100,US) | updated by KF Block was inactive. Reactivated on 20191020 with reason Generic ArcSight scan attempt (IP=100,US)
171.67.70.103	32	RR	None	2019-05-31 00:00:00	2020-01-18 00:00:00	None	Unauthorized Access-Probe - TT# 19C02187 (IP=103,US) | updated by KF Block was inactive. Reactivated on 20191020 with reason Generic ArcSight scan attempt (IP=103,US)
171.67.70.104	32	RR	None	2019-05-31 00:00:00	2020-01-18 00:00:00	None	Unauthorized Access-Probe - TT# 19C02187 (IP=104,US) | updated by KF Block was inactive. Reactivated on 20191020 with reason Generic ArcSight scan attempt (IP=104,US)
171.67.70.105	32	RR	None	2019-05-31 00:00:00	2020-01-18 00:00:00	None	Unauthorized Access-Probe - TT# 19C02187 (IP=105,US) | updated by KF Block was inactive. Reactivated on 20191020 with reason Generic ArcSight scan attempt (IP=105,US)
171.67.70.106	32	RR	None	2019-05-31 00:00:00	2020-01-18 00:00:00	None	Unauthorized Access-Probe - TT# 19C02187 (IP=106,US) | updated by KF Block was inactive. Reactivated on 20191020 with reason Generic ArcSight scan attempt (IP=106,US)
171.67.70.107	32	RR	None	2019-05-31 00:00:00	2020-01-18 00:00:00	None	Unauthorized Access-Probe - TT# 19C02187 (IP=107,US) | updated by KF Block was inactive. Reactivated on 20191020 with reason Generic ArcSight scan attempt (IP=107,US)
171.67.70.108	32	RR	None	2019-05-31 00:00:00	2020-01-18 00:00:00	None	Unauthorized Access-Probe - TT# 19C02187 (IP=108,US) | updated by KF Block was inactive. Reactivated on 20191020 with reason Generic ArcSight scan attempt (IP=108,US)
171.67.70.111	32	RR	None	2019-05-31 00:00:00	2020-01-18 00:00:00	None	Unauthorized Access-Probe - TT# 19C02187 (IP=111,US) | updated by KF Block was inactive. Reactivated on 20191020 with reason Generic ArcSight scan attempt (IP=111,US)
171.67.70.96	32	RR	None	2019-05-31 00:00:00	2020-01-18 00:00:00	None	Unauthorized Access-Probe - TT# 19C02187 (IP=96,US) | updated by KF Block was inactive. Reactivated on 20191020 with reason Generic ArcSight scan attempt (IP=96,US)
171.67.70.97	32	RR	None	2019-05-31 00:00:00	2020-01-18 00:00:00	None	Unauthorized Access-Probe - TT# 19C02187 (IP=97,DE) | updated by KF Block was inactive. Reactivated on 20191020 with reason Generic ArcSight scan attempt (IP=97,US)
171.67.70.98	32	RR	None	2019-05-31 00:00:00	2020-01-18 00:00:00	None	Unauthorized Access-Probe - TT# 19C02187 (IP=98,US) | updated by KF Block was inactive. Reactivated on 20191020 with reason Generic ArcSight scan attempt (IP=98,US)
171.67.70.99	32	RR	None	2019-05-31 00:00:00	2020-01-18 00:00:00	None	Unauthorized Access-Probe - TT# 19C02187 (IP=99,US) | updated by KF Block was inactive. Reactivated on 20191020 with reason Generic ArcSight scan attempt (IP=99,US)
171.7.31.14	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	TH TO-S-2019-0658 Malware Activity
171.76.92.129	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=129,IN)
171.80.175.113	24	GLM	None	2018-08-15 05:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=113,CN) | updated by RB with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt-Sourcefire (IP=107,CN) | 2020-03-26 | 2018-11-15
171.83.1.140	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=140,CN)
171.83.218.149	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=149,CN)
171.84.6.86	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=86,CN)
171.88.16.245	16	None	None	None	2020-01-03 00:00:00	None	| updated by dlb with reason ET POLICY Suspicious inbound to MSSQL port 1433 (IP=73, CN) | updated by BLP with reason ET POL | updated by GM with reason GM SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks
171.91.157.71	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=71,CN)
171.95.187.121	32	GM	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03522 (IP=121,CN)
171.95.224.129	24	RB	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=129,CN)
171.95.226.67	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=67,CN)
171.95.81.51	24	RR	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=51,CN)
171.95.83.173	24	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=173,CN)
171.95.84.63	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=63,CN)
171.95.86.60	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=60,CN)
171.95.87.13	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=13,CN)
171.95.90.137	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=37,CN)
171.97.242.199	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	APP-DETECT failed FTP login attempt (IP=199 TH)
171.97.34.34	24	BMP	None	2020-03-04 00:00:00	2020-06-03 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=34,TH) | updated by RR Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=34,TH)
171.98.48.60	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logon (IP=60,TH)
171.99.128.0	21	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	TH TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason TH TO-S-2020-0212.01 Malicious Web Application Activity
172.104.109.11	24	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=11,JP)
172.104.115.15	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason JP TO-S-2020-0212.01 Malicious Web Application Activity
172.104.130.110	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=110,DE)
172.104.134.136	32	RR	None	2020-04-20 00:00:00	2020-07-19 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02541 (IP=136,)
172.104.144.136	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=136,DE)
172.104.145.63	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3322 CTO-20-193 (IP=63,DE)
172.104.147.198	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	DE TO-S-2019-0972 Malicious Email Activity
172.104.151.215	32	RB	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C02836 (IP=215,US)
172.104.163.26	32	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	SG TO-S-2019-0839 Malicious Email Activity
172.104.176.129	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	SG TO-S-2019-0631 Malware Activity
172.104.186.150	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	SG TO-S-2019-0420 Malicious Email Activity
172.104.209.139	32	RB	None	2019-04-05 00:00:00	2020-02-06 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (IP=139,US) | updated by RR with reason Generic ArcSight scan attempt (IP=139,US)
172.104.218.219	32	BMP	None	2020-03-10 00:00:00	2020-06-08 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=219,US)
172.104.247.116	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	IT TO-S-2019-0420 Malware Activity
172.104.249.57	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C02799 (IP=57,DE)
172.104.251.46	32	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=46,US)
172.104.251.68	32	CR	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=68,US)
172.104.251.96	32	RR	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=96,US)
172.104.42.130	32	dcg	None	2018-10-16 05:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0048.02 Malware Indicator associated with malware activity. | updated by kmw with reason US TO-S-2019-0145 Malwar
172.104.46.5	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	SG TO-S-2019-0831 Malicious Email Activity
172.104.5.76	32	RR	None	2020-05-02 00:00:00	2020-07-31 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=76,US)
172.104.57.40	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
172.104.60.41	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	SG TO-S-2019-0431 Malicious Email Activity
172.104.62.146	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	HTTP: Blind SQL Injection - Timing_12 hr web attacks (IP=146,SG)
172.104.64.8	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	JP TO-S-2020-0187 Malicious Web Application Activity
172.104.81.86	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=86,JP)
172.104.88.205	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=205,JP)
172.104.9.247	32	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C02245 (IP=247,US)
172.104.91.217	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=217,JP)
172.105.105.87	24	RW	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=87,CA)
172.105.11.111	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=111,CA)
172.105.147.28	32	DT	None	2020-09-30 00:00:00	2020-12-30 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT # 20C04027 (IP=28,US)
172.105.147.29	32	RB	None	2020-09-17 00:00:00	2020-12-16 00:00:00	None	Unauthorized Access-Probe - TT# 20C03920 (IP=29,US)
172.105.147.62	32	GM	None	2020-10-01 00:00:00	2020-01-01 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT # 21C00001 (IP=62,US)
172.105.147.67	32	RB	None	2020-09-17 00:00:00	2020-12-16 00:00:00	None	Unauthorized Access-Probe: UDP: Host Sweep - TT# 20C03921 (IP=67,US)
172.105.150.29	32	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=29,US)
172.105.152.108	32	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web Attacks (IP=8,US)
172.105.17.212	32	DT	None	2020-05-16 00:00:00	2020-08-16 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C02800 (IP=212,US)
172.105.176.49	32	RR	None	2020-08-13 00:00:00	2020-11-11 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=49,US)
172.105.18.85	32	BMP	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=85,US)
172.105.20.12	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=12,CA)
172.105.20.169	32	RW	None	2020-07-01 00:00:00	2020-08-01 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C03348 (IP=169,US)
172.105.203.206	24	BMP	None	2020-03-22 00:00:00	2020-06-20 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=206,JP)
172.105.208.106	32	BMP	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C02880 (IP=106,US)
172.105.21.36	24	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=36,XX)
172.105.216.159	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=159,JP)
172.105.218.213	24	GLM	None	2018-08-05 05:00:00	2020-04-11 00:00:00	None	APP-DETECT failed FTP login attempt (IP=213,JP) | updated by BMP Block was inactive. Reactivated on 20200112 with reason APP-DETECT failed FTP login attempt - 6hr Logon (IP=213,JP)
172.105.22.193	32	RR	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=193,US)
172.105.229.144	32	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=144,US)
172.105.229.233	32	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=233,US)
172.105.23.201	24	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=201,XX)
172.105.236.91	32	DT	None	2020-06-24 00:00:00	2020-07-24 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C03279 (IP=91,JP)
172.105.240.237	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malicious Web Application Activity
172.105.25.19	24	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=19,XX)
172.105.28.158	24	BMP	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=158,CA)
172.105.37.86	32	BMP	None	2020-07-07 00:00:00	2020-10-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=86,US)
172.105.4.227	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malicious Web Application Activity
172.105.4.76	24	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=76,XX)
172.105.43.64	24	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=64,XX)
172.105.54.173	24	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=173,XX)
172.105.6.7	24	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=7,XX)
172.105.67.33	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=33,DE)
172.105.7.72	24	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=72,XX)
172.105.73.74	24	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=74,XX)
172.105.76.69	32	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=69,US)
172.105.77.104	32	RR	None	2020-06-15 00:00:00	2020-09-13 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C03177 (IP=104,US)
172.105.78.48	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=48,DE)
172.105.80.106	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt (IP=106,DE)
172.105.84.200	24	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=200,XX)
172.105.86.120	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=120,DE)
172.105.87.224	24	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=224,XX)
172.105.9.102	24	RW	None	2020-03-03 00:00:00	2020-06-03 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=102,CA)
172.105.90.79	24	DT	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=79,DE)
172.105.91.102	24	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=102,DE)
172.105.93.248	24	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=248,XX)
172.105.94.201	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt (IP=201,DE)
172.105.95.101	32	DT	None	2020-06-16 00:00:00	2020-07-16 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C03198 (IP=27,US)
172.105.95.101	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=101,DE)
172.105.99.244	24	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=244,XX)
172.108.133.37	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Web Application Activity
172.109.150.18	32	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	ARCSight Sauron (IP=18,US)
172.20.6.9	24	RW	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	SSH_EVENT_RESPOVERFLOW - Sourcefire (IP=146,IN)
172.217.0.65	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	NL TO-S-2019-0781 Malicious Email Activity
172.217.11.161	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	NL TO-S-2019-0781 Malicious Email Activity
172.217.14.110	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	INFORMATIONAL : CIRT : Possible Cosmic Duke APT - Sourcefire (IP=110,NL)
172.217.14.196	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
172.217.14.97	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	NL TO-S-2019-0769 Malicious Email Activity
172.217.19.238	32	wmp	None	2020-07-21 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=238,US) | updated by wmp Block expiration extended with reason HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=238,US) | updated by wmp Block expiration extended with reason HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=238,U
172.217.212.132	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=132,US)
172.217.212.153	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=153,US)
172.217.214.102	32	wmp	None	2020-07-10 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=102,US) | updated by wmp Block expiration extended with reason HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=102,US)
172.217.214.128	32	wmp	None	2020-07-07 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=128,US) | updated by wmp Block expiration extended with reason HIVE Case #3254 COLS-NA-TIP-20-0204 (IP=128,US) | updated by wmp Block expiration extended with reason HIVE Case #3270 COLS-NA-TIP-20
172.217.214.132	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	NL TO-S-2019-0734.01 Malicious Email Activity
172.217.214.139	32	wmp	None	2020-07-30 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=139,US) | updated by wmp Block expiration extended with reason HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=139,US)
172.217.214.153	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=153,US)
172.217.215.132	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	NL TO-S-2019-0769 Malicious Email Activity
172.217.219.153	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=153,US)
172.217.22.148	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=148,US)
172.217.5.193	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
172.217.5.65	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0781 Malicious Email Activity
172.217.9.14	32	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Unknown Traffic - INFORMATIONAL : CIRT : Possible Cosmic Duke APT - SourceFire (IP=14,US)
172.218.157.37	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity
172.218.157.37	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0212.01 Malicious Web Application Activity
172.22.64.18	32	GM	None	2019-09-13 00:00:00	2020-11-04 00:00:00	None	HTTP: MS Outlook Web Access Login Form Remote URI Redirection Vulnerability - 19C03234 (IP=18,US) | updated by RR Block was inactive. Reactivated on 20200804 with reason HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT# 20C03631 (IP=18,US)
172.226.97.220	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malware Activity
172.232.13.79	32	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	Possible SQLi attempt / HTTP: Blind SQL Injection - Timing - TT# 20C02783_2 (IP=79,US)
172.241.140.238	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malware Activity
172.241.69.20	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
172.241.69.28	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
172.241.69.4	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
172.245.124.138	32	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=138,US)
172.245.135.43	32	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=43,US)
172.245.14.10	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
172.245.173.35	32	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	US TO-S-2019-0593 Malware Activity
172.245.21.235	24	RR	None	2020-05-19 00:00:00	2020-08-17 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat (1:21257:4) - SourceFire (IP=235,SG)
172.245.21.235	32	DT	None	2020-05-19 00:00:00	2020-08-17 00:00:00	None	Known Attack Tool User Agent V2/20086: HTTP: Muieblackcat Security Scanner - TT# 20C02838 (IP=107,US)
172.245.37.223	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
172.245.47.106	32	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=106,US)
172.245.92.251	32	BMP	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	Malicious.SSL.MageCart - Hive Case #3362 (IP=251,US)
172.247.118.4	32	ABC	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Generic ArcSight scan attempt (IP=4,US)
172.247.157.206	32	RB	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00150 (IP=206,US)
172.254.112.254	32	RW	None	2020-04-06 00:00:00	2020-05-06 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Mirai Echobot Activity Detected - TT# 20C02438 (IP=254,US)
172.254.65.61	32	KF	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=61,US) | updated by BMP Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=61,US)
172.255.251.196	32	RR	None	2020-09-19 00:00:00	2020-12-19 00:00:00	None	Unauthorized Access-Probe - TT# 20C03950 (IP=196,US)
172.255.251.4	32	DT	None	2020-09-24 00:00:00	2020-12-23 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep (IP=4,LU)
172.64.165.32	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
172.64.206.16	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=16,US)
172.67.15.125	32	wmp	None	2020-07-17 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=125,US) | updated by wmp Block expiration extended with reason HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=125,US) | updated by wmp Block expiration extended with reason HIVE Case #3506 COLS-NA-TIP-20
172.67.178.250	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=250,US)
172.67.179.72	32	wmp	None	2020-06-23 00:00:00	2020-09-23 00:00:00	None	HIVE Case #3072 COLS-NA-TIP-20-0190 (IP=72,US)
172.67.183.205	32	wmp	None	2020-06-23 00:00:00	2020-09-23 00:00:00	None	HIVE Case #3072 COLS-NA-TIP-20-0190 (IP=205,US)
172.67.209.26	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=26,US)
172.67.210.102	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=102,US)
172.67.210.212	32	wmp	None	2020-07-08 00:00:00	2020-10-08 00:00:00	None	HIVE Case #3254 COLS-NA-TIP-20-0204 (IP=212,US)
172.67.212.11	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=11,US)
172.67.220.240	32	BMP	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	Infection Match - Hive Case 3472 (IP=240,US)
172.67.220.245	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=245,US)
172.80.128.0	17	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	IR TO-S-2019-0430 Malware Activity
172.81.132.211	32	dbc	None	2019-02-27 00:00:00	2020-02-27 00:00:00	None	US TO-S-2019-0444 Malicious Web Application Activity
172.81.134.226	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malware Activity
172.81.224.41	24	RR	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Command Injection Attempt (IP=41,CN)
172.81.239.181	24	RWB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	Attempted User Privilege Gain - SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=181,CN)
172.81.252.187	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=187,CN)
172.81.254.221	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Command Injection Attempt (IP=221,CN)
172.83.152.244	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=244,US)
172.83.43.136	32	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	HTTP: Ruby on Rails template_renderer Accept Header File Disclosure Vulnerability (CVE-2019-5418) - 20C01559 (IP=136,US)
172.83.43.139	32	RB	None	2020-06-28 00:00:00	2020-09-26 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03303 (IP=139,US)
172.84.132.110	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
172.86.125.166	32	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=166,US)
172.86.75.49	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=49,NL)
172.86.75.7	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=7,NL)
172.86.75.86	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=86,NL)
172.93.100.154	32	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Generic ArcSight scan attempt (IP=154,US)
172.93.111.2	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0747 Malicious Email Activity
172.93.120.242	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
172.93.122.114	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	GB TO-S-2019-0938 Malicious Email Activity
172.93.122.21	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
172.93.122.85	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	GB TO-S-2019-0382 Malicious Email Activity
172.93.123.4	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
172.93.45.104	32	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=104,US)
172.93.50.53	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
172.93.55.254	32	dcg	None	2018-09-24 05:00:00	2020-12-14 00:00:00	None	US TO-S-2018-1167 associated with malicious email activity | updated by wmp Block was inactive. Reactivated on 20200915 with reason HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=254,US)
172.94.114.46	32	wmp	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	HIVE Case #3555 COLS-NA-TIP-20-0254 (IP=46,NO)
172.94.53.144	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password - Failed Logons (IP=144,NL)
172.96.176.10	32	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C01488 (IP=10,US)
172.96.187.217	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	CA TO-S-2019-0640.01 Malicious Email Activity
172.98.193.50	32	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	HTTP: SQL Injection - Exploit (IP=50,US)
172.98.67.107	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malicious Web Application Activity
172.98.67.109	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malicious Web Application Activity
172.98.67.42	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malicious Web Application Activity
172.98.67.45	32	RR	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	Known Attack Tool User Agent V2/ UDS-OpenVAS_RC8766 - TT# 20C036341 (IP=45,CA)
172.98.82.164	24	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=164,XX)
172.98.86.82	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malware Activity
173.0.129.55	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
173.0.54.66	32	GLM	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	UDP: Host Sweep (IP=66,US)
173.0.56.34	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=34,US)
173.16.141.33	32	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	Illegal user - Failed Logons (IP=33,US)
173.164.6.101	32	RW	None	2020-01-19 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Sourcefire (IP=101,US) | updated by GM Block expiration extended with reason SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=101,US)
173.166.30.65	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
173.178.89.119	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=119,CA)
173.194.193.153	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=153,US)
173.194.194.132	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=132,US)
173.194.197.101	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=101,US)
173.199.70.103	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Phish.URL_Hive case 1161 (IP=103,DK)
173.203.149.36	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Web Application Activity
173.203.187.64	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=64,US)
173.203.187.96	32	wmp	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HIVE Case #3479 COLS-NA-TIP-20-0246 (IP=96,US)
173.206.153.2	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=2,CA)
173.206.80.133	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=133,CA)
173.206.81.77	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=77,CA)
173.208.164.66	32	RB	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03081 (IP=66,US)
173.208.173.98	32	dbc	None	2019-05-06 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0658 Malicious Email Activity
173.208.190.50	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
173.208.199.35	32	DT	None	2020-05-16 00:00:00	2020-08-16 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C02801 (IP=35,US)
173.208.218.2	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
173.208.223.0	24	jky	None	2017-07-25 05:00:00	2020-04-26 00:00:00	None	US TO-S-2017-1310 Malicious activity | updated by JKC with reason TIPPR19-0140 (IP=123, US) | updated by dbc with reason US
173.208.248.2	32	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=2,US)
173.209.51.130	24	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt- 6 Hr Web Attacks (IP=130,CA)
173.212.192.229	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	DE TO-S-2020-0109.01 Malicious Email Activity
173.212.203.109	32	wmp	None	2020-08-12 00:00:00	2020-11-12 00:00:00	None	HIVE Case #3477 COLS-NA-TIP-20-0244 (IP=109,DE)
173.212.203.205	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=205,DE)
173.212.203.26	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	DE TO-S-2019-1036 Malicious Email Activity
173.212.209.27	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	DE TO-S-2019-0577 Malicious Email Activity
173.212.211.230	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DE TO-S-2020-0056 Malware Activity
173.212.218.49	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	DE TO-S-2019-0769 Malicious Email Activity
173.212.226.94	24	KF	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=94,DE)
173.212.230.20	32	RR	None	2020-09-20 00:00:00	2020-12-19 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03954 (IP=20,HK)
173.212.237.40	24	RR	None	2020-03-13 00:00:00	2020-06-11 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=40,DE)
173.212.238.248	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	DE TO-S-2020-0190 Malicious Email Activity
173.212.241.214	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	DE TO-S-2019-0551.02 Malicious Email Activity
173.212.251.238	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	DE TO-S-2019-0546 Malicious Email Activity
173.213.87.151	32	GM	None	2020-07-11 00:00:00	2020-10-11 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03425 (IP=151,US)
173.214.169.155	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
173.214.176.60	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
173.214.183.95	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=95,US)
173.217.248.193	32	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=193,US)
173.223.63.126	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Web Application Activity
173.225.99.198	32	wmp	None	2020-09-11 00:00:00	2020-12-10 00:00:00	None	HIVE Case #3845 COLS-NA-TIP-20-0289 (IP=198,US)
173.226.114.196	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malicious Email Activity
173.230.141.33	32	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=33,US)
173.231.184.55	32	RW	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	Hive case #995 Trojan.Malware (IP=55,US)
173.231.197.31	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
173.231.200.15	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
173.231.207.212	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
173.231.209.30	32	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=30,US) 94.177.170.202/24 ! 20191111 20200209 KF Failed password_6 Hr Failed Logons (IP=202,IT)
173.231.214.227	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
173.232.117.2	32	GM	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02485 (IP=117,US)
173.232.229.11	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
173.233.147.196	32	DT	None	2020-06-08 00:00:00	2020-09-06 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03091 (IP=196,US)
173.234.153.161	32	RB	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Known Attack Tool User Agent/UDS-OpenVAS_RC8766 - TT# 20C01596 (IP=161 US)
173.234.153.194	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malware Activity
173.234.153.201	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malware Activity
173.236.119.39	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
173.236.137.57	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
173.236.149.228	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
173.236.152.56	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
173.236.152.66	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
173.236.174.69	32	wmp	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HIVE Case #3479 COLS-NA-TIP-20-0246 (IP=69,US)
173.236.179.173	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0610 Malicious Email Activity
173.236.184.107	32	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=107,US)
173.236.226.32	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=32,US)
173.236.228.35	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
173.237.185.184	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
173.237.190.2	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	IN TO-S-2019-0382 Malicious Email Activity
173.239.198.167	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malware Activity
173.239.232.31	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	US TO-S-2019-0617 Malware Activity
173.242.129.34	32	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=34,US)
173.242.131.238	32	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=238,US)
173.242.133.55	32	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=55,US)
173.242.134.111	32	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=111,US)
173.242.135.107	32	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=107,US)
173.242.138.63	32	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=63,US)
173.243.113.169	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
173.244.208.88	32	RB	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	Self-Report / IP block - TT# 20C02492 (IP=88,US)
173.244.209.80	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0747 Malicious Email Activity
173.244.36.44	32	RR	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02698 (IP=44,US)
173.244.44.40	32	RW	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Known Attack Tool User Agent / UDS-OpenVAS_RC8766 - TT# 20C01696(IP=40,US)
173.244.44.77	32	CR	None	2018-09-07 05:00:00	2020-06-07 00:00:00	None	Possible SQLi attempt - 18C03882 (IP=77,US) | updated by dbc with reason US TO-S-2019-0723 Malicious Email Activity
173.245.203.171	32	GM	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	Unauthorized Access-Probe - TT# 20C03470 (IP=171,US)
173.246.65.22	32	BMP	None	2020-04-03 00:00:00	2020-06-03 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02257 (IP=22,CA)
173.247.232.0	23	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CN TO-S-2019-0608 Malware Activity
173.247.246.247	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
173.247.250.63	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
173.247.255.47	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
173.248.132.205	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malware Activity
173.248.133.16	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
173.248.150.3	32	KF	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	Immediate Inbound Network Block - TT# 20C01268 (UNCLASSIFIED) (IP=3,US)
173.248.170.149	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malware Activity
173.249.10.171	24	ABC	None	2018-02-01 06:00:00	2020-07-29 00:00:00	None	Generic ArcSight scan attempt (IP=171,XX) | updated by dbc with reason DE TO-S-2019-0852 Malicious Email Activity
173.249.11.134	24	GM	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=134,DE)
173.249.159.117	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
173.249.16.51	24	ABC	None	2018-05-05 05:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=51,XX) | updated by RB with reason Generic ArcSight scan attempt (IP=4,DE) | 2020-01-17 | 2018-08-03
173.249.17.155	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	DE TO-S-2019-1036 Malicious Email Activity
173.249.23.244	24	ABC	None	2018-02-03 06:00:00	2020-03-21 00:00:00	None	Generic ArcSight scan attempt (IP=244,XX) | updated by dbc with reason DE TO-S-2019-0515 Malware Activity
173.249.25.9	24	ABC	None	2018-02-01 06:00:00	2020-01-27 00:00:00	None	Generic ArcSight scan attempt (IP=9,XX) | updated by GM with reason SQL union select - possible sql injection attempt - GET pa | updated by GM with reason ABC Generic ArcSight scan attempt (IP=109,DE)
173.249.29.236	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=236,DE)
173.249.34.254	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	Unauthorized Scanning (IP=254,DE)
173.249.37.70	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	DE TO-S-2019-0926 Malicious Email Activity
173.249.40.169	32	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	DE TO-S-2019-0985 Application Vulnerability Exploit
173.249.41.215	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	UDP: Host Sweep (IP=215,DE)
173.249.49.166	32	CR	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02935 (IP=166,DE)
173.249.52.52	24	GLM	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	UDP: Host Sweep (IP=52,DE)
173.254.233.210	32	wmp	None	2020-08-03 00:00:00	2020-11-03 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=210,US)
173.254.28.110	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
173.254.28.23	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
173.254.28.67	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
173.254.28.97	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
173.254.49.184	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
173.255.192.0	18	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	HK TO-S-2020-0190 Malware Activity
173.255.192.67	32	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=67,US)
173.255.210.130	32	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=130,US)
173.255.214.23	32	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=23,US)
173.255.225.46	32	RR	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt - SourceFire (IP=46,US)
173.255.234.194	32	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=194,US)
173.29.205.116	32	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=116,US)
173.29.246.139	32	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=139,US)
173.45.164.2	32	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password (IP=2,US)
173.68.147.70	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02395 (IP=70,US)
173.79.38.165	32	RW	None	2020-06-29 00:00:00	2020-09-29 00:00:00	None	SERVER-OTHER Sophos Web Appliance arbitrary command execution attempt - Sourcefire (IP=165,US)
173.8.63.121	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=121,US) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=121,US)
173.82.16.208	32	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Failed password - Failed Logons (IP=208,US)
173.82.238.253	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3560 COLS-NA-TIP-20-0259 (IP=253,US)
173.82.240.237	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
173.82.255.208	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
173.95.38.195	32	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=195,US)
174.103.116.243	32	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Failed password - Failed Logons (IP=243,US)
174.103.226.6	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 020420-00078 (IP=6,US)
174.105.201.174	32	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=1,US)
174.114.16.63	24	20200120	None	None	2020-01-20 00:00:00	None	Authentication Failed - Fail Logins (IP=63,CA) | updated by 20200120 Block was inactive. Reactivated on RWB with reason Authentication Failed - Fail Logins (IP=63,CA) | updated by RWB Block was inactive. Reactivated on 20191022 with reason Authentic
174.120.234.91	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=91,US)
174.128.225.10	32	RR	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=10,US)
174.128.230.162	32	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	US TO-S-2020-0077 Malicious Web Application
174.129.107.156	24	BMP	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=US,156)
174.129.58.186	32	RW	None	2020-01-30 00:00:00	2020-05-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=186,US) | updated by RW Block expiration extended with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
174.136.15.84	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	Unaffiliated TO-S-2019-0420 Malicious Email Activity
174.136.25.60	32	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=60,US)
174.136.26.136	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	US TO-S-2019-0608 Malicious Email Activity
174.136.30.187	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=187,US)
174.136.57.220	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
174.136.57.56	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
174.138.0.113	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	NL TO-S-2019-0358 Malicious Web Application Activity
174.138.110.50	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malicious Email Activity
174.138.115.49	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	CA TO-S-2020-0031 Malicious Email Activity
174.138.15.9	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=9,NL)
174.138.57.60	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
174.142.176.12	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	CA TO-S-2019-0420 Malicious Email Activity
174.142.221.58	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=58,CA)
174.142.52.130	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	CA TO-S-2019-0546 Malicious Email Activity
174.143.0.155	32	BMP	None	2020-07-07 00:00:00	2020-10-05 00:00:00	None	BROWSER-IE Microsoft Internet Explorer UIAnimaation.dll use after free attempt - SourceFire (IP=155,US)
174.201.34.154	32	RB	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	Known Attack Tool User Agent - TT# 20C01686 (IP=154,US)
174.230.17.216	32	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - 6hr Web Attacks (IP=216,US)
174.230.21.174	32	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - 6hr Web Attacks (IP=174,US)
174.238.150.34	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt - Sourcefire (IP=34,IN)
174.248.214.98	32	RB	None	2020-06-04 00:00:00	2020-09-02 00:00:00	None	HTTP Cross Site Scripting (String.fromCharCode) - TT# 20C03058 (IP=98,US)
174.37.69.242	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
174.46.81.211	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02421 (IP=211,US)
174.52.76.44	32	RW	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	TCP: SYN Host Sweep (IP=44,US)
174.52.89.176	32	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Failed password - Failed Logons (IP=176,US)
174.60.153.172	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02400 (IP=172,US)
174.63.20.105	32	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=105,US)
174.63.25.37	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02404 (IP=37,US)
174.75.32.242	32	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password - Failed Logons (IP=242,US)
174.79.247.39	32	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	Authentication Failed - 6hr Logon (IP=39,US)
174.87.84.12	32	RW	None	2020-09-14 00:00:00	2020-12-14 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Sourcefire (IP=12,US)
174.94.116.86	24	KF	None	2020-04-22 00:00:00	2020-07-21 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=86,CA)
175.0.53.221	24	RWB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=221,CN)
175.10.213.42	24	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=42,CN)
175.10.51.201	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=1,CN)
175.100.128.0	19	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	IN TO-S-2019-1036 Malicious Email Activity
175.106.53.219	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AF TO-S-2020-0109.01 Malicious Email Activity
175.106.53.238	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AF TO-S-2020-0109.01 Malicious Email Activity
175.11.210.19	24	KF	None	2020-04-18 00:00:00	2020-07-17 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=19,CN)
175.110.82.3	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed - 6hr Logon (IP=3,PK)
175.124.43.123	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password_6 Hr Failed Logons (IP=123,KR)
175.126.145.10	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01900 (IP=10,KR)
175.126.145.10	32	RW	None	2020-01-06 00:00:00	2020-02-06 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01359(IP=10,KR)
175.126.177.239	32	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	Immediate Inbound Network Block - TT# 20C00157 (IP=239,US)
175.126.177.240	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_6 hr web attacks (IP=240,KR)
175.126.232.106	24	RR	None	2018-06-30 05:00:00	2020-04-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=106,KR) | updated by dbc with reason KR TO-S-2019-0577 Malicious Email Acti
175.126.37.16	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password for invalid user - Failed Logons (IP=16,KR)
175.136.0.0	13	dbc	None	2018-09-20 05:00:00	2020-04-19 00:00:00	None	MY TO-S-2018-1158 Malicious Reconnaissance Activity | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=78,MY)
175.136.151.179	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=179,MY)
175.136.224.67	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=67,MY)
175.138.19.163	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=163,SA)
175.138.190.117	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=117,MY)
175.140.138.9	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	Illegal user - 6 hr Failed Logon (IP=9,MY)
175.140.144.207	24	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=207,MY)
175.140.199.238	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=238,MY)
175.140.87.108	24	RB	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=108 MY)
175.141.0.7	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=7,MY)
175.141.130.179	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=179,MY)
175.141.246.122	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=122,MY)
175.141.61.28	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
175.142.177.95	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=95,MY)
175.143.116.208	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=208,MY)
175.143.117.240	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=240,MY)
175.143.118.7	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=7,MY)
175.143.119.162	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_failed Logon (IP=62,MY)
175.143.29.26	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - sourcefire (IP=26,MY)
175.143.87.14	24	RW	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=14,MY)
175.143.89.174	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=174,MY)
175.144.214.129	32	RR	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03756 (IP=129,MY)
175.144.217.136	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - 6hr web attacks (IP=136,MY)
175.145.56.194	24	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=194,MY)
175.145.90.38	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	MY TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason MY TO-S-2020-0212.01 Malicious Web Application Activity
175.145.93.113	32	RR	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03757 (IP=113,MY)
175.149.86.33	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=33,CN)
175.149.88.125	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=125,CN)
175.150.100.67	24	BMP	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=67,CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=67
175.152.29.8	32	DT	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03529 (IP=8,CN)
175.155.239.126	24	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=126,CN)
175.156.223.109	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	SG TO-S-2019-0508 Malicious Email Activity
175.158.159.166	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=166,NC)
175.158.49.100	24	FT	None	2020-09-02 00:00:00	2020-12-02 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=100,ID)
175.158.50.101	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=101 ID)
175.158.64.46	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	IN TO-S-2019-0420 Malicious Email Activity
175.16.192.35	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=35,CN)
175.163.123.42	24	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	UDP: Host Sweep (IP=42,CN)
175.166.20.15	24	RB	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_Sourcefire (IP=15,CN)
175.166.231.97	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=97,CN)
175.168.11.62	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=62,CN)
175.168.22.126	24	RW	None	2020-01-09 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=126,CN)
175.169.139.218	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=218,CN)
175.170.32.13	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=13,CN)
175.171.254.38	24	GM	None	2020-01-29 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=38,CN) | updated by KF Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=38,CN) | updated by KF Block ex
175.174.241.251	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=251,CN)
175.176.192.12	24	BMP	None	2020-06-20 00:00:00	2020-09-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=12,CN)
175.176.192.12	24	KF	None	2020-06-20 00:00:00	2020-09-18 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=12,HK)
175.176.192.12	24	KF	None	2020-06-20 00:00:00	2020-09-18 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=12,HK)
175.176.73.166	24	DT	None	2020-08-30 00:00:00	2020-11-30 00:00:00	None	SQL generic convert injection attempt - GET parameter - Sourcefire (IP=166,PH)
175.180.127.78	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=78,TW)
175.181.103.224	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=224,TW)
175.182.64.0	18	dcg	None	2018-08-14 05:00:00	2020-01-16 00:00:00	None	TW TO-S-2018-1031 associated with malicious web application and malware activity | updated by RR with reason Authentication Failed - Failed Logons (IP=104,TW)
175.183.20.42	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=42,Taiwan)
175.183.64.180	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=180,Taiwan)
175.184.167.202	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt - SourceFire (IP=202,CN)
175.184.251.211	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	ID TO-S-2019-0400 Malicious Email Activity
175.19.187.234	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=234,CN)
175.19.30.46	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password - Failed Logons (IP=46,CN)
175.193.126.46	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	Failed password - Web Attacks (IP=46,KR)
175.197.77.3	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	Failed password - Failed Logons (IP=3,KR)
175.20.167.134	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	APP-DETECT failed FTP login attempt_Failed Logon (IP=34,CN)
175.204.91.168	24	CR	None	2019-12-04 00:00:00	2020-03-04 00:00:00	None	Invalid user - 6 hr failed logon (IP=168,KR)
175.205.218.145	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason KR TO-S-2020-0212.01 Malware Activity
175.207.13.202	24	RW	None	2020-05-20 00:00:00	2020-08-20 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - Sourcefire (IP=202,KR)
175.211.105.108	24	djs	None	2014-12-31 06:00:00	2020-03-06 00:00:00	None	Bash variable inj attempt (ip=108,KR) | updated by GM with reason Failed password - Failed Logons (IP=99,FR)
175.211.112.250	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user - Failed Logons (IP=250,KR)
175.212.62.83	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=83,KR)
175.213.185.146	24	MLJ	None	2017-11-13 06:00:00	2020-02-13 00:00:00	None	ET SCAN Potential SSH Scan (IP=146,KR) | updated by GM with reason Invalid user - Failed Logons (IP=129,KR)
175.214.73.252	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=252,KR)
175.24.101.172	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=172,CN)
175.24.11.249	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=249,CN)
175.24.131.105	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=105,CN)
175.24.131.234	24	GM	None	2020-04-28 00:00:00	2020-07-28 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attack (IP=234,CN)
175.24.135.156	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=156,CN)
175.24.138.30	24	RW	None	2020-08-08 00:00:00	2020-11-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=30,CN)
175.24.139.102	24	GM	None	2020-05-06 00:00:00	2020-08-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=102,CN)
175.24.191.31	24	GM	None	2020-07-29 00:00:00	2020-10-29 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=31,CN)
175.24.230.167	24	GM	None	2020-09-22 00:00:00	2020-12-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=167,CN)
175.24.3.19	32	RR	None	2020-07-29 00:00:00	2020-10-28 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03578 (IP=19,CN)
175.24.34.217	24	GM	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=217,CN)
175.24.44.102	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - Failed Logon (IP=,CN)
175.24.47.219	24	RR	None	2020-06-15 00:00:00	2020-09-13 00:00:00	None	HTTP: php.cgi Buffer Overflow - Web Attacks (IP=219,CN)
175.24.50.34	24	DT	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=34,CN)
175.24.55.200	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=200,XX)
175.24.70.190	24	BMP	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=190,CN)
175.24.81.102	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=102,XX)
175.24.90.198	24	RW	None	2020-09-04 00:00:00	2020-12-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=198,CN)
175.24.95.135	24	GM	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=135,CN)
175.25.185.195	24	DT	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=195,CN)
175.29.124.100	24	CR	None	2018-10-23 05:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP Avtech IP Camera search.cgi command injection attempt (IP=100,BD)   | updated by BMP Block was inactive. Reactivated on 20200403 with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=100,BG)
175.3.181.204	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=204,CN)
175.4.193.113	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=113,CN)
175.4.208.35	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=35,CN)
175.4.210.52	24	BMP	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=52,CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=52
175.4.211.131	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=131,CN)
175.4.212.156	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=156,CN)
175.4.213.4	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=4,CN)
175.4.214.71	24	BMP	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=71,CN)
175.4.215.53	24	GM	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=53,CN)
175.4.216.169	24	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=169,CN)
175.4.217.112	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=112,CN)
175.4.218.145	24	CR	None	2019-12-21 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=145,CN)
175.4.219.200	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=0,CN)
175.4.221.88	24	BMP	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=88,CN)
175.4.222.74	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=74,CN)
175.4.223.60	24	CR	None	2020-01-01 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=60,CN)
175.4.245.43	24	GM	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=43,CN)
175.4.246.139	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=139,CN)
175.4.248.249	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=49,CN)
175.41.16.242	24	djs	None	2014-11-24 06:00:00	2020-04-17 00:00:00	None	inbound to mySQL port 3306 (ip=242,HK) | updated by RR with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01480 (IP=244,HK)
175.41.20.5	24	djs	None	2014-03-11 05:00:00	2020-01-11 00:00:00	None	SSH Scans (ip=5,HK) | updated by ABC with reason Command Injection Attempt (IP=204,HK)
175.5.69.174	24	BMP	None	2020-03-22 00:00:00	2020-06-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=174,CN)
175.5.73.144	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=144,CN)
175.5.76.61	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=61,CN)
175.5.77.206	24	BMP	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=206,CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=206,CN)
175.6.102.248	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=248,CN)
175.6.140.14	24	GM	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Timeout before authentication for - Failed Logons (IP=14,CN)
175.6.245.234	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=234,CN)
175.6.35.166	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=166,CN)
175.6.5.233	24	RW	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	Failed password - 6hr Failed Logon (IP=233,CN)
175.8.181.161	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=161,CN)
175.8.37.101	24	RR	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=101,CN)
176.10.153.7	24	CR	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=7,SE)
176.10.171.232	24	KF	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02178 (IP=232,SE)
176.100.128.0	19	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	RU TO-S-2019-0409 Malicious Email Activity
176.100.237.3	32	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=3,ES) | updated by RW Block was inactive. Reactivated on 20191015 with reason Authentication Failed - 6hr Failed Logon (IP=3,ES)
176.102.21.131	24	GM	None	2019-11-12 00:00:00	2020-02-12 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=131,UA)
176.102.28.62	24	RR	None	2019-10-27 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=62,UA ) | updated by RR with reason SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=62,UA )
176.102.29.17	24	RB	None	2019-11-21 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt_6 hr web attacks (IP=17,UA) | updated by KF Block expiration extended with reason SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (1:29831:3) (IP=17,UK)
176.102.50.28	24	RR	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=28,UK)
176.103.174.82	24	BMP	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=82,PL) | updated by RW Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=82,PL)
176.103.91.172	32	CR	None	2020-06-16 00:00:00	2020-09-16 00:00:00	None	Possible SQLi attempt - TT# 20C03183 (IP=172,RU)
176.105.255.59	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	NL TO-S-2019-0608 Malware Activity
176.105.255.61	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=61,NL)
176.107.129.227	24	RR	None	2018-01-16 06:00:00	2020-02-10 00:00:00	None	ET SCAN Potential SSH Scan (IP=227,UA) | updated by GM with reason ABC Generic ArcSight scan attempt (IP=223,PL)
176.107.130.253	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=253,PL)
176.107.131.218	24	ABC	None	2018-06-10 05:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=218 UA) | updated by RB with reason Failed password_6 hr Failed Logons (IP=128,PL) | 2020-02-07 | 2018-09-08
176.107.187.151	24	BMP	None	2020-07-15 00:00:00	2020-10-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=151,UA)
176.109.177.90	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt_Sourcefire (IP=90 UA)
176.109.184.17	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=,UA)
176.109.226.203	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt_12 hr web attacks (IP=203,UA)
176.110.126.81	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	Authentication Failed - Web Attacks (IP=81,RU)
176.111.83.91	24	KF	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1) - SourceFire (IP=91,UK)
176.112.147.160	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	EE TO-S-2019-0400 Malicious Reconnaissance Activity
176.113.112.0	21	dcg	None	2018-07-05 05:00:00	2020-04-20 00:00:00	None	RU TO-S-2018-0908 associated with Malicious Web Application Activity | updated by RR with reason OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=95,RU)
176.113.115.214	32	BMP	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03966 (IP=214,RU)
176.113.115.214	32	BMP	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03966 (IP=214,RU)
176.113.115.95	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=95,RU)
176.113.74.106	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	CA TO-S-2019-0831 Malicious Email Activity
176.114.16.186	32	GM	None	2020-07-11 00:00:00	2020-10-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03426 (IP=186,RU)
176.118.164.203	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password_6 hr Failed Logons (IP=203,RU)
176.118.197.178	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Sourcefire (IP=178,RU)
176.118.28.0	22	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	RU TO-S-2019-0468 Malicious Web Application Activity
176.119.63.226	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	PL TO-S-2019-0723 Malicious Email Activity
176.12.128.0	17	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
176.12.52.236	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BG TO-S-2019-0409 Malicious Email Activity
176.121.128.0	17	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
176.122.120.66	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	UA TO-S-2020-0206 Malicious Web Application Activity
176.122.120.66	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	UA TO-S-2020-0212.01 Malicious Web Application Activity
176.122.25.0	24	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	RU TO-S-2019-0972 Malicious Email Activity
176.122.88.0	21	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	UA TO-S-2019-0409 Malicious Email Activity
176.123.240.104	24	KF	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	APP-DETECT failed FTP login attempt (1:13360:7) - SourceFire (IP=104,KZ)
176.123.4.244	32	CW	None	2020-01-12 00:00:00	2020-02-12 00:00:00	None	Unauthorized Access Attempt-TT# 20C01411 (IP=44,MD)
176.126.175.47	24	BMP	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	FIREEYE Web: Malware Object Download - Hive Case 3795 (IP=47,RO)
176.131.64.32	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C00115 (IP=32,FR)
176.138.70.144	24	RW	None	2020-01-16 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=144,FR) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=144,FR)
176.140.197.247	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=247,FR)
176.159.245.147	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=147,FR)
176.159.57.134	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=134,FR)
176.164.44.142	24	ABC	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	Generic ArcSight scan attempt (IP=142,FR)
176.167.99.82	32	RB	None	2020-04-17 00:00:00	2020-07-18 00:00:00	None	Self-Report / Ft Detrick - TT# 20C02531 (IP=82,FR)
176.168.157.23	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - Failed Logons (IP=23,FR)
176.169.48.40	24	RW	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=40,FR)
176.185.218.124	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Illegal user - Failed Logon (IP=124,FR)
176.186.25.137	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (IP=137,FR)
176.187.61.252	32	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent - TT# 20C00045 (IP=252,US)
176.196.207.10	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr Web attacks (IP=10,RU)
176.202.80.0	20	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	QA TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason QA TO-S-2020-0212.01 Malicious Web Application Activity
176.205.115.43	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=43,AE)
176.216.195.96	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=96,TR)
176.221.251.92	24	RR	None	2020-07-26 00:00:00	2020-10-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=92,GE)
176.223.66.13	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=13,RO)
176.232.166.77	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=77,BU)
176.232.27.72	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=72,TR)
176.234.110.69	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=69,TR)
176.234.235.21	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=21,TR)
176.234.3.213	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=213,TR)
176.234.99.191	24	RR	None	2020-09-19 00:00:00	2020-12-18 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - Web Attacks (IP=191,TR)
176.235.105.47	32	KF	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	Known Attack Tool User / BOT: Mirai Echobot Activity Detected - TT# 010420-00017 (IP=47,TR)
176.235.208.210	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=210,TR)
176.235.99.250	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=250,TR)
176.249.129.131	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=131,GB)
176.249.151.242	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - Failed Logons (IP=242,GB)
176.25.148.115	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	Authentication Failed_Failed Logon (IP=15,GB)
176.250.72.200	24	BMP	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01874 (IP=200,GB)
176.251.143.164	24	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=164,GB)
176.252.54.94	24	CR	None	2020-01-20 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=94,GB)
176.255.63.156	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=156,GB)
176.27.231.1	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logon (IP=1,GB)
176.27.30.237	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	Authentication Failed - 6hr Logons (IP=237, GB)
176.31.115.162	24	20200120	None	None	2020-01-20 00:00:00	None	Illegal user - Fail Logins (IP=162,FR) | updated by 20200120 Block was inactive. Reactivated on RWB with reason Illegal user - Fail Logins (IP=162,FR) | updated by RWB Block was inactive. Reactivated on 20191022 with reason Illegal user - Fail Logins
176.31.116.217	24	RR	None	2019-01-04 06:00:00	2020-02-21 00:00:00	None	APP-DETECT failed FTP login attempt (IP=217,FR) | updated by BP Block was inactive. Reactivated on 20191121 with reason APP-DETECT failed FTP login attempt (IP=217,FR)
176.31.127.152	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=152,FR)
176.31.128.45	24	KF	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	Failed password - 6 Hr Failed Logons (IP=45,FR)
176.31.128.45	32	KF	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	Failed password - 6 Hr Failed Logons (IP=45,US)
176.31.162.82	24	RR	None	2018-12-21 06:00:00	2020-03-03 00:00:00	None	Illegal user (IP=82,FR) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=82,FR)
176.31.182.125	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
176.31.191.61	24	RR	None	2018-12-22 06:00:00	2020-02-01 00:00:00	None	Failed password for invalid user (IP=61,FR) | updated by RW Block was inactive. Reactivated on 20191101 with reason Authentication Failed - 6hr Failed Logon(IP=61,FR)
176.31.217.184	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=184,FR)
176.31.250.160	24	RR	None	2019-02-11 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user (IP=160,FR) | updated by RR with reason Failed password - Failed Logons (IP=160,FR)
176.31.253.204	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Illegal User_Failed Logon (IP=4,FR)
176.32.230.4	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DE TO-S-2020-0056 Malicious Web Application Activity
176.32.230.9	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	CA TO-S-2019-0926 Malicious Email Activity
176.32.34.18	24	MLJ	None	2017-12-14 06:00:00	2020-02-04 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=18,RU) | updated by GM with reason ABC Generic ArcSight scan attempt (IP=133,RU)
176.32.35.0	24	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	RU TO-S-2019-0532 Malware Activity
176.33.138.133	32	BMP	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C04010 (IP=133,TR)
176.33.49.134	24	BMP	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=134,TR)
176.33.72.137	24	EDBT	None	2017-11-05 05:00:00	2020-04-19 00:00:00	None	TELNET: Root Login with Wrong Password (IP=137,TR) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=218,TR) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary comman
176.33.72.218	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=218,TR)
176.35.67.252	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity
176.35.67.252	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0212.01 Malicious Web Application Activity
176.37.28.235	24	RB	None	2018-12-06 06:00:00	2020-03-23 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=235 UA) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=235,UK) | updated by BMP Block was inactive. Reactivated on 20200223 with reason
176.38.149.77	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Authentication Failed (IP=77,UA)
176.38.92.9	32	RW	None	2019-08-24 00:00:00	2020-01-12 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 19C02981 (IP=9,US) | updated by ABC with reason Command Injection Attempt (IP=9,UA)
176.40.105.245	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=45,TR)
176.40.214.34	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=34,TR)
176.41.146.189	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=189,TR)
176.43.35.190	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	HTTP: vBulletin 5.1.2 Unserialize Code Execution - TT# 20C01892 (IP=190,TR)
176.43.38.82	24	RW	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	SERVER-WEBAPP vBulletin decodeArguments PHP object injection attempt - 6hr web attacks (IP=82,TR)
176.48.0.0	14	dcg	None	2018-07-26 05:00:00	2020-04-17 00:00:00	None	RU TO-S-2018-0971 associated with malicious web application and malware activity | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=53,RU)
176.51.99.211	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=11,RU)
176.53.12.238	24	djs	None	2015-02-28 06:00:00	2020-02-15 00:00:00	None	webapp setup.php access (ip=238,TR) | updated by dbc with reason TR TO-S-2019-0409 Malware Activity
176.53.35.201	24	CR	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=201,TU)
176.57.208.0	20	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	RU TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason RU TO-S-2020-0212.01 Malware Activity
176.57.69.61	24	jkc	None	2020-07-01 00:00:00	2020-10-01 00:00:00	None	HIVE Case #3146 CTO-20-172 (IP=61,UA)
176.58.102.35	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=35,GB)
176.58.105.126	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=126,GB)
176.58.108.6	32	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt (IP=6,US)
176.58.109.44	24	RR	None	2017-01-05 06:00:00	2020-04-19 00:00:00	None	SERVER-APACHE Apache mod_ssl non-SSL connection to SSL port denial of service attempt (1:11263) (IP=44,GB) | updated by dbc w
176.58.115.180	24	RR	None	2020-06-25 00:00:00	2020-09-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=180,GB)
176.58.118.253	24	DT	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=253,UK)
176.58.123.20	24	EDBT	None	2017-03-12 06:00:00	2020-02-09 00:00:00	None	ET POLICY Suspicious inbound to PostgreSQL port 5432 (IP=20,GB) | updated by dcg with reason GB TO-S-2018-1186 associated wit | updated by KF with reason Generic ArcSight scan attempt (IP=114,US)
176.58.124.134	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Web App attack - Case #1214 (IP=134,UK)
176.58.65.120	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logons (IP=120,PS)
176.58.72.172	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=172,PS)
176.58.96.156	24	CR	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=156,GB)
176.58.97.194	24	wmp	None	2017-09-20 05:00:00	2020-04-17 00:00:00	None	SQL injection attempt (IP=194,GB) | updated by RR with reason OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=128,GB)
176.58.98.226	32	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt (IP=226,US)
176.62.176.0	20	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
176.62.64.0	18	dcg	None	2018-09-28 05:00:00	2020-04-16 00:00:00	None	RU TO-S-2018-1186 associated with malicious web activity | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=112,RU)
176.63.119.179	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=179,HU)
176.63.12.252	24	20200120	None	None	2020-01-20 00:00:00	None	SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt - sourcefire (IP=252,HU) | updated by RWB Block was inactive. Reactivated on 20191022 with reason SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt - sou
176.63.23.3	24	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=3,AT)
176.74.176.187	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	UK TO-S-2019-0400 Malicious Email Activity
176.74.29.74	24	wmp	None	2015-07-31 05:00:00	2020-08-15 00:00:00	None	ColdFusion admin interface access attempt (IP=74,GB) | updated by dbc with reason UK TO-S-2019-0245 Malicious Email Activity | updated by dbc with reason GB TO-S-2019-0890.01 Malicious Email Activity
176.74.30.18	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	GB TO-S-2019-0640.01 Malicious Email Activity
176.74.30.190	32	wmp	None	2020-09-24 00:00:00	2020-12-23 00:00:00	None	HIVE Case #3974 COLS-NA-TIP-20-0301 (IP=190,GB)
176.8.178.46	24	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - Failed Logons (IP=46,UA)
176.88.146.56	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	TR TO-S-2020-0006 Malicious Email Activity
176.88.226.108	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=108,TR)
176.88.72.156	32	RR	None	2019-12-20 00:00:00	2020-01-19 00:00:00	None	HTTP: vBulletin 5.1.2 Unserialize Code Execution - TT# 20C01194 (IP=156,TR)
176.88.72.219	24	CR	None	2020-01-20 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP vBulletin decodeArguments PHP object injection attempt - Sourcefire (IP=219,TR)
176.88.77.28	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP vBulletin decodeArguments PHP object injection attempt (IP=28,TR)
176.88.78.228	32	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	HTTP: vBulletin 5.1.2 Unserialize Code Execution - 20C01704 (IP=228,US)
176.9.112.115	24	RB	None	2020-07-22 00:00:00	2020-10-20 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attack (IP=115,DE)
176.9.116.26	24	RB	None	2019-01-03 06:00:00	2020-04-17 00:00:00	None	Malware Callback (IP=26,DE) | updated by dbc with reason DE TO-S-2019-0604 Malicious Email Activity
176.9.154.199	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=199,DE)
176.9.164.215	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	DE TO-S-2019-0626.01 Malware Activity
176.9.17.167	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	DE TO-S-2019-0351 Malicious Email Activity
176.9.187.117	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password_6 hr Failed Logons (IP=117,DE)
176.9.203.114	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	DE TO-S-2019-0551.02 Malicious Email Activity
176.9.45.136	32	GM	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Unauthorized Access-Probe - 20C01731 (IP=136,US)
176.9.53.68	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=68,DE)
176.9.9.243	24	RB	None	2018-06-10 05:00:00	2020-05-10 00:00:00	None	ET SCAN Sipvicious User-Agent | updated by dbc with reason DE TO-S-2019-0658 Malicious Email Activity
176.96.251.121	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=121,RU)
176.98.19.158	24	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=158,UA)
176.99.14.244	24	GLM	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	ABC Generic ArcSight scan attempt (IP=244,RU)
176.99.3.118	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=118,RU)
176.99.9.148	24	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=148,RU)
177.1.213.19	24	KF	None	2019-11-03 00:00:00	2020-02-02 00:00:00	None	Failed password_6 Hr Failed Logons (IP=19,BR) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=19,BR)
177.10.130.23	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=23,BR)
177.10.145.82	24	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=82,BR)
177.10.195.91	24	RB	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability_6 hr web attacks (IP=91,BR)
177.105.255.228	24	BMP	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent/ BOT: Mirai Echobot Activity Detected - TT# 20C01964 (IP=228,BR)
177.106.101.49	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=49,BR)
177.106.27.85	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	Illegal user (IP=85,BR)
177.12.227.131	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password (IP=131,BR)
177.124.130.41	24	RR	None	None	2020-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=41,BR)
177.126.128.226	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=226,BR)
177.126.129.39	24	RR	None	2020-03-05 00:00:00	2020-06-03 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=39,BR)
177.126.129.6	24	KF	None	2020-03-07 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02020 (IP=6,BR)
177.126.137.106	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=106,BR)
177.126.138.2	24	KF	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 010420-00013 (IP=2,BR)
177.126.143.219	32	RR	None	2020-03-05 00:00:00	2020-06-03 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01968 (IP=219,BR)
177.126.188.2	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Failed password for invalid user -Failed Logons (IP=2,BR)
177.128.3.100	24	CR	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	CERT/CC VU#257161:CVE-2020-CVE-2020-11910 anomalous ICMPv4 type 3,code 4 Path MTU Discovery_Sourcefire (IP=100,BR)
177.128.34.135	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=135,BR)
177.128.78.178	32	KF	None	2020-03-08 00:00:00	2020-06-06 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02059 (IP=178,US)
177.129.104.94	24	RW	None	2020-05-14 00:00:00	2020-08-14 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=94,BR)
177.130.190.211	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=211,BR)
177.131.22.54	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt (IP=54,BR)
177.136.178.5	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=5,BR)
177.137.89.139	32	RW	None	2020-03-25 00:00:00	2020-04-25 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02226 (IP=139,BR)
177.140.0.0	14	dcg	None	2018-05-17 05:00:00	2020-02-18 00:00:00	None	BR TO-S-2018-0756 Malicious web application activity | updated by RR with reason SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=55,BR)
177.147.20.183	24	RB	None	2017-11-24 06:00:00	2020-02-15 00:00:00	None	ET SCAN Potential SSH Scan (IP=183,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=205,CN) | 2020-02-15 | 2018-02-22
177.147.28.232	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=232,BR)
177.147.34.203	24	BP	None	2019-11-20 00:00:00	2020-02-20 00:00:00	None	Authentication Failed (IP=203,BR)
177.147.95.170	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Authentication Failed_Failed Logon (IP=70,BR)
177.153.11.53	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=53,BR)
177.154.216.213	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=213,BR)
177.155.180.6	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=6,BR)
177.155.36.180	24	GM	None	2020-02-27 00:00:00	2020-05-27 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=180,BR)
177.155.36.232	24	KF	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C01921 (IP=232,BR)
177.155.39.243	32	RW	None	2020-03-10 00:00:00	2020-04-10 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02110 (IP=243,BR)
177.158.127.232	24	BMP	None	2020-05-11 00:00:00	2020-08-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=232,BR)
177.158.206.214	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=214,BR)
177.159.218.30	32	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Immediate Inbound Network Block - TT# 20C00804 (IP=30,US)
177.16.126.192	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - Web Attacks (IP=192,BR)
177.161.104.61	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=61,BR)
177.161.118.147	24	MLJ	None	2017-10-16 05:00:00	2020-02-12 00:00:00	None	ET SCAN Potential SSH Scan (IP=147,BR) | updated by RR with reason Authentication Failed -Failed Logons (IP=245,BR)
177.161.184.4	24	RR	None	2018-07-13 05:00:00	2020-01-31 00:00:00	None	Authentication Failed (IP=4,BR) | updated by GM with reason Authentication Failed - Failed Logons (IP=42,BR)
177.161.202.134	24	MLJ	None	2017-07-07 05:00:00	2020-01-17 00:00:00	None	ET SCAN Potential SSH Scan (IP=134,BR) | updated by RB with reason Illegal user_6 hr Failed Logons (IP=2,BR) | 2020-01-17 | 2017-10-07
177.161.21.245	24	RB	None	2018-05-20 05:00:00	2020-01-30 00:00:00	None	ET SCAN Potential SSH Scan (IP=245,BR) | updated by RR with reason Failed password - Failed Logons (IP=249,)
177.161.233.41	24	GLM	None	2017-06-28 05:00:00	2020-03-14 00:00:00	None	ET SCAN Potential SSH Scan (IP=41,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=14,BR) | 2020-03-14 | 2017-09-28
177.161.31.40	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=40,BR)
177.161.31.40	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=40,BR)
177.161.43.2	24	KF	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	Illegal user - 6 Hr Failed Logons (IP=2,BR)
177.161.97.194	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=194,BR)
177.162.160.178	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=178,BR)
177.162.189.228	24	KF	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Authentication Failed - 6 Hr Failed Logins (IP=228,BR)
177.162.47.8	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=8,BR)
177.163.22.24	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Authentication Failed - Failed Logons (IP=24,BR)
177.17.158.83	24	RR	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Failed password - Failed Logons (IP=83,BR)
177.170.238.122	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=122,BR)
177.173.107.40	24	GM	None	2019-10-01 00:00:00	2020-01-01 00:00:00	None	Authentication Failed - Failed logons (IP=40,BR)
177.173.167.169	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=169,BR)
177.175.198.115	24	RB	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=115 BR)
177.175.246.248	24	RR	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	Authentication Failed - Failed Logons (IP=248,BR)
177.177.177.124	24	RR	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt - SourceFire (IP=124,BR)
177.177.94.46	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=46,BR)
177.184.106.90	24	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	Known Attack Tool User Agent / UDS-WhatWeb_RC8766 - TT# 20C01562 (IP=90,BR)
177.184.117.63	24	BMP	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability - 6hr Web Attacks (IP=63,BR)
177.184.157.207	32	KF	None	2020-03-09 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent/ BOT: Mirai Echobot Activity - TT# 20C02076 (IP=207,US)
177.184.158.158	24	KF	None	2020-03-07 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02019 (IP=158,BR)
177.185.203.126	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=126,BR)
177.185.203.145	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=145,BR)
177.185.203.19	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=19,BR)
177.185.203.74	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=74,BR)
177.185.206.131	32	wmp	None	2020-09-24 00:00:00	2020-12-23 00:00:00	None	HIVE Case #3974 COLS-NA-TIP-20-0301 (IP=131,BR)
177.185.206.132	24	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6 hr Web Attacks (IP=132,BR)
177.185.206.84	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=84,BR)
177.185.206.84	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=84,BR)
177.185.206.96	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=96,BR)
177.19.118.33	32	BMP	None	2020-05-11 00:00:00	2020-08-09 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02713 (IP=33,BR)
177.196.14.191	24	MLJ	None	2017-09-18 05:00:00	2020-01-06 00:00:00	None	ET SCAN Potential SSH Scan (IP=191,BR) | updated by RR with reason Authentication Failed - Failed Logons (IP=13,BR)
177.196.164.42	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=42,BR)
177.196.225.219	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Authentication Failed - Failed Logons (IP=219,BR)
177.196.249.11	24	RR	None	2017-11-17 06:00:00	2020-04-07 00:00:00	None	Authentication Failed (IP=11,BR) | updated by MLJ with reason ET SCAN Potential SSH Scan (IP=228,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=74,BR) | 2020-04-07 | 2018-08-17
177.196.44.25	24	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - Failed Logons (IP=25,BR)
177.197.33.193	24	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=193,BR)
177.197.48.181	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Authentication Failed - sourcefire (IP=181,BR)
177.198.136.15	24	RB	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=15,BR)
177.198.150.159	24	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	Illegal user - Failed Logons (IP=159,BR)
177.198.153.13	24	CR	None	2019-11-28 00:00:00	2020-02-28 00:00:00	None	Authentication Failed - 6 hr Failed Logon (IP=13,BR)
177.199.183.39	24	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	Authentication Failed - 6hr Logons (IP=39, BR)
177.200.221.170	24	RR	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=170,BR)
177.206.71.12	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=12,BR)
177.207.216.48	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=48,BR)
177.213.136.120	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=120,BR)
177.213.228.97	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=97,BR)
177.215.68.108	24	CR	None	2019-12-24 00:00:00	2020-03-25 00:00:00	None	Authentication Failed- 6 hr Failed logon (IP=108, BR) | updated by CR Block expiration extended with reason Authentication Failed- 6 hr Failed logon (IP=108, BR)
177.216.104.123	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	Authentication Failed - 6 hr Failed Logon (IP=123,BR)
177.222.144.72	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=72,BR)
177.222.192.244	24	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr Web Attacks (IP=244,BR)
177.222.198.17	24	KF	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	Known Attack Tool User Agent/HTTP: D-Link Router Command - TT# 20C01850 (IP=17,BR)
177.23.104.17	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=17,BR)
177.23.107.31	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=31,BR)
177.23.214.90	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Illegal user - 6hr Logons (IP=90,BR)
177.23.72.141	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password (IP=141,BR)
177.24.3.140	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=140,BR)
177.25.134.34	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=34,BR)
177.25.145.93	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=93 BR)
177.25.147.245	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	Authentication Failed_Failed Logon (IP=45,BR)
177.25.148.112	24	GM	None	2019-11-18 00:00:00	2020-02-18 00:00:00	None	Illegal user - Failed Logons (IP=112,BR)
177.25.149.89	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Authentication Failed - Failed Logons (IP=89,BR)
177.25.153.156	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Authentication Failed - Failed Logons (IP=156,BR)
177.25.154.254	24	GM	None	2019-11-18 00:00:00	2020-02-18 00:00:00	None	Illegal user - Failed Logons (IP=254,BR)
177.25.158.130	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=130,BR)
177.25.165.136	24	RW	None	2020-01-07 00:00:00	2020-04-09 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=136,BR) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=136,BR)
177.25.168.249	24	RW	None	2020-01-07 00:00:00	2020-04-09 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=249,BR) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=249,BR)
177.25.176.52	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	Authentication Failed_Failed Logon (IP=52,BR)
177.25.180.117	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	Authentication Failed_Failed Logon
177.25.183.191	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=191,BR)
177.25.186.35	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Authentication Failed (IP=35,BR)
177.25.187.250	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	Authentication Failed_Failed Logon (IP=50,BR)
177.25.208.217	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=217,BR)
177.25.209.29	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=29,BR)
177.25.210.236	24	KF	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Failed password - 6 Hr Failed Logons (IP=236,BR)
177.25.211.74	24	CR	None	2020-01-20 00:00:00	2020-04-20 00:00:00	None	Authentication Failed - 6 hr Failed Logon (IP=74,BR)
177.25.212.160	24	RW	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=160,BR)
177.25.213.25	24	RB	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=25,BR)
177.25.216.225	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=225,BR)
177.25.218.37	24	RW	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=37,BR)
177.25.220.129	24	RB	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=129,BR)
177.25.222.166	24	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - Failed Logons (IP=166,BR)
177.25.223.163	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=163,BR)
177.33.173.236	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Web Attacks(IP=236,BR)
177.33.235.67	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=67,BR)
177.34.125.113	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=113,BR)
177.35.160.215	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=215,BR)
177.37.161.153	24	RW	None	2020-04-11 00:00:00	2020-07-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=153,BR)
177.38.15.20	24	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=20,BR)
177.41.15.104	24	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=104,BR)
177.41.251.20	24	RR	None	2020-04-19 00:00:00	2020-07-18 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=20,BR)
177.42.153.7	24	RR	None	2020-07-26 00:00:00	2020-10-24 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=7,BR)
177.43.91.50	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=50,BR)
177.45.0.0	16	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	BR TO-S-2019-0420 Correction to TO-S-2018-1077 Malicious Activity
177.47.197.33	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
177.47.247.188	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	Authentication Failed (IP=188,BR)
177.52.219.93	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=93,BR)
177.53.52.37	24	RB	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6 hr web attacks (IP=37,BR)
177.55.103.29	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=29,BR)
177.57.172.158	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	INDICATOR-SC AN SSH brute force login attempt_12 hr web attacks (IP=158,BR)
177.58.244.13	24	KF	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Authentication Failed - 6 Hr Failed Logons (IP=13,BR)
177.58.56.176	24	GM	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - Failed Logons (IP=176,BR)
177.59.1.14	24	RB	None	2017-10-28 05:00:00	2020-04-07 00:00:00	None	ET SCAN Potential SSH Scan (IP=14,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=144,BR) | 2020-04-07 | 2018-01-26
177.59.11.227	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Failed password - Failed Logons (IP=227,BR)
177.59.13.119	24	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	Authentication Failed - 6hr Failed Logons (IP=119,BR)
177.59.13.119	24	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	Authentication Failed - 6hr Failed Logons (IP=119,BR)
177.59.13.119	24	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	Authentication Failed - 6hr Failed Logons (IP=119,BR)
177.59.13.119	24	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	Authentication Failed - 6hr Failed Logons (IP=119,BR)
177.59.19.237	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=237,BR)
177.59.21.118	24	RR	None	2018-06-07 05:00:00	2020-03-12 00:00:00	None	Authentication Failed (IP=118,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=108,BR) | 2020-03-12 | 2018-09-05
177.59.31.246	24	RB	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=246 BR)
177.59.4.8	24	KF	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	Authentication Failed - 6 Hr Failed Logins (IP=8,BR)
177.59.7.159	24	CW	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	Authentication Failed_Failed Logon (IP=59,BR)
177.67.73.33	24	RR	None	None	2020-06-23 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=33,BR)
177.67.83.139	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=139,BR)
177.69.104.168	24	BMP	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	Illegal user - 6hr Logons (IP=168,BR)
177.69.221.75	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=75,BR)
177.69.44.193	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=193,BR)
177.70.104.191	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password - Failed Logons (IP=191,BR)
177.70.11.103	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=103,BR)
177.70.125.89	32	wmp	None	2020-06-23 00:00:00	2020-09-23 00:00:00	None	HIVE Case #3072 COLS-NA-TIP-20-0190 (IP=89,BR)
177.70.27.42	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=42,BR)
177.71.89.120	32	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent - TT# 20C02039 (IP=120,US)
177.71.89.172	32	GM	None	2020-03-08 00:00:00	2020-06-08 00:00:00	None	Known Attack Tool User Agent - TT# 20C02072 (IP=172,US)
177.72.223.44	32	RB	None	2020-03-10 00:00:00	2020-04-09 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02102 (IP=44,BR)
177.73.119.121	32	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C01906 (IP=121,US)
177.73.248.35	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=35,BR)
177.75.152.208	24	RW	None	2020-03-09 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent - TT# 20C02091(IP=208,BR)
177.75.159.22	32	RR	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	Known Attack Tool User Agent/ BOT: Mirai Echobot Activity Detected - TT# 20C01992 (IP=22,BR)
177.78.171.161	24	20200120	None	None	2020-01-20 00:00:00	None	Authentication Failed - Fail Logins (IP=161,BR) | updated by RWB Block was inactive. Reactivated on 20191022 with reason Authentication Failed - Fail Logins (IP=161,BR)
177.79.0.132	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=132 BR)
177.79.1.197	24	MLJ	None	2017-07-04 05:00:00	2020-01-31 00:00:00	None	ET SCAN Potential SSH Scan (IP=197,BR) | updated by RR with reason Authentication Failed (IP=108,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=74,BR) | 2020-01-31 | 2019-01-31
177.79.102.37	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logons (IP=37,BR)
177.79.103.146	24	MLJ	None	2017-09-13 05:00:00	2020-01-21 00:00:00	None	ET SCAN Potential SSH Scan (IP=146,BR) | updated by KF with reason Authentication Failed (IP=249,BR) | updated by KF with | updated by GM with reason Authentication Failed - Failed Logons (IP=48,BR)
177.79.115.251	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Authentication Failed (IP=251,BR)
177.79.2.133	24	MLJ	None	2017-07-03 05:00:00	2020-01-31 00:00:00	None	ET SCAN Potential SSH Scan (IP=133,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=13,BR) | 2020-01-31 | 2017-10-03
177.79.3.186	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=186 BR)
177.79.30.246	24	MLJ	None	2017-09-05 05:00:00	2020-01-07 00:00:00	None	ET SCAN Potential SSH Scan (IP=246,BR) | updated by RR with reason Authentication Failed (IP=38,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=40,BR) | 2020-01-07 | 2018-10-25
177.79.33.60	24	MLJ	None	2017-09-05 05:00:00	2020-01-07 00:00:00	None	ET SCAN Potential SSH Scan (IP=60,BR) | updated by RR with reason Authentication Failed (IP=216,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=13,BR) | 2020-01-07 | 2018-10-25
177.79.4.46	24	MLJ	None	2017-07-04 05:00:00	2020-01-02 00:00:00	None	ET SCAN Potential SSH Scan (IP=46,BR) | updated by RR with reason Authentication Failed (IP=152,BR) | updated by RR with reason Authentication Failed - Failed Logons (IP=225,BR)
177.79.49.157	24	MLJ	None	2017-07-04 05:00:00	2020-01-02 00:00:00	None	ET SCAN Potential SSH Scan (IP=157,BR) | updated by RR with reason Authentication Failed (IP=81,BR | updated by RR with reason Authentication Failed - Failed Logons (IP=197,BR)
177.79.52.169	24	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - Failed Logons (IP=169,BR)
177.79.59.214	24	MLJ	None	2017-09-08 05:00:00	2020-01-29 00:00:00	None	ET SCAN Potential SSH Scan (IP=214,BR) | updated by GM with reason Authentication Failed - Failed Logons (IP=124,BR)
177.79.6.250	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - Failed Logons (IP=250,BR)
177.79.62.98	24	GM	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=98,BR)
177.79.63.217	24	MLJ	None	2017-09-05 05:00:00	2020-01-29 00:00:00	None	ET SCAN Potential SSH Scan (IP=217,BR) | updated by GM with reason Authentication Failed - Failed Logons (IP=84,BR)
177.79.71.199	24	MLJ	None	2017-07-06 05:00:00	2020-04-20 00:00:00	None	ET SCAN Potential SSH Scan (IP=199,BR) | updated by RR with reason Authentication Failed (IP=183,BR) | updated by CR with reason Authentication Failed - 6 hr Failed Logon (IP=141,BR)
177.79.71.219	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Authentication Failed - Failed Logons (IP=219,BR)
177.79.72.188	24	MLJ	None	2017-09-05 05:00:00	2020-02-18 00:00:00	None	ET SCAN Potential SSH Scan (IP=188,BR) | updated by RR with reason Authentication Failed (IP=217,BR) | updated by GM with reason Authentication Failed - Failed Logons (IP=205,BR)
177.79.78.59	24	MLJ	None	2017-09-05 05:00:00	2020-03-13 00:00:00	None	ET SCAN Potential SSH Scan (IP=59,BR) | updated by GLM with reason Authentication Failed (IP=150,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=241,BR) | 2020-03-13 | 2018-11-03
177.79.82.182	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	Authentication Failed_Failed Logon (IP=82,BR)
177.79.95.14	24	RR	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Authentication Failed - Failed Logons (IP=14,BR)
177.79.97.48	24	RR	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Authentication Failed - Failed Logons (IP=48,BR)
177.8.244.97	32	GM	None	2020-03-08 00:00:00	2020-06-08 00:00:00	None	Known Attack Tool User Agent - TT# 20C02068 (IP=97,US)
177.85.157.138	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=138,BR)
177.85.2.41	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 020420-00059 (IP=41,BR)
177.86.235.138	24	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=138,BR)
177.87.144.209	24	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=209,BR)
177.87.150.103	32	RW	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02224 (IP=103,BR)
177.87.151.113	24	RR	None	2020-03-05 00:00:00	2020-06-03 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=113,BR)
177.91.112.110	24	KF	None	2020-03-16 00:00:00	2020-06-14 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02148 (IP=110,BR)
177.91.112.14	24	MLJ	None	2017-05-22 05:00:00	2020-04-07 00:00:00	None	ET SCAN Behavioral Unusually fast Terminal Server Traffic Potential Scan or Infection (Inbound) (IP=14,BR) | updated by RB with reason Illegal user_6 hr Failed Logons (IP=46,BR) | 2020-04-07 | 2017-05-22
177.91.80.18	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Invalid user - Failed Logons (IP=18,BR)
177.91.87.13	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=13,BR)
177.92.145.216	32	RW	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01869 (IP=216,BR)
177.92.16.186	24	RR	None	2018-06-17 05:00:00	2020-02-20 00:00:00	None	Illegal user (IP=186,BR) | updated by RR with reason Failed password - Failed Logons (IP=186,BR)
177.92.176.92	24	KF	None	2020-03-09 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent - TT# 20C02078 (IP=92,BR)
177.92.203.27	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=27,BR)
177.92.206.131	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
177.92.66.226	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=226,BR)
177.96.28.255	32	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Immediate Inbound Network Block - TT# 20C00809 (IP=255,US)
178.112.198.54	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=54,AT)
178.113.41.211	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	Authentication Failed (IP=211,AT)
178.115.128.15	24	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	Illegal User - 6hr Logons (IP=15,AT)
178.116.225.108	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=108,BE)
178.118.238.129	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=129,BE)
178.118.78.75	24	KF	None	2019-02-08 00:00:00	2020-05-04 00:00:00	None	Failed password for invalid user (IP=75,BE) | updated by RB Block was inactive. Reactivated on 20200204 with reason Authentication Failed_6 hr Failed Logons_WPC (IP=75 BE)
178.119.220.210	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=210,BE)
178.122.154.125	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Generic ArcSight scan attempt (IP=125,BY)
178.124.161.75	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password for invalid user - Failed Logons (IP=75,BY)
178.124.223.251	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=251,BE)
178.127.0.96	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=96,BY)
178.128.102.212	24	RWB	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	Attempted Denial of Service - PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=212,SG)
178.128.105.102	24	CR	None	2019-02-05 00:00:00	2020-03-29 00:00:00	None	Authentication Failed (IP=102,GR) | updated by KF with reason Authentication Failed (IP=102,GR) | updated by dbc with reason
178.128.107.117	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logon (IP=117,GR)
178.128.108.22	24	RB	None	2019-01-18 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user(IP=22,SG) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=19,GR)
178.128.114.248	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	SG TO-S-2019-1002 Malware Activity
178.128.117.23	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	SG TO-S-2019-0631 Malware Activity
178.128.118.123	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
178.128.120.142	32	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Generic ArcSight scan attempt (IP=142,US)
178.128.123.117	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Authentication Failed_Failed Logon (IP=17,SG)
178.128.13.8	32	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=8,US)
178.128.140.114	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	NL TO-S-2019-0430 Malicious Web Application Activity
178.128.143.4	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	NL TO-S-2019-0431 Malicious Web Application Activity
178.128.148.98	32	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=98,US)
178.128.151.140	32	BMP	None	2020-07-07 00:00:00	2020-10-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=140,US) | updated by RR Block expiration extended with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
178.128.157.148	32	GLM	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	ABC Generic ArcSight scan attempt (IP=148,US)
178.128.158.199	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=199,GR)
178.128.162.10	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=10,GB)
178.128.166.154	24	GM	None	2019-02-09 00:00:00	2020-02-14 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=154,UK) | updated by RW with reason SQL HTTP URI blind injection attempt - 6hr web attacks (IP=154,UK)
178.128.172.78	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	GB TO-S-2019-1002 Malicious Email Activity
178.128.186.53	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - Web Attacks (IP=53,GR)
178.128.193.12	24	GM	None	2019-04-18 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (IP=12,DE) | updated by RR with reason Generic ArcSight scan attempt (IP=37,US)
178.128.20.163	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP elFinder PHP connector command injection attempt_Web Attacks (IP=163,GR)
178.128.20.163	32	RR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	HTTP: PHP-FPM Remote Code Execution Vulnerability (CVE-2019-11043) - TT# 20C01787 (IP=163,SG)
178.128.20.9	24	KF	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C02218 (IP=9,SG)
178.128.200.121	32	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=121,US)
178.128.200.207	32	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=207,US)
178.128.200.55	32	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=55,US)
178.128.201.239	32	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=239,US)
178.128.203.152	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=152,US)
178.128.204.5	32	GM	None	2020-08-18 00:00:00	2020-11-18 00:00:00	None	Unauthorized Access-Probe // UDP: Host Sweep - TT # 20C03736 (IP=5,DE)
178.128.205.72	32	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=72,US)
178.128.208.227	24	RB	None	2019-02-07 00:00:00	2020-09-02 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (IP=227,SG) | updated by dbc with reason SG TO-S-2019-0952 Malware Activity
178.128.21.38	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=38,SG)
178.128.210.61	24	RR	None	2018-12-08 06:00:00	2020-04-29 00:00:00	None	Failed password for invalid user (IP=61,GR) | updated by dbc with reason SG TO-S-2019-0631 Malware Activity
178.128.213.91	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=91,SG)
178.128.216.102	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=102,SG)
178.128.218.56	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=56,GR)
178.128.219.122	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=122,US)
178.128.221.49	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=49,GR)
178.128.221.87	32	BMP	None	2020-06-01 00:00:00	2020-09-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03028 (IP=87,SG)
178.128.222.84	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password (IP=84,GR)
178.128.226.52	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password_6 hr Failed Logons (IP=52,CA)
178.128.230.40	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	CA TO-S-2019-1036 Malicious Email Activity
178.128.235.223	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	CA TO-S-2019-0409 Malicious Email Activity
178.128.236.241	32	RW	None	2020-03-09 00:00:00	2020-04-09 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02098(IP=241,CA)
178.128.238.164	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
178.128.238.248	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=248,CA)
178.128.24.84	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=84,SG)
178.128.241.94	32	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt (IP=94,US)
178.128.242.161	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	NL TO-S-2020-0190 Malicious Email Activity
178.128.242.40	24	RB	None	2018-08-25 05:00:00	2020-02-06 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=40,NL) | updated by RR with reason Failed password - Failed Logons (IP=233,GR)
178.128.246.123	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=123,GR)
178.128.247.181	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=181,GR)
178.128.250.10	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=10,NL)
178.128.250.55	32	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt (IP=55,US)
178.128.250.60	32	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=60,US)
178.128.255.8	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=8,GR)
178.128.34.14	24	BMP	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	Illegal user - 6hr Logons (IP=14,GR)
178.128.4.229	32	dbc	None	2019-01-15 06:00:00	2020-01-15 06:00:00	None	US TO-S-2019-0321 Malicious Email Activity
178.128.6.69	32	KF	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Known Attack Tool User Agent/BOT: Muieblackcat Traffic Detected I - TT# 20C01712 (IP=69,US)
178.128.76.6	32	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password - Failed Logons (IP=6,US)
178.128.78.14	32	RB	None	2020-02-12 00:00:00	2020-03-12 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C01726 (IP=14,US)
178.128.78.31	32	KF	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Known Attack Tool User Agent/BOT: Potential Muieblackcat Scanner - TT# 20C01733 (IP=31,US)
178.128.78.9	32	RB	None	2020-02-12 00:00:00	2020-03-12 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C01725 (IP=9,US)
178.128.79.169	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - 6hr Web Attacks (IP=169,GR)
178.128.8.194	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malware Activity
178.128.86.7	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Invalid user -Failed Logons (IP=7,GR)
178.128.87.175	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=175,SG)
178.128.90.40	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=40,GR)
178.128.97.75	24	RWB	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	Attempted Denial of Service - PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=75,SG
178.130.107.76	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=76,RU)
178.130.78.214	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=214,YE)
178.132.1.167	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	NL TO-S-2019-0952 Malware Activity
178.132.5.187	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=187,NL)
178.140.44.219	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Illegal user - Failed Logons (IP=219,RU)
178.140.86.48	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=48,RU)
178.142.121.239	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=239,DE)
178.143.23.102	24	wmp	None	2019-02-04 00:00:00	2020-06-16 00:00:00	None	authentication bypass vulnerability (IP=102,SK) | updated by RW Block was inactive. Reactivated on 20200316 with reason HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=102,SK)
178.148.237.6	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=6,RS)
178.148.255.137	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	RS TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason RS TO-S-2020-0212.01 Malicious Web Application Activity
178.149.0.0	16	dcg	None	2018-09-28 05:00:00	2020-04-19 00:00:00	None	RS TO-S-2018-1186 associated with malicious web activity | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=191,SB) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary co
178.150.35.56	24	RR	None	2020-01-17 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=56,UK) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=56,UA)
178.151.83.166	24	RR	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire D11 (IP=166,UK)
178.153.108.230	24	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=230,QA)
178.153.67.243	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=243,QT)
178.156.202.194	24	GM	None	2018-10-05 05:00:00	2020-08-06 00:00:00	None	SQL generic sql with comments injection attempt - GET parameter (IP=194,RO) | updated by RB with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT#19C02370 (IP=235,RO) | updated by dbc with reason RO TO-S-2019-0864 Malicious
178.157.90.226	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malicious Web Application Activity
178.159.240.0	21	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	BY TO-S-2019-0972 Malicious Email Activity
178.159.37.134	24	DT	None	2020-07-24 00:00:00	2020-10-24 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=134,UA)
178.16.26.152	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=152,LV)
178.167.0.0	17	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
178.17.168.163	24	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=163,MD)
178.17.168.163	24	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - 6hr Web Attacks (IP=163,MD)
178.17.168.163	24	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=163,MD)
178.17.168.163	24	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - 6hr Web Attacks (IP=163,MD)
178.17.168.163	24	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=163,MD)
178.17.168.163	24	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - 6hr Web Attacks (IP=163,MD)
178.17.168.163	24	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=163,MD)
178.17.168.163	24	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - 6hr Web Attacks (IP=163,MD)
178.17.170.116	24	DT	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=116,MD)
178.172.181.214	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=214,BY)
178.172.235.53	24	RR	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=53,BY)
178.174.223.54	24	GM	None	2020-03-13 00:00:00	2020-06-13 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=54,SE)
178.176.172.50	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=50,RU)
178.176.19.90	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=90,RU)
178.176.60.196	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=196,RU)
178.18.195.34	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	TR TO-S-2019-0508 Malicious Email Activity
178.184.11.205	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=205,RU)
178.184.2.101	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=101,RU)
178.184.35.11	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=11,RU)
178.184.36.81	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=81,RU)
178.184.41.20	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=20,RU)
178.184.52.219	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=219,RU)
178.184.60.168	24	RB	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=168 RU)
178.185.0.0	17	jky	None	2016-12-27 06:00:00	2020-02-18 00:00:00	None	UA TO-S-2017-0357 Country block | updated by RR with reason APP-DETECT failed FTP login attempt - Failed Logons (IP=1,RU)
178.188.0.0	14	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	AT TO-S-2019-0852 Malware Activity
178.19.105.194	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	UDP: Host Sweep (IP=194,PL)
178.19.105.194	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	UDP: Host Sweep (IP=194,PL)
178.19.108.162	24	wla	None	2014-08-01 05:00:00	2020-01-18 00:00:00	None	TCP Host Sweep (IP=162, PL) | updated by djs with reason NTP DDoS Inbd Un-Authed MON_LIST Requests (ip=194,PL) | updated by RB with reason Generic ArcSight scan attempt (IP=154,PL) | 2020-01-18 | 2015-09-27
178.193.128.132	24	dlb	None	2015-02-03 06:00:00	2020-01-18 00:00:00	None	TCP Host Sweeps (IP=132, CH) | updated by RB with reason Generic ArcSight scan attempt (IP=220,CH) | 2020-01-18 | 2015-05-03
178.193.128.220	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=220,CH)
178.195.121.61	24	RR	None	2020-04-19 00:00:00	2020-07-18 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=61,CH)
178.195.93.68	24	RW	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=10,HK)
178.199.198.127	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=127 CH)
178.2.93.128	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=128,DE)
178.20.153.14	24	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=14,UA)
178.20.52.1	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	HTTP: SQL Injection - Exploit (IP=1,FR)
178.200.33.148	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	RS TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason RS TO-S-2020-0212.01 Malicious Web Application Activity
178.200.55.225	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=225,DE)
178.201.211.94	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Authentication Failed - Failed Logons (IP=94,DE)
178.208.83.9	24	djs	None	2015-01-02 06:00:00	2020-08-15 00:00:00	None	WEBAPP admin.php access (ip=9,RU) | updated by klb with reason ET WEB_SERVER MYSQL Benchmark Command in UR (IP=20 RU) | upda | updated by RW Block was inactive. Reactivated on 20200515 with reason SQL union select - possible sql injection attempt - GE
178.209.32.0	19	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	CH TO-S-2019-0800 Malicious Email Activity
178.210.165.247	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=247,TR)
178.210.173.179	24	GM	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=179,TR)
178.210.175.31	24	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=31,TR)
178.210.177.101	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	Unaffiliated TO-S-2019-0532 Malicious Email Activity
178.210.90.252	32	RR	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03632 (IP=252,RU)
178.210.90.252	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	HTTP: SQL Injection - Exploit II_Web attacks (IP=52,RU)
178.210.90.252	24	KF	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=252,RU)
178.211.51.222	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=222,TK)
178.212.182.107	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=107,RU)
178.213.188.67	24	CR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=67,UA)
178.213.189.11	24	GM	None	2020-09-12 00:00:00	2020-12-12 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=11,UA)
178.213.190.33	24	RW	None	2020-06-08 00:00:00	2020-09-08 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Sourcefire (IP=33,UK)
178.213.191.222	24	DT	None	2020-09-09 00:00:00	2020-12-09 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=222,UA)
178.218.218.2	24	RB	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=2,RU)
178.219.173.3	24	RR	None	2020-04-08 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=3,RU) | not blocked: This is a signature for home routers.
178.219.93.242	32	RW	None	2020-04-01 00:00:00	2020-05-01 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 0104-00009 (IP=242,UA)
178.22.217.156	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=156,RS)
178.221.172.226	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=226,RS)
178.222.242.69	24	ged	None	2014-05-11 05:00:00	2020-04-19 00:00:00	None	TCP HOST SWEEPS (IP=69, RS) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=238,SR)
178.236.220.236	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=236,RU)
178.236.234.4	32	RR	None	2019-10-12 00:00:00	2020-02-03 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00386 (IP=4,HK) | updated by RR with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01333 (IP=4,HK)
178.238.236.119	24	CR	None	2020-03-17 00:00:00	2020-06-17 00:00:00	None	DLINK Command Injection Exploit Host (IP=119,DE)
178.238.33.248	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	CZ TO-S-2020-0006 Malicious Email Activity
178.241.65.245	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	TR TO-S-2020-0006 Malicious Email Activity
178.242.202.5	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=5,TR)
178.243.34.197	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Authentication Failed - Failed Logons (IP=197,TR)
178.248.87.132	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=132,RU)
178.250.66.92	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=92,IT)
178.251.247.84	32	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02044 (IP=84,US)
178.254.0.120	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malware Activity
178.254.10.139	24	wla	None	2014-05-27 05:00:00	2020-04-08 00:00:00	None	China Chopper PHP/Backdoor Detected (IP=139, DE) | updated by dbc with reason DE TO-S-2019-0577 Malicious Email Activity
178.254.23.33	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password (IP=33,DE)
178.254.35.7	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=7,DE)
178.254.58.64	24	KF	None	2020-07-01 00:00:00	2020-09-29 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (1:13990:26) - SourceFire (IP=64,DE)
178.255.225.148	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	ES TO-S-2019-0358 Malicious Email Activity
178.27.196.25	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	RS TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason RS TO-S-2020-0212.01 Malicious Web Application Activity
178.27.217.1	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	RS TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason RS TO-S-2020-0212.01 Malicious Web Application Activity
178.32.110.185	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NL TO-S-2020-0006 Malicious Email Activity
178.32.123.182	24	RW	None	2020-07-18 00:00:00	2020-10-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=182,FR)
178.32.124.74	24	RR	None	2020-07-19 00:00:00	2020-10-17 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=74,FR)
178.32.125.162	24	RW	None	2020-07-18 00:00:00	2020-10-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=162,FR)
178.32.173.111	24	GM	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SQL use of sleep function with select - likely SQL injection - Sourcefire (IP=111,FR)
178.32.218.192	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
178.32.221.142	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=142,FR)
178.32.224.119	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	FR TO-S-2019-0658 Malware Activity
178.32.251.104	32	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	FR TO-S-2019-0515 Malware Activity
178.32.46.58	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	BE TO-S-2020-0012 Malicious Email Activity
178.32.51.136	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=136,FR)
178.32.51.136	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=136,FR)
178.32.58.182	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	NL TO-S-2020-0056 Malicious Web Application Activity
178.32.61.161	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	GB TO-S-2019-0972 Malicious Email Activity
178.32.92.81	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=81,FR)
178.32.96.28	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=28,FR)
178.33.12.237	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Invalid user - Failed Logon (IP=237,FR)
178.33.130.196	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=196,FR)
178.33.168.128	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password (IP=128,FR)
178.33.185.70	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=70,FR)
178.33.194.152	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	FR TO-S-2019-0546 Malicious Email Activity
178.33.199.44	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	FR TO-S-2020-0056 Malicious Email Activity
178.33.235.187	24	GM	None	2020-03-24 00:00:00	2020-06-24 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=187,FR)
178.33.236.23	24	RR	None	2018-12-08 06:00:00	2020-02-01 00:00:00	None	Failed password for invalid user (IP=23,FR) | updated by KF Block was inactive. Reactivated on 20191103 with reason Failed Password_6 Hr Failed Logons (IP=23,FR)
178.33.42.215	24	DT	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=215,FR)
178.33.67.12	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password - Failed Logons (IP=12,FR)
178.33.89.24	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	FR TO-S-2019-0577 Malicious Email Activity
178.34.156.249	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=249,HK)
178.40.57.237	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=237,SK)
178.43.55.101	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	PL TO-S-2019-0972 Malicious Web Application Activity
178.54.128.0	17	jky	None	2017-09-01 05:00:00	2020-04-12 00:00:00	None	UA TO-S-2017-1473 Application specific activity | updated by CW with reason Authentication Failed_Failed Logon (IP=56,UA)
178.57.72.0	21	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
178.61.100.162	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=162 KW)
178.62.0.215	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=215,UK)
178.62.102.53	24	GLM	None	2019-01-08 06:00:00	2020-02-28 00:00:00	None	Illegal user (IP=53,GB) | updated by RB with reason Failed password_6 hr Failed Logons (IP=177,GB) | 2020-02-28 | 2019-04-08
178.62.159.94	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	NL TO-S-2019-0972 Malware Activity
178.62.181.74	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=74,NL)
178.62.196.49	24	RB	None	2019-06-15 00:00:00	2020-06-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=49,NL) | updated by dbc with reason NL TO-S-2019-0781 Malicious Email Activity
178.62.207.238	24	GLM	None	2017-01-10 06:00:00	2020-04-16 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=238,NL) | updated by dbc with reason NL TO-S-2019-0240.01 Malicious Email Ac
178.62.213.66	24	MLJ	None	2018-03-02 06:00:00	2020-03-28 00:00:00	None	Illegal user (IP=66,GB) | updated by dbc with reason NL TO-S-2019-0546 Malicious Email Activity
178.62.215.38	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	RS TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason RS TO-S-2020-0212.01 Malicious Web Application Activity
178.62.218.76	24	ABC	None	2017-12-22 06:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=76,ZZ) | updated by kmw with reason NL TO-S-2019-0358 Malicious Web Application Activity
178.62.222.234	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=234,NL)
178.62.225.192	32	CR	None	2019-12-04 00:00:00	2020-01-04 00:00:00	None	Self Report / HTTP Request Attack - TT# 20C01082 (IP=192,US)
178.62.227.13	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	NL TO-S-2019-0604 Malware Activity
178.62.23.108	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=108,UK)
178.62.244.30	24	RB	None	2019-01-18 00:00:00	2020-02-04 00:00:00	None	Failed password for invalid user(IP=30,NL) | updated by RR with reason Invalid user - Failed Logons (IP=194,NL)
178.62.251.130	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Illegal user - 6hr Logons (IP=130,NL)
178.62.253.149	24	dbc	None	2014-11-06 06:00:00	2020-03-29 00:00:00	None	Potential SSH Scan (IP=149, NL) | updated by dbc with reason NL TO-S-2019-0551.02 Malicious Email Activity
178.62.27.245	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Invalid user - Failed Logons (IP=245,GB)
178.62.33.241	24	RR	None	2020-06-15 00:00:00	2020-09-13 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=241,GB)
178.62.33.241	32	CR	None	2020-06-15 00:00:00	2020-09-15 00:00:00	None	31188 HTTP vBulletin Authentication Bypass Vulnerability - TT# 20C03172 (IP=241,GB)
178.62.36.11	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=11,GB)
178.62.37.0	24	tjh	None	2016-02-03 06:00:00	2020-03-18 00:00:00	None	GB SUCURI Blog: Admedia/Adverting iFrame Infection | updated by dbc with reason UK TO-S-2019-0508 Malware Activity
178.62.41.7	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=7,GB)
178.62.50.119	32	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron(IP=119,US)
178.62.56.29	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	GB TO-S-2019-0658 Malware Activity
178.62.60.233	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=233,GB)
178.62.64.107	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=71,NL)
178.62.67.63	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=63,GB)
178.62.74.48	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password for invalid user - Failed Logon (IP=48,GB)
178.62.83.118	24	BMP	None	2020-06-05 00:00:00	2020-09-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=118,GB)
178.62.86.88	24	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=88,GB)
178.62.90.135	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Failed password - 6hr Logons (IP=135,GB)
178.63.0.74	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malware Activity
178.63.100.197	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=197,DE)
178.63.125.18	32	wmp	None	2020-06-19 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=18,DE) | updated by wmp Block expiration extended with reason HIVE Case #3708 TO-S-2020-0766 (IP=18,DE)
178.63.125.22	32	dbc	None	2020-08-04 00:00:00	2020-08-04 00:00:00	None	HIVE Case #3470 CTO-20-210 DCNDC T-2020-07-015 (IP=22,DE)
178.63.172.13	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malicious Email Activity
178.63.226.189	32	FT	None	2020-09-28 00:00:00	2020-12-28 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - TT# 20C04002(IP=189,DE)
178.63.243.36	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	DE TO-S-2019-0400 Malicious Email Activity
178.63.48.196	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=196,DE)
178.63.60.53	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=53,DE)
178.63.60.53	32	RW	None	2020-04-07 00:00:00	2020-05-07 00:00:00	None	Unauthorized Access-Probe - TT# 20C02461 (IP=53,DE)
178.63.61.173	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	DE TO-S-2019-0571 Malicious Email Activity
178.63.79.113	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	DE TO-S-2019-0952 Malicious Email Activity
178.63.97.207	24	wmp	None	2018-10-26 05:00:00	2020-08-15 00:00:00	None	COLS-NA TIP 18-0392 (IP=207,DE) | updated by dbc with reason DE TO-S-2019-0890.01 Malicious Email Activity
178.65.3.165	24	BP	None	2019-12-19 00:00:00	2020-03-18 00:00:00	None	Illegal User - 6hr Failed Logon (IP=165,RU)
178.72.128.0	18	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	AM TO-S-2020-0012 Malware Activity
178.74.128.0	18	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
178.75.0.0	18	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	RU TO-S-2019-0400 Malicious Reconnaissance Activity
178.79.145.21	24	RW	None	2019-12-12 00:00:00	2020-03-12 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - Sourcefire (IP=21,NL)
178.79.147.205	32	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=205,US)
178.79.147.90	24	CR	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=90,GB)
178.79.148.188	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=188,UK)
178.79.155.81	24	GLM	None	2019-02-16 00:00:00	2020-01-17 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (IP=81,UK) | updated by RR with reason OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=30,GB)
178.79.161.166	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	GB TO-S-2019-1036 Malicious Email Activity
178.79.166.205	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	PROTOCOL-DNS DNS query amplification attempT - SourceFire (IP=205,GB)
178.79.190.7	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=7,GB)
178.79.7.4	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=4,RS)
178.86.139.132	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=132,SA)
178.87.175.161	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=161,SA)
178.87.2.241	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=241,SA)
178.87.225.113	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=113,SA)
178.87.252.79	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=79,SA)
178.87.33.189	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=189,SA)
178.89.177.83	24	RR	None	2020-02-04 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=83,KZ) | updated by RR Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=83,KZ) | not blocked be
178.91.65.32	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=32,KZ)
178.91.78.253	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=253,KZ) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
178.91.81.109	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=109,KZ)
178.91.82.246	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=246,KZ)
179.100.0.0	14	jky	None	2018-03-02 06:00:00	2020-04-19 00:00:00	None	BR TO-S-2018-0524 Malware activity | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=133,BR)
179.102.160.95	24	MLJ	None	2017-06-20 05:00:00	2020-01-31 00:00:00	None	ET SCAN Potential SSH Scan (IP=95,BR) | updated by GM with reason Failed password - Failed Logons (IP=41,BR)
179.102.201.187	24	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	Illegal user - Failed Logons (IP=187,BR)
179.102.210.74	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=74,BR)
179.103.162.31	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=31,BR)
179.106.191.8	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=8,BR)
179.107.230.229	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=229,BR)
179.108.126.114	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	Illegal User - 6hr Logons (IP=114,BR)
179.108.253.9	32	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C01908 (IP=9,US)
179.108.254.98	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=98,BR)
179.109.85.39	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=39,BR)
179.112.0.0	14	dcg	None	2018-08-07 05:00:00	2020-01-17 00:00:00	None	BR TO-S-2018-1009 associated with malicious web application and malware activity | updated by RB with reason Illegal user_6 hr Failed Logons (IP=2,BR) | 2020-01-17 | 2019-08-07
179.112.164.177	24	RB	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=177 BR) | 2020-01-17 | 2020-04-14
179.112.183.139	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Authentication Failed - Failed Logons (IP=139,BR)
179.112.244.91	24	CR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6 hr Failed (IP=91,BR)
179.112.33.183	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=183,BR)
179.113.63.219	24	RB	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_Sourcefire (IP=219,BR)
179.117.181.78	24	RWB	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	Authentication Failed - Failed Logon (IP=78 ,BR)
179.117.235.70	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - 6hr Logon (IP=70,BR)
179.117.237.108	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=108,BR)
179.117.255.52	24	RB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=52,BR)
179.119.129.141	24	BP	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	Authentication failed - 6hr Failed Logon (IP=141,BR)
179.119.130.140	24	MLJ	None	2017-10-13 05:00:00	2020-02-23 00:00:00	None	ET SCAN Potential SSH Scan (IP=140,BR) | updated by BP with reason Illegal user - Failed Logons (IP=1,BR)
179.119.173.66	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=66,BR)
179.119.195.19	24	RR	None	2018-02-26 06:00:00	2020-02-01 00:00:00	None	Authentication Failed (IP=19 BR) | updated by RB with reason Authentication Failed (IP=168,BR) | 2020-02-01 | 2018-05-27
179.119.206.74	24	MLJ	None	2017-06-21 05:00:00	2020-01-21 00:00:00	None	ET SCAN Potential SSH Scan (IP=74,BR) | updated by Authentication with reason Failed - Failed Logons (IP=180,BR)
179.119.221.37	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=37,BR)
179.119.248.189	24	MLJ	None	2017-10-13 05:00:00	2020-02-26 00:00:00	None	ET SCAN Potential SSH Scan (IP=189,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=240,BR) | 2020-02-26 | 2018-01-13
179.12.0.0	14	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	CO TO-S-2019-1036 Malicious Email Activity
179.124.212.0	22	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	BR TO-S-2019-0972 Malicious Web Application Activity
179.124.34.8	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=8,BR)
179.124.36.195	24	GM	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	Illegal user - Failed Logons (IP=195,BR)
179.124.47.74	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=74,BR)
179.126.140.241	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=241,BR)
179.127.80.205	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=205,BR)
179.129.139.202	24	CW	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	Authentication Failed_Failed Logon (IP=2,BR)
179.129.149.250	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=250,BR)
179.129.187.46	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=46,BR)
179.129.210.225	24	RB	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=225 BR)
179.129.55.139	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=139,BR)
179.129.77.241	24	GM	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=241,BR)
179.129.91.197	24	CR	None	2019-12-27 00:00:00	2020-03-27 00:00:00	None	Authentication Failed - 6 hr Failed logon (IP=197,BR)
179.129.95.42	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	Authentication Failed (IP=42,BR)
179.132.217.158	24	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Authentication Failed - 6hr Logon (IP=158,BR)
179.132.217.158	24	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Authentication Failed - 6hr Logon (IP=158,BR)
179.132.217.158	24	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Authentication Failed - 6hr Logon (IP=158,BR)
179.133.46.54	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=54,BR)
179.144.186.66	24	GM	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Illegal user - Failed Logons (IP=66,BR)
179.145.209.133	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	Authentication Failed - 6hr
179.145.209.133	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=133,BR)
179.145.209.133	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=133,BR)
179.147.112.176	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=176,BR)
179.149.201.37	24	RW	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=37,BR)
179.149.201.37	24	RW	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=37,BR)
179.150.172.126	24	GM	None	2019-11-13 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logons (IP=126,BR)
179.151.179.223	24	RW	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=10,HK)
179.157.56.61	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=61,BR)
179.158.0.0	16	dcg	None	2018-07-09 05:00:00	2020-01-03 00:00:00	None	BR TO-S-2018-0914 associated with malicious web application activity | updated by RB with reason SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=157,BR) | 2020-01-03 | 2019-07-09
179.159.32.229	24	BMP	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - 6hr Web Attacks (IP=229,BR)
179.160.223.72	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Authentication Failed (IP=72,BR)
179.163.241.57	24	GM	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	Authentication Failed - Failed Logons (IP=57,BR)
179.165.96.217	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	Authentication Failed - Web Attacks (IP=217,BR)
179.166.37.142	24	RR	None	2018-05-12 05:00:00	2020-02-23 00:00:00	None	Authentication Failed (IP=142,BR) | updated by BP with reason Authentication Failed - Failed Logons (IP=79,BR)
179.166.55.13	24	MLJ	None	2017-10-16 05:00:00	2020-02-01 00:00:00	None	ET SCAN Potential SSH Scan (IP=13,BR) | updated by KF with reason Authentication Failed_6 Hr Failed Logons (IP=175,BR)
179.166.61.68	24	RB	None	2018-05-20 05:00:00	2020-03-16 00:00:00	None	ET SCAN Potential SSH Scan (IP=68,BR) | updated by GM with reason Illegal user - Failed Logons (IP=179,BR)
179.167.232.45	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=45,BR)
179.172.183.212	24	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=212,BR)
179.172.194.12	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=12,BR)
179.173.220.111	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Authentication Failed - sourcefire (IP=111,BR)
179.178.161.149	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Invalid user - Failed Logon (IP=149,BR)
179.184.0.0	14	dbc	None	2018-09-18 05:00:00	2020-02-02 00:00:00	None	BR TO-S-2018-1145 Malicious Reconnaissance Activity | updated by dcg with reason BR TO-S-2018-1186 associated with malicious w | updated by KF with reason HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=202,BR) | updated by KF with reason H
179.184.217.83	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=83,BR)
179.185.104.250	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=250,BR)
179.185.255.171	24	FT	None	2020-09-11 00:00:00	2020-12-11 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:1) - SourceFire (IP=171,BR)
179.185.89.94	24	RB	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	Illegal user_6 hr Failed Logons (IP=94,BR)
179.187.154.60	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=60,BR)
179.188.0.0	16	dbc	None	2018-12-26 06:00:00	2020-02-21 00:00:00	None	BR TO-S-2019-0263 Malware Activity | updated by dbc with reason BR TO-S-2019-0430 Malicious Email Activity
179.188.7.135	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=135,BR)
179.188.7.140	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=140,BR)
179.190.0.0	18	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	BR TO-S-2019-0626.01 Malicious Email Activity
179.191.125.22	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=22,BR)
179.191.64.0	18	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	BR TO-S-2020-0088 Malware Activity
179.204.203.125	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=125,BR)
179.208.133.103	24	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Illegal user - Failed Logons (IP=103,BR)
179.210.241.101	24	KF	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=101,BR)
179.214.120.7	24	BMP	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	SERVER-WEBAPP Zyxel NAS devicescommand injection attempt - Web Attacks (IP=7,BR)
179.224.226.89	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logon (IP=89,BR)
179.226.246.229	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Failed password - Failed Logons (IP=229,BR)
179.227.123.91	24	RB	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=91,BR)
179.227.124.101	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=101,BR)
179.227.69.32	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=32,BR)
179.227.86.200	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=200,BR)
179.228.203.247	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=247,BR)
179.229.141.5	24	BMP	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Authentication Failed - 6hr Logon (IP=5,BR)
179.229.151.197	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=197,BR)
179.229.151.197	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=197,BR)
179.229.208.166	24	MLJ	None	2018-02-26 06:00:00	2020-01-06 00:00:00	None	ET SCAN Potential SSH Scan (IP=166,BR) | updated by RR with reason Authentication Failed - Failed Logons (IP=31,BR)
179.229.221.233	24	MLJ	None	2017-08-07 05:00:00	2020-02-15 00:00:00	None	ET SCAN Potential SSH Scan (IP=233,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=235,BR) | 2020-02-15 | 2017-11-07
179.229.222.245	24	MLJ	None	2017-08-08 05:00:00	2020-02-01 00:00:00	None	ET SCAN Potential SSH Scan (IP=245,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=210,BR) | 2020-02-01 | 2017-11-08
179.229.239.6	24	CR	None	2019-12-27 00:00:00	2020-03-27 00:00:00	None	Authentication Failed - 6 hr Failed logon (IP=6,BR)
179.229.243.246	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	Authentication Failed_Failed Logon (IP=46,BR)
179.229.254.31	24	RR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	Authentication Failed - Failed Logons (IP=31,BR)
179.229.30.86	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=86,BR)
179.230.26.41	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Authentication Failed - 6hr Logons (IP=41,BR)
179.230.38.64	24	BP	None	2019-11-20 00:00:00	2020-02-20 00:00:00	None	Authentication Failed (IP=64,BR)
179.230.57.75	24	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	Authentication Failed-6 hr Failed Logons (IP=75,BR)
179.232.1.254	24	GLM	None	2018-12-20 06:00:00	2020-01-20 00:00:00	None	Authentication Failed (IP=254,BR) | updated by RB with reason Illegal user_6 hr Failed Logons (IP=252,BR) | 2020-01-20 | 2019-03-20
179.233.112.101	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=101,BR)
179.234.165.42	24	RR	None	2019-10-18 00:00:00	2020-01-16 00:00:00	None	Authentication Failed - Failed Logons (IP=42,BR)
179.24.112.134	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=134,UY)
179.24.36.195	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=195,UY)
179.240.120.143	24	RB	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=143,BR)
179.240.227.220	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=220,BR)
179.241.131.222	24	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - Failed Logons (IP=222,BR)
179.241.142.23	24	MLJ	None	2017-10-18 05:00:00	2020-02-26 00:00:00	None	ET SCAN Potential SSH Scan (IP=23,BR) | updated by RR with reason INDICATOR-SCAN SSH brute force login attempt (1:19559:12) - SourceFire (IP=249,BR)
179.241.188.169	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logons (IP=169,BR)
179.241.199.5	24	KF	None	2019-03-06 00:00:00	2020-01-19 00:00:00	None	Authentication Failed (IP=5,BR) | updated by RR with reason Authentication Failed - Failed Logons (IP=2,BR)
179.241.201.56	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=56,BR)
179.241.212.50	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	Authentication Failed_Failed Logon (IP=50,BR)
179.241.216.46	24	GM	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	Authentication Failed - Failed Logons (IP=46,BR)
179.241.225.110	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=110,BR)
179.241.227.33	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - Failed Logons (IP=33,BR)
179.241.239.49	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=49,BR)
179.241.243.60	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=60,BR)
179.241.255.46	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Authentication Failed - 6 hr Failed (IP=46,BR)
179.241.78.67	24	CR	None	2019-12-24 00:00:00	2020-03-25 00:00:00	None	Authentication Failed - 6 hr Failed logon (IP=67,BR) | updated by CR Block expiration extended with reason Authentication Failed - 6 hr Failed logon (IP=67,BR)
179.241.9.7	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	Authentication Failed - Failed Logon (IP=7,BR)
179.242.167.206	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Authentication Failed (IP=206,BR)
179.242.183.231	24	RR	None	2020-01-21 00:00:00	2020-04-21 00:00:00	None	Authentication Failed - Failed Logons (IP=231,BR) | updated by RWB with reason Misc Activity - INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=,BR)
179.242.184.188	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - Failed Logons (IP=188,BR)
179.242.190.80	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=80,BR)
179.242.24.52	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=52,BR)
179.242.248.220	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	Authentication Failed (IP=220,BR)
179.242.37.120	24	RW	None	2019-12-17 00:00:00	2020-03-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=120,BR)
179.242.40.103	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - Failed Logon (IP=103,BR)
179.242.57.15	24	KF	None	2019-05-09 00:00:00	2020-03-29 00:00:00	None	Authentication Failed_6 Hour Failed Logon (IP=15,BR) | updated by KF with reason Authentication Failed (IP=41,BR)
179.242.9.103	24	20200120	None	None	2020-01-20 00:00:00	None	Authentication Failed - Fail Logins (IP=103,BR) | updated by RWB Block was inactive. Reactivated on 20191022 with reason Authentication Failed - Fail Logins (IP=103,BR)
179.243.150.150	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed (IP=50,BR)
179.243.156.236	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Authentication Failed - Failed Logons (IP=236,BR)
179.25.70.105	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=105,UY)
179.255.79.98	24	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=98,BR)
179.27.165.114	24	RB	None	2018-12-12 06:00:00	2020-03-22 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=114,UY) | updated by BMP Block was inactive. Reactivated on 20191223 with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=114,UY)
179.32.0.0	15	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	CO TO-S-2019-1036 Malicious Email Activity
179.43.139.150	24	RR	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=150,CE)
179.43.143.158	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=158,CH)
179.43.147.205	24	MLJ	None	2016-12-27 06:00:00	2020-03-11 00:00:00	None	ET EXPLOIT Possible Cisco IKEv1 Information Disclosure Vulnerability CVE 2016-6415 (IP=205,CN) | updated by jky with reason C
179.43.149.25	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=25,CH)
179.43.160.235	24	RB	None	2020-07-20 00:00:00	2020-10-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr failed logon (IP=235,CH)
179.43.167.228	24	RR	None	2020-07-14 00:00:00	2020-10-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=228,CH)
179.43.188.29	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	CH TO-S-2019-0409 Malicious Email Activity
179.43.98.98	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=98,PE)
179.49.60.210	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=210,EC) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=210,EC)
179.50.149.240	24	KF	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	Authentication Failed (IP=240,CR)
179.51.239.19	24	DT	None	2020-06-15 00:00:00	2020-09-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=19,AR)
179.52.45.29	24	CR	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	Authentication Failed - 6 hr Failed Logons (IP=29,DO)
179.52.48.149	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=149,DO)
179.52.56.210	24	RR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - Failed Logons (IP=210,DO)
179.52.65.152	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=152,DO)
179.52.65.152	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=152,DO)
179.52.99.136	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=136,DO)
179.52.99.136	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=136,DO)
179.53.53.174	24	KF	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=174,DO)
179.53.53.174	24	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=174,DO)
179.56.34.26	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=26,CL)
179.56.35.233	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=233,CL)
179.6.201.199	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Authentication Failed - Failed Logons (IP=199,PE)
179.6.39.40	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Hive case 2093 (IP=40,PE)
179.60.198.26	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=26,AR)
179.60.198.26	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=26,AR)
179.60.198.26	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=26,AR)
179.61.137.35	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0781 Malicious Email Activity
179.61.192.104	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	QA TO-S-2019-0420 Malicious Email Activity
179.61.192.216	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	QA TO-S-2019-0400 Malicious Email Activity
179.62.0.0	16	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AR TO-S-2019-1036 Malicious Email Activity
179.84.133.251	24	KF	None	2019-12-11 00:00:00	2020-03-10 00:00:00	None	Authentication Failed (IP=251,BR)
179.85.127.172	24	GM	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	Authentication Failed - Failed Logons (IP=172,BR)
179.85.129.94	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - Failed Logons (IP=94,BR)
179.85.147.242	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=242,BR)
179.85.154.156	24	KF	None	2018-11-11 06:00:00	2020-04-14 00:00:00	None	Authentication Failed (IP=156,BR) | updated by RR with reason Authentication Failed - Failed Logons (IP=237,BR)
179.85.154.172	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Authentication Failed (IP=172,BR)
179.85.165.59	24	MLJ	None	2017-08-07 05:00:00	2020-01-09 00:00:00	None	ET SCAN Potential SSH Scan (IP=59,BR) | updated by RR with reason INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=182,BR)
179.85.51.186	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=186 BR)
179.85.59.164	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=164,BR)
179.85.6.88	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	Authentication Failed - Failed Logons (IP=88,BR)
179.86.115.100	24	CR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	Authentication Failed - 6hr failed logon (IP=100,BR)
179.89.23.173	24	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - Failed Logons (IP=173,BR)
179.90.153.44	24	RB	None	2017-12-31 06:00:00	2020-02-06 00:00:00	None	ET SCAN Potential SSH Scan (IP=44,BR) | updated by RR with reason INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=232,BR)
179.90.62.110	24	MLJ	None	2017-10-16 05:00:00	2020-04-20 00:00:00	None	ET SCAN Potential SSH Scan (IP=110,BR) | updated by CR with reason Authentication Failed - 6 hr Failed Logon (IP=151,BR)
179.90.91.146	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Authentication Failed - Failed Logon (IP=146,BR)
179.91.112.208	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=208,BR)
179.91.112.208	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=208,BR)
179.92.111.55	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - Failed Logons (IP=55,BR)
179.92.15.103	24	MLJ	None	2018-04-02 05:00:00	2020-01-16 00:00:00	None	ET SCAN Potential SSH Scan (IP=103,BR) | updated by CR with reason Authentication Failed_6 hr failed logon (IP=34,BR)
179.93.42.124	24	RB	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Failed password_6 hr Failed Logons (IP=124,BR)
179.97.2.5	24	KF	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C01918 (IP=5,BR)
179.97.31.54	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Generic ArcSight scan attempt (IP=54,BR)
179.98.0.0	15	dcg	None	2018-07-06 05:00:00	2020-04-16 00:00:00	None	BR TO-S-2018-0911 associated with Malware Activity | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=140,BR)
18.10.25.13	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0382 Malicious Email Activity
18.130.125.74	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	UK TO-S-2019-0734.01 Malicious Email Activity
18.130.187.1	32	KF	None	2020-05-04 00:00:00	2020-08-02 00:00:00	None	SQL injection - Web Attacks (IP=1,US)
18.136.103.27	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	SG TO-S-2019-0468 Malicious Email Activity
18.136.122.167	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	SG TO-S-2019-0769 Malicious Email Activity
18.136.59.11	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	SG TO-S-2020-0190 Malware Activity
18.138.55.184	32	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C02955 (IP=184,SG)
18.144.163.38	32	BMP	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - TT# 20C01785 (IP=38,US)
18.144.169.131	32	RR	None	2020-09-12 00:00:00	2020-12-12 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and CVE-2017-12617) - TT# 20C03888 (IP=131,US)
18.159.103.31	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=31,US)
18.184.134.120	24	DT	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt - Web Attacks (IP=120,DE)
18.188.93.108	32	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Illegal user - 6hr Logons (IP=108,US)
18.189.133.198	32	RW	None	2020-05-15 00:00:00	2020-08-13 00:00:00	None	TCP: SYN Host Sweep - ABC report (IP=198,US)
18.191.122.8	32	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Illegal user_Failed Logon (IP=8,US)
18.191.136.189	32	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=89,US)
18.191.160.79	32	ABC	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	Generic ArcSight scan attempt (IP=79,US)
18.197.102.138	24	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6 Hr Web Attacks (IP=138,DE)
18.197.204.193	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=193,US)
18.204.221.235	32	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=235,US)
18.204.83.102	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=102,US)
18.205.160.204	32	DT	None	2020-05-16 00:00:00	2020-08-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=204,US)
18.206.172.216	32	BMP	None	2020-07-07 00:00:00	2020-10-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=216,US)
18.206.195.158	32	RW	None	2020-03-10 00:00:00	2020-04-10 00:00:00	None	Known Attack Tool User Agent/UDS-WhatWeb_RC8766 - TT# 20C02112 (IP=158,US)
18.207.115.50	32	RW	None	2020-07-24 00:00:00	2020-10-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=50,US)
18.207.143.170	32	BMP	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=170,US)
18.207.193.34	32	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C00480 (IP=34,US)
18.208.130.165	32	CR	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=165,US)
18.209.100.51	32	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=51,US)
18.209.57.211	32	DT	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - Sourcefire (IP=211,US)
18.212.145.214	32	CR	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=214,US)
18.212.146.50	32	RW	None	2020-04-29 00:00:00	2020-07-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=50,US)
18.212.150.133	32	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=133,US)
18.212.150.31	32	CR	None	2020-06-15 00:00:00	2020-09-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=31,US)
18.212.152.191	24	RW	None	2020-09-01 00:00:00	2020-12-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=191,US)
18.212.182.194	32	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=194,US)
18.212.201.184	32	DT	None	2020-09-05 00:00:00	2020-12-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=184,US)
18.212.22.208	32	RB	None	2020-03-10 00:00:00	2020-04-10 00:00:00	None	Known Attack Tool User Agent/UDS-WhatWeb_RC8766 - TT# 20C02116 (IP=208,US)
18.212.233.140	32	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=140,US)
18.212.243.100	32	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=100,US)
18.212.39.22	32	RW	None	2020-04-24 00:00:00	2020-07-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=22,US)
18.212.93.133	32	RW	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=133,US)
18.213.238.136	32	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Illegal User_Failed Logon (IP=36,US)
18.213.72.59	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
18.215.164.23	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=23,US)
18.215.170.97	32	FT	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=97,US)
18.218.137.210	32	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=210,US)
18.218.60.204	24	KF	None	2020-06-29 00:00:00	2020-09-27 00:00:00	None	Known Attack Tool User Agent V2/UDS-WhatWeb_RC8766 - TT# 20C03311 (IP=204,WA)
18.219.224.25	32	BMP	None	2020-06-08 00:00:00	2020-09-06 00:00:00	None	Malware Object - Hive Case 2969 (IP=25,US)
18.221.45.58	32	DT	None	2020-09-17 00:00:00	2020-12-17 00:00:00	None	HTTP: SQL Injection - Exploit II - Sourcefire (IP=58,US)
18.224.123.208	32	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=208,US)
18.224.55.196	32	KF	None	2020-03-07 00:00:00	2020-06-05 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=196,US)
18.229.0.0	16	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	BR TO-S-2019-0640.01 Malware Activity
18.231.110.243	24	RR	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=243,BR)
18.232.107.105	32	DT	None	2020-09-09 00:00:00	2020-12-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Web Attacks (IP=105,US)
18.232.89.240	32	DT	None	2020-06-23 00:00:00	2020-09-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=240,US)
18.232.94.191	32	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - Sourcefire (IP=191,US)
18.234.138.234	32	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=234,US)
18.234.146.109	32	DT	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=109,US)
18.234.157.62	32	BMP	None	2020-06-14 00:00:00	2020-09-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=32,US)
18.234.165.133	32	RB	None	2020-05-04 00:00:00	2020-06-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02614 (IP=133,US)
18.234.221.115	32	RW	None	2020-05-13 00:00:00	2020-08-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=115,US)
18.234.24.175	32	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=175,US)
18.234.51.133	32	BMP	None	2020-03-17 00:00:00	2020-06-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=133,US)
18.234.52.152	32	BMP	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=152,US)
18.234.65.237	32	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=237,US)
18.234.66.34	32	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=34,US)
18.234.70.59	32	RW	None	2020-09-14 00:00:00	2020-12-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=59,US)
18.234.94.53	32	CR	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=53,US)
18.234.97.164	32	GM	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	Known Attack Tool User Agent - TT# 20C01632 (IP=164,US)
180.100.214.238	24	RR	None	2020-07-29 00:00:00	2020-10-27 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=238,CN)
180.101.125.162	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=162,CN)
180.101.149.149	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=149,CN)
180.101.227.1	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Invalid user - Failed Logons (IP=1,CN)
180.104.161.128	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=128,CN)
180.104.162.52	24	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=52,CN)
180.104.170.171	24	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=171,CN)
180.104.201.104	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=104,CN)
180.104.202.248	24	BMP	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=248,CN)
180.104.209.14	24	RW	None	2019-12-19 00:00:00	2020-03-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=14,CN)
180.104.210.78	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=78,CN)
180.104.47.62	24	RB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=62,CN)
180.104.5.177	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=177,CN)
180.104.6.65	24	CW	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Web attacks (IP=65,CN)
180.104.79.215	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=215,CN)
180.105.216.221	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=21,CN)
180.105.58.183	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=183,CN)
180.106.81.168	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Failed password - Failed Logons (IP=168,CN)
180.108.201.218	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	APP-DETECT failed FTP login attempt_6 Hr Failed Logons (IP=218 CN)
180.111.40.255	24	GM	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=255,CN)
180.112.120.107	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	APP-DETECT failed FTP login attempt_6 Hr Failed Logons (IP=107,CN)
180.112.2.225	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Web attacks (IP=25,CN)
180.113.14.134	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt_Sourcefire (IP=134 CN)
180.115.198.70	24	FT	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=70,DE)
180.115.28.219	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=219,CN)
180.115.33.53	24	RB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=53,CN)
180.115.34.166	24	RR	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=166,CN)
180.115.35.82	24	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=82,CN)
180.116.19.77	24	CR	None	2020-01-06 00:00:00	2020-04-06 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=77,CN)
180.116.198.150	24	CR	None	2019-12-27 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=150,CN)
180.116.199.128	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=128,CN)
180.116.46.205	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=205,CN)
180.116.86.138	24	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=138,CN)
180.117.116.233	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=233,CN)
180.123.108.85	24	RR	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=85,CN)
180.123.121.21	24	RWB	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=21,CN)
180.123.122.145	24	GM	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=145,CN)
180.123.208.169	24	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=169,CN)
180.123.241.137	24	RR	None	2019-10-18 00:00:00	2020-01-16 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=137,CN)
180.123.32.132	24	RR	None	2019-12-20 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=132,CN) | updated by RWB Block expiration extended with reason Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection a
180.123.33.222	24	RB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=222,CN)
180.123.34.189	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=189,CN)
180.123.35.128	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=128,CN)
180.123.5.127	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Web attacks (IP=27,CN)
180.124.105.120	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=120,CN)
180.124.106.150	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=150,CN)
180.124.111.99	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=99,CN)
180.124.197.7	24	RWB	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=7,CN)
180.124.236.6	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=6,CN)
180.124.245.245	24	CW	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt _SourceFire (IP=45,CN)
180.124.246.233	24	RWB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=233,CN)
180.124.51.115	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=115,CN)
180.124.73.151	24	RWB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=151,CN)
180.124.86.250	24	RB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=250,CN)
180.125.116.163	24	SYM	None	2016-06-23 05:00:00	2020-04-13 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (ip=163,CN) | updated by CW with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=47,CN)
180.125.248.162	24	RB	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_6 hr web attacks (IP=162 CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (
180.125.252.205	24	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=205,CN)
180.125.253.115	24	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=115,CN)
180.125.254.238	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	SERVER-WEBAPP GPON Routerauthentication bypass and command injection attempt (IP=238,CN)
180.125.255.71	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=71,CN)
180.125.83.13	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=13,CN)
180.125.87.172	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=72,CN)
180.126.161.27	32	dbc	None	2020-06-30 00:00:00	2020-09-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=27,CN)
180.126.240.235	32	RW	None	2020-06-05 00:00:00	2020-07-05 00:00:00	None	Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03072 (IP=235,CN)
180.126.240.235	24	RW	None	2020-06-05 00:00:00	2020-09-05 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=235,CN)
180.126.241.62	32	RW	None	2020-06-12 00:00:00	2020-07-12 00:00:00	None	Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03150 (IP=62,CN)
180.126.242.123	32	RW	None	2020-06-16 00:00:00	2020-07-16 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03191 (IP=123,CN)
180.126.242.76	24	BMP	None	2020-07-23 00:00:00	2020-10-23 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=376,US)
180.126.244.189	32	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C02956 (IP=189,CN)
180.126.245.188	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02964 (IP=188,CN)
180.126.245.199	32	BMP	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C02930 (IP=199,CN)
180.126.245.208	24	RW	None	2020-06-05 00:00:00	2020-09-05 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=208,CN)
180.126.247.138	24	DT	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) - SourceFire - (IP=138,CN)
180.126.247.140	32	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02952 (IP=140,CN)
180.126.247.233	32	CR	None	2020-05-26 00:00:00	2020-08-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02915 (IP=233,CN)
180.126.63.131	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=131,CN)
180.127.152.42	24	CR	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Exploit.IoT.HNAP - Hive Case 2290 (IP=42,CN)
180.129.65.40	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=40,SG)
180.130.155.73	24	RR	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=73,CN)
180.131.189.165	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=165,HK)
180.140.243.244	24	CR	None	2019-12-21 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=244,CN)
180.148.181.14	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	KR TO-S-2019-0938 Malicious Email Activity
180.150.189.206	24	GM	None	2019-11-12 00:00:00	2020-02-12 00:00:00	None	Failed Password - Failed Logons (IP=206,CN)
180.150.230.254	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=254,KR)
180.151.239.218	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=218,IN)
180.151.247.117	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=117,IN)
180.151.75.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
180.154.47.91	24	GM	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	ABC Generic ArcSight scan attempt (IP=91,CN)
180.155.23.35	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=35,CN)
180.156.40.119	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=119,CN)
180.157.252.206	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=206,CN)
180.163.194.219	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	INDICATOR-COMPROMISE Suspicious .top dns query (IP=219,CN)
180.163.225.18	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=18,CN)
180.165.219.156	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
180.165.236.225	24	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=225,CN)
180.165.81.218	24	CR	None	2020-06-16 00:00:00	2020-09-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - SourceFire (IP=218,CN)
180.167.134.194	24	GM	None	2019-11-18 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=194,CN)
180.168.137.197	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=197,CN)
180.168.141.246	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=246,CN)
180.168.156.212	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Failed password - Failed Logon (IP=,FR)
180.168.160.246	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Generic ArcSight scan attempt (IP=246,CN)
180.168.17.169	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=169,CN)
180.168.53.62	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=62,CN)
180.168.55.11	24	BP	None	2019-11-20 00:00:00	2020-02-20 00:00:00	None	Authentication Failed (IP=11,CN)
180.168.76.210	24	dlb	None	2016-05-11 05:00:00	2020-03-07 00:00:00	None	ET SCAN Potential SSH Scan (IP=210, CN) | updated by RR with reason ET SCAN LibSSH Based Frequent SSH Connections Likely Brute | updated by GM with reason Invalid user - Failed Logons (IP=222,CN)
180.169.136.138	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=138,CN)
180.169.174.186	24	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	TCP: SYN Host Sweep (IP=186,CN)
180.169.31.134	24	RR	None	2019-10-18 00:00:00	2020-01-16 00:00:00	None	Command Injection Attempt (IP=134,CN)
180.175.73.36	24	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=36,CN)
180.176.0.0	15	dcg	None	2018-10-02 05:00:00	2020-02-24 00:00:00	None	TW TO-S-2018-1197 Indicator associated with malicious reconnaissance activity | updated by RR with reason SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=237,TW)
180.176.104.237	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - 6hr web attacks (IP=237,TW)
180.177.104.161	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt_SourceFire (IP=61,TW)
180.177.180.6	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=6,TW)
180.178.55.10	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password - Failed Logon (IP=10,HK)
180.179.20.251	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
180.180.122.11	24	GLM	None	2018-08-25 05:00:00	2020-01-14 00:00:00	None	APP-DETECT failed FTP login attempt (IP=11,TH) | updated by CR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attack (IP=12,TH)
180.180.146.9	24	RW	None	2020-09-02 00:00:00	2020-12-02 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=9,TH)
180.180.170.202	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=202,TH)
180.180.216.177	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
180.180.243.133	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0212.01 Malicious Web Application Activity
180.180.243.133	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity
180.180.243.223	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0212.01 Malicious Web Application Activity
180.180.243.223	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity
180.180.35.197	24	GM	None	2019-11-18 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=197,TH)
180.188.197.213	24	RR	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=213,HK)
180.189.206.15	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0212.01 Malicious Web Application Activity
180.189.206.15	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity
180.190.48.69	24	BMP	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	Authentication Failed - 6hr Logon (IP=69,PH)
180.211.158.26	24	KF	None	2018-10-31 05:00:00	2020-12-02 00:00:00	None	SERVER-WEBAPP Avtech IP Camera search.cgi command injection attempt (IP=26,BD) | updated by RW Block was inactive. Reactivated on 20200902 with reason SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=26,BD)
180.211.95.213	24	CR	None	2018-12-14 06:00:00	2020-01-04 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=213,ID) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=216 ID) | 2020-01-04 | 2019-03-14
180.215.168.130	32	RW	None	2020-02-26 00:00:00	2020-03-26 00:00:00	None	TO-S-2020-0113 / DVR NVMS-900 - TT# 20C01831 (IP=130,HK)
180.215.192.7	24	BMP	None	2020-06-14 00:00:00	2020-09-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=7,IN)
180.215.199.40	24	KF	None	2019-11-02 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=40,IN) | updated by KF Block expiration extended with reason Command Injection Attempt (IP=40,XX)
180.215.203.21	24	DT	None	2020-05-04 00:00:00	2020-08-04 00:00:00	None	HTTP: php.cgi Buffer Overflow - Web Attacks (IP=21,HK)
180.215.207.169	24	RW	None	2020-04-24 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=169,SG)
180.215.208.135	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Generic ArcSight scan attempt (IP=135,XX)
180.215.209.136	24	RW	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=136,HK)
180.215.219.25	24	RW	None	2020-05-31 00:00:00	2020-09-03 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=25,HK) | updated by RW Block expiration extended with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=25,HK)
180.215.224.208	24	RW	None	2020-04-29 00:00:00	2020-07-29 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=208,HK)
180.215.8.135	24	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=135,HK)
180.218.4.81	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=81,TW)
180.22.138.2	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	JP TO-S-2019-0613 Malware Activity
180.222.136.0	21	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	AF TO-S-2019-0617 Malware Activity
180.222.185.101	24	RW	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - Sourcefire (IP=146,IN)
180.232.7.14	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt - Web Attacks (IP=14,PH)
180.232.9.55	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Illegal user_6 hr Failed Logons_CPC (IP=55 PH) | not blocked because covered under a DUPLICATE SUBNET
180.232.96.162	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=162,PH)
180.235.148.78	24	GM	None	2019-03-25 00:00:00	2020-04-08 00:00:00	None	SQL use of sleep function with and - likely SQL Injection (IP=78,ID) | updated by dbc with reason ID TO-S-2019-0577 Malicious
180.235.241.243	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
180.241.34.90	24	RR	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=90,ID)
180.241.45.137	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=137,ID)
180.241.73.251	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Generic ArcSight scan attempt (IP=251,ID)
180.242.181.53	24	CR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6 hr failed logon (IP=53,ID)
180.242.50.254	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=255,ID)
180.242.93.10	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=10,ID)
180.243.135.182	24	RB	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=182,ID)
180.243.4.133	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	Authentication Failed_Failed Logon (IP=33,ID)
180.244.150.82	24	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - Failed Logons (IP=82,ID)
180.249.180.207	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Generic ArcSight scan attempt (IP=207,ID)
180.250.0.0	16	dcg	None	2018-07-06 05:00:00	2020-02-04 00:00:00	None	ID TO-S-2018-0911 associated with Malware Activity | updated by dcg with reason ID TO-S-2018-0914 associated with malicious w | updated by RW with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 19C03240(IP=66,US) | updat
180.250.140.74	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP=74,ID)
180.250.162.9	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=9,ID)
180.250.19.96	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=96,ID)
180.251.144.120	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=120,ID)
180.252.224.0	20	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,ID)
180.253.210.112	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=112,ID)
180.253.31.123	24	RR	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=123,ID)
180.28.104.242	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (IP=242,JP)
180.28.161.185	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0212.01 Malicious Web Application Activity
180.28.161.185	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity
180.28.161.57	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0212.01 Malicious Web Application Activity
180.28.161.57	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity
180.28.163.156	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0212.01 Malicious Web Application Activity
180.28.163.156	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity
180.38.188.106	24	FT	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=106,JP)
180.49.9.53	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Web Application Activity
180.64.71.114	24	RR	None	2019-01-28 00:00:00	2020-01-16 00:00:00	None	Illegal user (IP=114,KR) | updated by CR with reason Illegal user_6 hr failed logon (IP=114,KR)
180.66.151.10	24	RR	None	2020-01-03 00:00:00	2020-04-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=10,KR)
180.66.207.67	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=67,KR)
180.68.177.209	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=209,KR)
180.71.47.198	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Failed password for invalid user -Failed Logons (IP=198,KR)
180.76.100.178	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user - Failed Logon (IP=178,CN)
180.76.102.204	24	MLJ	None	2018-02-14 06:00:00	2020-02-01 00:00:00	None	ET SCAN Potential SSH Scan (IP=204,CN) | updated by RR with reason Failed password for invalid user (IP=110,CN) 2018-05-14 20 | updated by KF with reason Failed password_6 Hr Failed Logons (IP=136,CN)
180.76.103.133	24	BMP	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=133,CN)
180.76.105.1	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=1,CN)
180.76.105.165	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=165,CN)
180.76.107.221	24	BMP	None	2020-06-01 00:00:00	2020-09-01 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6hr Web Attacks (IP=221,US)
180.76.110.70	24	CR	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	Failed password - 6 hr Failed Logons (IP=70,DO)
180.76.111.3	24	DT	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=3,CN)
180.76.114.151	24	KF	None	2019-01-06 06:00:00	2020-03-05 00:00:00	None	Illegal user (IP=151,CN) | updated by GM with reason Failed password - Failed Logons (IP=207,CN)
180.76.119.77	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Invalid user - 6hr Logon (IP=77,CN)
180.76.120.246	24	RW	None	2020-05-15 00:00:00	2020-08-13 00:00:00	None	TCP: SYN Host Sweep - ABC report (IP=246,CN)
180.76.134.207	24	RB	None	2018-05-06 05:00:00	2020-02-23 00:00:00	None	ET SCAN Potential SSH Scan (IP=207, | updated by BP with reason Failed password - Failed Logons (IP=238,CN)
180.76.141.184	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password - Failed Logon (IP=184,CN)
180.76.142.49	24	YM	None	2018-06-19 05:00:00	2020-02-08 00:00:00	None	Illegal user (IP=49,CN) | updated by RB with reason Failed password for invalid user_6 hr Failed Logons (IP=91,CN) | 2020-02-08 | 2018-08-19
180.76.145.197	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=197,CN)
180.76.146.109	32	RR	None	2020-06-03 00:00:00	2020-09-02 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03045 (IP=109,CN)
180.76.148.8	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=8,CN)
180.76.151.94	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=94,CN)
180.76.153.74	24	RW	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=74,CN)
180.76.155.216	32	FT	None	2020-09-14 00:00:00	2020-12-13 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03894 (IP=216,CN)
180.76.162.231	24	RR	None	2017-11-10 06:00:00	2020-02-26 00:00:00	None	Illegal user (IP=231,CN) | updated by RR with reason Illegal user (IP=111,CN) | updated by RR with reason Invalid user - Failed Logons (IP=3,CN)
180.76.164.12	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Invalid user - Failed Logons (IP=12,CN)
180.76.167.9	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
180.76.172.227	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=227,CN)
180.76.173.253	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=253,CN)
180.76.175.190	24	GM	None	2020-09-30 00:00:00	2020-12-30 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=190,CN)
180.76.179.194	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=194,CN)
180.76.181.115	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=115,CN)
180.76.181.115	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=115,CN)
180.76.188.194	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=194,CN)
180.76.189.73	24	KF	None	2020-03-20 00:00:00	2020-06-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=73,CN)
180.76.234.146	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=146,CN)
180.76.236.124	24	DT	None	2020-07-05 00:00:00	2020-10-03 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=124,CN)
180.76.237.217	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=217,CN)
180.76.237.217	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=217,CN)
180.76.237.217	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=217,CN)
180.76.238.65	32	GM	None	2020-08-12 00:00:00	2020-11-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C03697 (IP=65,CN)
180.76.243.219	24	RW	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=219,CN)
180.76.246.121	24	GLM	None	2018-12-20 06:00:00	2020-02-11 00:00:00	None	Illegal user (IP=121,CN) | updated by GM with reason Failed password - Failed Logons (IP=104,CN)
180.76.247.6	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Illegal user - Failed Logons (IP=6,CN)
180.76.51.153	24	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=153,CN)
180.76.55.6	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=6,CN)
180.76.96.121	24	alj	None	2018-11-06 06:00:00	2020-03-07 00:00:00	None	Illegal user (ip=121,cn) | updated by GM with reason Invalid user - Failed Logons (IP=12,CN)
180.76.99.23	32	RR	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=23,CN)
180.80.218.153	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	KR TO-S-2019-0952 Malware Activity
180.87.234.106	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt _SourceFire (IP=6,IN)
180.87.34.76	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Illegal user_6 hr Failed Logons_CPC (IP=76 IN)
180.87.34.76	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=76,IN)
180.87.34.76	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=76,IN)
180.87.4.208	24	alj	None	2018-11-26 06:00:00	2020-01-27 00:00:00	None	DNS Query/Resp geo kasperksy com | updated by RWB Block was inactive. Reactivated on 20191029 with reason Unknown Traffic - DNS Query/Resp geo kasperksy com - sourcefire (IP=208,HK)
180.89.58.27	24	RR	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=27,CN)
180.92.138.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	PK TO-S-2020-0109.01 Malicious Email Activity
180.92.194.13	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	AU TO-S-2019-0938 Malicious Email Activity
180.92.196.47	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Failed password_6 hr Failed Logons (IP=47,AU)
180.93.13.152	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=152,VN)
180.93.203.121	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=121,VN)
180.93.28.224	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=224,VN)
180.93.7.195	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_6 hr web attacks (IP=195 VN)
180.94.128.0	19	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	MO TO-S-2019-0400 Malware Activity
180.95.238.29	24	wmp	None	2019-01-10 06:00:00	2020-02-05 00:00:00	None	information disclosure attempt (IP=29,CN) | updated by RR with reason Generic ArcSight scan attempt (IP=104,CN)
180.96.12.158	24	KF	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=158,CN)
180.96.14.234	24	EDBT	None	2018-01-28 06:00:00	2020-01-18 00:00:00	None	ET SCAN Potential SSH Scan (IP=234,CN) | updated by RR with reason Illegal user (IP=98,CN) | updated by RB with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_Sourcefire (IP=25,CN) | 2020-01-18 | 2019-04-24
180.97.197.243	24	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	TCP: SYN Host Sweep (IP=243,CN)
180.97.238.247	24	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	TCP: SYN Host Sweep (IP=247,CN)
180.97.250.44	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=44,CN)
181.110.59.15	24	GM	None	2020-01-27 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=15,AR) | updated by GM Block expiration extended with reason Authentication Failed - Failed Logons (IP=15,AR)
181.111.181.50	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=50,AR)
181.111.224.34	24	RW	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	Failed password - 6hr Failed Logon (IP=34,AR)
181.112.221.6	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Invalid user - Failed Logons (IP=6,EC)
181.113.226.194	24	FT	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) TT# 20C03645 (IP=194,EC)
181.114.115.190	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=190,BO)
181.115.160.0	20	dbc	None	2019-12-17 00:00:00	2020-12-26 00:00:00	None	BO TO-S-2020-0187 Malicious Email Activity | updated by dbc Block expiration extended with reason BO TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason BO TO-S-2020-0212.01 Malicious Email Activity
181.115.186.67	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=67,BO)
181.115.224.0	20	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	BO TO-S-2019-0734.01 Malicious Email Activity
181.115.249.103	24	RR	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Illegal user - Failed Logopns (IP=103,BO)
181.115.73.101	24	RB	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=101,HN)
181.119.0.0	17	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	CO TO-S-2019-0508 Malware Activity
181.120.188.152	24	RW	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	UDP: Host Sweep (IP=152,PY)
181.121.202.54	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=54,PY)
181.121.4.168	24	CR	None	2020-01-06 00:00:00	2020-04-06 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=168,PY)
181.123.177.204	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password_Faield Logon (IP=4,PY)
181.123.9.3	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Failed password - 6hr Logons (IP=3,PY)
181.128.0.0	12	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	CO TO-S-2019-0734.01 Malicious Email Activity
181.16.121.83	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=83,AR)
181.16.185.55	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=55,AR)
181.16.210.37	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=37,AR)
181.164.151.129	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=129,AR)
181.164.33.48	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=48 AR)
181.164.35.44	24	GM	None	2020-06-18 00:00:00	2020-08-18 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=44,AR)
181.165.158.213	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=213,AR)
181.169.0.0	19	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	AR TO-S-2019-0488 Malware Activity
181.169.232.175	32	KF	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	Known Attack Tool User / Mirai Echobot - TT# 010420-00015 (IP=175,AR)
181.169.252.31	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=31,AR)
181.171.3.101	24	KF	None	2020-03-16 00:00:00	2020-06-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=101,AR)
181.174.165.164	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	PA TO-S-2019-0351 Malicious Web Application Activity
181.174.78.209	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	GT TO-S-2019-0409 Malicious Email Activity
181.176.0.0	16	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	PE TO-S-2019-0734.01 Malicious Email Activity
181.177.0.0	18	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	AR TO-S-2020-0056 Malicious Web Application Activity
181.188.128.0	18	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	BO TO-S-2019-1036 Malicious Email Activity
181.191.107.69	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C01897 (IP=69,BR)
181.191.228.84	24	KF	None	2020-03-09 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02082 (IP=84,BR)
181.191.92.0	22	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	BR TO-S-2019-0972 Malicious Web Application Activity
181.194.156.108	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 020420-00074 (IP=108,CR)
181.197.0.0	17	jky	None	2016-11-18 06:00:00	2020-03-08 00:00:00	None	PA TO-S-2017-0188 Login credential harvesting | updated by RR with reason SERVER-WEBAPP Linksys E-series HNAP TheMoon remote c | updated by GM with reason Invalid user - Failed Logons (IP=2,PA)
181.198.0.0	16	dbc	None	2018-10-23 05:00:00	2020-02-02 00:00:00	None	EC TO-S-2019-0067.01 Malware Activity | updated by kmw with reason EC TO-S-2019-0145 Malicious Email Activity | updated by KF with reason HTTP: SQL Injection Attempt Detected_Web Attacks (IP=25,EC)
181.199.157.87	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=87,AR)
181.209.88.26	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	AR TO-S-2019-0734.01 Malicious Email Activity
181.211.250.138	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	Illegal user (IP=138 EC)
181.214.156.26	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	CL TO-S-2019-0400 Malicious Email Activity
181.214.16.0	20	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	BR TO-S-2019-0658 Malicious Email Activity
181.214.243.10	32	GM	None	2020-05-25 00:00:00	2020-06-25 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02907 (IP=10,US)
181.214.31.165	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=165, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
181.214.31.79	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
181.220.173.60	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=60,BR)
181.224.138.194	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=194,PA)
181.224.184.67	24	RR	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Failed password - Failed Logons (IP=67,)
181.226.105.155	32	GM	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	Unauthorized Access-Probe/ UDP: Host Sweep - TT# 20C02166 (IP=155,US)
181.23.218.199	24	RW	None	2020-08-01 00:00:00	2020-11-01 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=199,AR)
181.230.131.66	24	RB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	Failed password_6 hr Failed Logons (IP=66,AR)
181.25.205.149	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=149,AR)
181.29.255.108	24	RW	None	2020-01-07 00:00:00	2020-04-09 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=108,AR) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=108,AR)
181.30.101.162	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Failed password Failed_Failed Logon (IP=62,AR)
181.30.27.11	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password - Failed Logons (IP=11,AR)
181.30.28.247	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Web Attacks (IP=247,AR)
181.36.42.205	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	DO TO-S-2019-1036 Malicious Email Activity
181.37.57.13	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=13,DO)
181.39.128.0	19	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	EC TO-S-2019-1036 Malicious Email Activity
181.39.232.76	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=76,EC)
181.40.122.2	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=2,PY)
181.40.125.250	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=250,PY)
181.40.73.86	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password_6 hr Failed Logons (IP=86 PY)
181.40.81.198	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=198,PY)
181.44.14.63	24	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt - Sourcefire (IP=63,AR)
181.44.216.49	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 020420-00067 (IP=49,AR)
181.46.82.242	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=242,AR)
181.46.9.235	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=235,AR)
181.49.254.230	32	wmp	None	2020-08-17 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3600 CTO-20-225 (IP=230,CO)
181.54.201.132	32	RB	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03761 (IP=132,CO)
181.57.208.226	24	RR	None	2020-01-21 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=226,CO) | updated by RWB with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=226,CO)
181.57.76.81	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - 6hr Logons (IP=81,CO)
181.62.0.150	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=150,CO)
181.62.245.190	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=190,CO)
181.62.248.12	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password - 6hr Logon (IP=12,CO)
181.63.245.127	32	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - 6hr Failed Logon (IP=127,CO) | updated by RW Block was inactive. Reactivated on 20191015 with reason Illegal user - 6hr Failed Logon (IP=127,CO)
181.73.58.173	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logons (IP=173,CL)
181.74.147.162	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=162,CL)
181.78.3.38	32	RB	None	2020-05-05 00:00:00	2020-08-03 00:00:00	None	TO-S-2020-0495/ Multiple Blocks - TT# 20C02618 (IP=38,CO)
181.90.181.176	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,AR)
181.91.87.234	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=234,AR)
181.92.129.17	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=17,AR)
181.92.130.78	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=78,AR)
181.92.234.52	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed - 6hr Logon (IP=52,AR)
181.94.195.158	24	RR	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=158,AR)
182.100.67.114	24	dbc	None	2015-03-25 05:00:00	2020-02-10 00:00:00	None	Potential SSH Scan (IP=114, CN) | updated by klb with reason ET SCAN Potential SSH Scan (IP=102 CN) | updated by klb with re | updated by KF with reason Immediate Inbound Network Block - TT# 20C00972 (IP=238,US)
182.101.207.128	24	RR	None	2020-07-29 00:00:00	2020-10-27 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=128,CN)
182.112.10.131	24	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=131,CN)
182.112.14.123	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) (IP=123,CH)
182.112.26.80	24	RW	None	2019-10-25 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=80,CN)
182.112.4.251	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=251 CN)
182.112.41.8	24	CR	None	2020-01-01 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=8,CN)
182.112.68.24	24	BMP	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=24,CN)
182.112.73.39	24	RR	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=39,CN)
182.112.8.58	24	MLJ	None	2017-07-07 05:00:00	2020-03-03 00:00:00	None	ET SCAN Potential SSH Scan (IP=58,CN) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt -Web Attacks (IP=162,CN)
182.113.189.33	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=33,CN)
182.113.208.67	24	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=67,CN)
182.113.214.14	24	RR	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=14,CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=146
182.113.243.58	24	KF	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=58,CN)
182.114.16.137	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=137,CN)
182.114.252.160	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Web attacks (IP=60,CN)
182.114.255.31	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=31,CN) | not blocked because This is a home router
182.114.48.57	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=57,CN)
182.115.211.181	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=181,CN)
182.116.106.107	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=7,CN)
182.117.181.183	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_SourceFire (IP=83,CN)
182.117.81.37	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=37,CN)
182.117.83.74	24	RR	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=74,CN)
182.117.90.44	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=44,CN)
182.117.94.144	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=144,CN)
182.118.103.155	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
182.119.37.77	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=77,CN)
182.120.217.177	24	RR	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=177,CN)
182.120.241.74	24	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=74,CN)
182.121.102.213	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=213,CN)
182.121.129.73	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=73,CN)
182.121.98.231	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr Web Attacks (IP=231,CN)
182.122.155.242	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
182.122.166.120	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=120,CN)
182.122.173.206	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=6,CN)
182.122.247.97	24	CW	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=97,CN)
182.122.28.69	24	RR	None	2019-06-22 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (1:29831:3) - SourceFire (IP=69,CN) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=192,CN)
182.123.251.173	24	CW	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt _SourceFire (IP=73,CN)
182.126.163.157	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_SourceFire (IP=57,CN)
182.126.195.187	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Sourcefire (IP=187,CN)
182.126.225.129	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=,CN)
182.126.231.124	24	CR	None	2020-01-20 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=124,CN)
182.126.4.241	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=241,CN)
182.126.5.172	24	CR	None	2019-12-27 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=172,CN)
182.126.7.94	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_web attacks (IP=94,CN)
182.126.70.101	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=1,CN)
182.126.73.11	24	RR	None	2018-09-14 05:00:00	2020-01-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=11,CN) | updated by RB with reason SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=155,CN) | 2020-01-31 | 2018-12-13
182.127.116.193	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=193,CN)
182.127.118.55	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_6 hr web attacks (IP=55,CN)
182.127.126.240	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=240,CN)
182.127.171.140	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Web Attacks (IP=40,CN)
182.127.237.25	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=25,CN)
182.127.30.128	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=128,CN)
182.127.48.153	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=53,CN)
182.127.48.203	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=203,CN)
182.127.49.88	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=88,CN)
182.127.58.233	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=233,CN)
182.127.79.35	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=35,CN)
182.127.96.104	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=104,CN)
182.127.99.122	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=122,CN)
182.131.80.118	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=118,CN)
182.135.66.93	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password (IP=93,CN)
182.135.71.63	24	RB	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - 6 hr web attacks (IP=63,CN)
182.136.17.56	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=56,CN)
182.138.180.210	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=210,CN)
182.139.134.107	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP=107,CN)
182.139.31.42	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=42,CN)
182.140.225.35	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=35,CN)
182.142.96.146	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=146,CN)
182.146.104.15	24	DT	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=15,CN)
182.148.53.187	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=187,CN)
182.150.207.122	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=122,CN)
182.151.15.242	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_12 hr web attacks (IP=242,CN)
182.151.16.254	24	CR	None	2018-08-17 05:00:00	2020-03-04 00:00:00	None	Illegal user (IP=254,CN) | updated by RR with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=109,CN)
182.151.23.57	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=57,CN)
182.151.35.154	24	RB	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=154,CN)
182.151.37.14	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=14 CN)
182.16.0.0	18	jky	None	2017-08-17 05:00:00	2020-01-03 00:00:00	None	HK TO-S-2017-1441 DDOS activity | updated by jky with reason CN TO-S-2018-0562 Malware activity | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=234,HK) | 2020-01-03 | 2019-03-14
182.16.163.2	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=2,ID)
182.16.181.50	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	ID TO-S-2019-0409 Malicious Email Activity
182.160.160.83	24	CW	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	HTTP: Blind SQL Injection - Timing_Web Attacks (IP=83,AU)
182.161.21.133	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=133,LK)
182.161.69.114	24	RB	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Sourcefire (IP=114,HK)
182.162.22.207	24	CR	None	2019-01-03 06:00:00	2020-07-23 00:00:00	None	Illegal user (IP=207,KR) | updated by dbc with reason KR TO-S-2019-0839 Malware Activity
182.163.106.82	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=82,BD)
182.163.127.205	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=205,BD)
182.163.227.51	24	dbc	None	2015-02-01 06:00:00	2020-03-27 00:00:00	None	Potential FTP Brute-Force Attempt (ip=51, KR) | updated by RB with reason PROTOCOL-DNS DNS query amplification attempt_Sourcefire (IP=54,KR) | 2020-03-27 | 2015-05-01
182.171.245.130	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Failed password for invalid user - Failed Logons (IP=130,JP)
182.176.97.4	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=4,PK)
182.18.194.135	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Failed password - Failed Logons (IP=135,PH)
182.180.62.5	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=5,PK)
182.180.92.13	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=13,PK)
182.180.96.98	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=98,PK)
182.182.61.62	32	GM	None	2020-03-16 00:00:00	2020-06-14 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02160 (IP=62,US)
182.184.58.12	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - 6hr Logons (IP=12,PK)
182.185.1.109	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=109,PK)
182.185.112.108	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=108,PK)
182.185.140.129	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=129,PK)
182.185.15.52	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
182.185.45.147	24	RW	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=147,PK)
182.185.80.251	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=251,PK)
182.187.101.79	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=79,PK)
182.187.25.167	24	GM	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=167,PK)
182.187.30.120	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=120,PK)
182.200.36.41	24	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Authentication Failed - 6hr Logons (IP=41,CN)
182.205.249.153	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
182.206.6.10	24	RR	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=10,CN)
182.214.170.7	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=7,KR)
182.218.151.155	24	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Web Attacks (IP=155,KR)
182.219.86.118	24	RR	None	2020-01-03 00:00:00	2020-04-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=118,KR)
182.222.119.174	24	RW	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	TCP: SYN Host Sweep (IP=174,KR)
182.222.195.205	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	SERVER-WEBAPP GPON Routerauthentication bypass and command injection attempt (IP=205,KR)
182.23.1.163	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=163,ID)
182.23.104.231	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=231,IN)
182.23.45.225	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Illegal User_Failed Logon (IP=25,ID)
182.23.7.194	24	RB	None	2018-04-07 05:00:00	2020-01-29 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) (IP=194 ID) | updated by RB with reason OS-OTHER Bash CG | updated by GM with reason ABC Generic ArcSight scan attempt (IP=194,IN)
182.232.185.82	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	TH TO-S-2019-0658 Malware Activity
182.235.252.104	24	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=104,TW)
182.237.1.166	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Command Injection Attempt (IP=166,HK)
182.237.167.2	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
182.239.43.61	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=61,MY)
182.243.91.19	24	dbc	None	2014-04-14 05:00:00	2020-02-17 00:00:00	None	TCP Port Sweep (ip=19,CN) | updated by RB with reason HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnera | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=1
182.247.245.213	24	RR	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	Command Injection Attempt (IP=213,CN)
182.252.0.132	24	dbc	None	2014-03-26 05:00:00	2020-02-02 00:00:00	None	SSH Scan (ip=132,KR) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=188,KR) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=188,KR)
182.252.135.34	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=34,KR)
182.252.138.71	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	KR TO-S-2019-0508 Malicious Reconnaissance Activity
182.253.107.115	24	RR	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=115,ID)
182.253.142.9	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=9,ID)
182.253.186.83	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=83,ID)
182.253.245.3	24	RW	None	2020-05-14 00:00:00	2020-08-14 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=3,ID)
182.253.26.114	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=114,ID)
182.253.70.89	24	RB	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Illegal user_6 hr Failed Logons_CPC (IP=89,ID)
182.254.134.77	24	RR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=77,CN)
182.254.135.14	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Invalid user - Failed Logon (IP=14 ,CN)
182.254.136.89	24	RR	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=89,CN)
182.254.148.72	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Illegal user_Failed Logon (IP=72,CN)
182.254.162.69	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_Web Attacks (IP=69,CN)
182.254.166.203	24	DT	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=203,CN)
182.254.170.136	24	RR	None	2019-10-02 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=136,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=136, CN)
182.254.172.63	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password_6 hr Failed Logons (IP=63,CN)
182.254.179.192	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=192,CN)
182.254.188.60	24	RB	None	2020-08-01 00:00:00	2020-10-30 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Sourcefire (IP=60,CN)
182.254.189.73	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=73,CN)
182.254.193.48	24	GM	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=48,CN)
182.254.226.100	24	RB	None	2020-07-20 00:00:00	2020-10-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr failed logon (IP=100,CN)
182.254.227.191	24	wmp	None	2016-07-17 05:00:00	2020-02-12 00:00:00	None	Suspicious inbound to MySQL (IP=191,CN) | updated by GM with reason Invalid user - Failed Logons (IP=147,CN)
182.254.241.219	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=219,CN)
182.254.243.109	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=109,CN)
182.31.167.64	24	RR	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=64,KR) | updated by RW Block expiration extended with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=146,IN)
182.31.242.36	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password_6 Hr Failed Logons (IP=36,KR)
182.32.30.162	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed (IP=62,CN)
182.48.49.166	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	JP TO-S-2019-0890.01 Malicious Email Activity
182.48.80.68	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=68,BD)
182.50.130.155	24	sjl	None	2014-11-16 06:00:00	2020-03-10 00:00:00	None	Danmec Bot SQL Injection Attack Detected (IP=155 SG) | updated by ged with reason SERVER-WEBAPP RevSlider information disclos | updated by GM with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=136,SG)
182.50.130.67	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=67,SG)
182.50.132.102	24	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=102,SG)
182.50.132.103	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=103,SG)
182.50.132.193	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3904 COLS-NA-TIP-20-0292 (IP=193,SG)
182.50.132.50	24	djs	None	2016-07-07 05:00:00	2020-02-06 00:00:00	None	USAA Phishing url maid=8534 (ip=50,SG) | updated by jky with reason SG TO-S-2017-0192 Fireeye detected exploit.doc.mvx | updated by RR with reason SQL 1 = 1 - possible sql injection attempt - 6 hr Web Attacks (IP=48,SG) | updated by GM with reason
182.50.132.50	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	SG TO-S-2020-0190 Malicious Email Activity
182.50.151.56	24	dlb	None	2016-05-14 05:00:00	2020-02-11 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt (IP=56, SG) | updated by MLJ with reason SQL 1 = 1 - possible sql injec | updated by GM with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=17,SG)
182.52.112.141	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - Failed Logons (IP=141,TH)
182.52.134.179	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=179,TH)
182.52.162.65	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - Failed Logons (IP=65,TH)
182.52.30.114	24	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=114,TH)
182.52.51.46	32	CR	None	2020-08-29 00:00:00	2020-11-29 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03798 (IP=46,TH)
182.53.102.58	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=58,TH)
182.53.181.203	24	RW	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=203,TH)
182.53.193.80	24	KF	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	Authentication Failed - 6 Hr Failed Logons (IP=80,TH)
182.53.197.74	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=74,TH)
182.55.70.179	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Authentication Failed - Failed Logon (IP=179,SG)
182.56.168.5	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=5,IN)
182.61.1.130	24	RW	None	2020-02-02 00:00:00	2020-05-08 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=130,CN) | updated by KF Block expiration extended with reason Illegal user (IP=130,CN) | updated by GM Block expiration extended with reason Illegal user - Failed Logons (IP=130,CN)
182.61.104.206	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=206,CN)
182.61.107.126	24	KF	None	2020-06-22 00:00:00	2020-09-20 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03249 (IP=126,CN)
182.61.12.58	24	RB	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Failed password_6 hr Failed Logons (IP=58 CN)
182.61.130.31	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_Sourcefire (IP=31,CN)
182.61.132.165	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Failed password - Failed Logon (IP=165,CN)
182.61.133.172	24	RWB	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Failed password - Failed Logon (IP=,CN) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=172,CN)
182.61.134.247	32	RR	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03506 (IP=247,CN)
182.61.138.112	24	GM	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	ABC Generic ArcSight scan attempt (IP=112,CN)
182.61.15.238	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password_6 hr Failed Logons (IP=238,CN)
182.61.151.91	24	RW	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Command Injection Attempt (IP=91,CN)
182.61.160.253	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Illegal user_Failed Logon (IP=53,CN)
182.61.161.153	24	RW	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=153,CN)
182.61.162.130	24	RR	None	2018-12-18 06:00:00	2020-03-10 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (1:38700:1) (IP=130,CN) | updated by GM with reason Invalid user - Failed Logons (IP=54,CN)
182.61.163.232	24	GM	None	2019-06-17 00:00:00	2020-02-16 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=232,CN) | updated by CW Block was inactive. Reactivated on 20191118 with reason HTTP: ThinkPHP CMS Getshell Vulnerability_web attacks (IP=32,CN)
182.61.164.95	24	RR	None	2019-04-07 00:00:00	2020-04-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=95,CN) | updated by RR with reason Illegal user - Failed Logons (IP=51,CN)
182.61.165.46	24	BMP	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=46,CN)
182.61.166.139	24	alj	None	2018-12-03 06:00:00	2020-01-10 00:00:00	None	MALWARE-BACKDOOR JSP webshell | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=123,CN)
182.61.170.213	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=213,CN)
182.61.173.198	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=198 CN)
182.61.175.71	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=71,CN)
182.61.176.71	24	CR	None	None	2020-01-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=7,CN) | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=39,CN) | 2020-01-17 | 2019-07-11
182.61.183.208	24	KF	None	2020-03-15 00:00:00	2020-06-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=208,CN)
182.61.184.155	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=155,CN)
182.61.185.144	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=144,CN)
182.61.188.158	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability_Web attacks (IP=58,CN)
182.61.189.105	24	CR	None	2019-06-24 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=105,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=87,CN)
182.61.22.205	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=205,CN)
182.61.24.4	24	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - WebAttacks (IP=4,CN)
182.61.26.165	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Failed password - Failed Logon (IP=165,CN)
182.61.27.149	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Failed password for invalid user - Failed Logon (IP=149,CN)
182.61.29.120	24	RB	None	2018-05-20 05:00:00	2020-02-26 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=120,CN) | updated by RR with reason Failed password - Failed Logons (IP=126,CN)
182.61.3.157	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=157,CN)
182.61.31.103	24	RR	None	2019-01-19 00:00:00	2020-03-05 00:00:00	None	Failed password for invalid user (IP=103,CN) | updated by GM with reason Failed password - Failed Logons (IP=79,CN)
182.61.32.8	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=8,CN)
182.61.33.2	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password_Failed Logon (IP=2,CN)
182.61.39.158	24	RR	None	2018-02-14 06:00:00	2020-03-07 00:00:00	None	Failed password (IP=158,CN) | updated by GM with reason Invalid user - Failed Logons (IP=131,CN)
182.61.4.60	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=60,CN)
182.61.40.118	24	KF	None	2020-04-21 00:00:00	2020-07-20 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=118,CN)
182.61.46.10	24	GLM	None	2019-01-14 06:00:00	2020-02-26 00:00:00	None	Illegal user (IP=10,CN) | updated by RR with reason Failed password - Failed Logons (IP=246,CN)
182.61.5.44	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=44,CN)
182.61.50.101	24	RB	None	2019-01-18 00:00:00	2020-01-10 00:00:00	None	Failed password for invalid user(IP=101,CN) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=197,CN)
182.61.57.226	24	GM	None	2019-11-13 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logons (IP=226,CN)
182.61.61.244	24	RW	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=244,CN)
182.64.0.0	12	dbc	None	2018-09-20 05:00:00	2020-04-21 00:00:00	None	IN TO-S-2018-1158 Malicious Reconnaissance Activity | updated by RWB with reason Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,IN)
182.65.181.106	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=106,IN)
182.68.109.31	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=31,IN)
182.70.123.43	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password - Failed Logons (IP=43,IN)
182.71.127.252	24	RR	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password - Failed Logons (IP=252,IN)
182.71.221.78	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password_6 hr Failed Logons_CPC (IP=78 IN) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
182.73.184.62	24	BMP	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	Known Attack Tool User Agent V2/UDS-WhatWeb_RC8766vulnerability - TT# 20C02561 (IP=62,IN)
182.74.233.34	24	RR	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=34,IN)
182.75.10.158	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Illegal user - Failed Logons (IP=158,IN)
182.75.216.74	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=74,IN)
182.75.225.84	24	RB	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=84,IN)
182.75.248.254	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=254,IN)
182.75.63.150	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=150,IN)
182.76.141.185	24	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=185,IN)
182.76.206.1	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password (IP=1,IN)
182.76.214.118	24	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Invalid user - Failed Logons (IP=118,IN)
182.76.50.202	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Authentication Failed - Failed Logons (IP=202,IN)
182.77.63.108	24	GM	None	2020-04-09 00:00:00	2020-07-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=108,IN)
182.84.124.75	24	RR	None	2019-01-03 06:00:00	2020-02-15 00:00:00	None	Authentication Failed (IP=75,CN) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=169,CN) | 2020-02-15 | 2019-04-03
183.101.52.42	24	FT	None	2020-09-14 00:00:00	2020-12-13 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Source Fire (IP=42,KR)
183.102.25.143	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt_SourceFire (IP=43,KR)
183.103.35.202	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password - 6hr Logon (IP=202,KR)
183.105.143.129	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=129,KR)
183.105.165.247	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=247,KR)
183.107.62.150	24	KF	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	Failed password - 6 Hr Failed Logons (IP=150,KR)
183.108.165.57	24	RW	None	2020-04-19 00:00:00	2020-07-19 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Sourcefire (IP=146,IN)
183.109.170.68	24	KF	None	2019-11-03 00:00:00	2020-02-04 00:00:00	None	Failed password_6 Hr Failed Logons (IP=68,KR) | updated by RW with reason Authentication Failed - 6hr Failed Logon(IP=68,KR)
183.111.122.150	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0212.01 Malicious Web Application Activity
183.111.122.150	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	KR TO-S-2020-0206 Malicious Web Application Activity
183.111.125.172	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=172,KR)
183.111.172.115	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	KR TO-S-2019-0430 Malware Activity
183.111.174.119	24	CW	None	2019-07-03 00:00:00	2020-05-17 00:00:00	None	BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt_SourceFire (IP=19,KR) | updated by RR Block was inactive. Reactivated on 20200217 with reason BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt - Sour
183.129.150.2	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password - 6hr Logon (IP=2,CN)
183.129.159.243	24	ABC	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Generic ArcSight scan attempt (IP=243,CN)
183.129.162.42	24	CW	None	2020-01-14 00:00:00	2020-04-23 00:00:00	None	Illegal user_Failed Logon (IP=42,CN) | updated by RB Block expiration extended with reason Illegal user_6 hr Failed Logons (IP=42 CN)
183.131.155.233	24	alj	None	2018-11-27 06:00:00	2020-01-27 00:00:00	None	INDICATOR-COMPROMISE Suspicious | updated by KF with reason INDICATOR-COMPROMISE Suspicious .top dns query (1:43687:2) (IP=23 | updated by KF Block was inactive. Reactivated on 20191005 with reason INDICATOR-COMPROMISE Suspicious .top dns query (1:4368
183.134.104.173	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=173,CN)
183.134.199.68	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=68,CN)
183.134.74.117	24	RR	None	2018-08-31 05:00:00	2020-01-26 00:00:00	None	Illegal user (IP=117,CN) | updated by GM with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=13,CN)
183.134.79.55	24	RW	None	2019-12-19 00:00:00	2020-03-19 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=55,CN)
183.134.91.158	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=158,CN)
183.135.115.3	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6hr web attacks (IP=3,CN)
183.136.170.195	24	BP	None	2019-11-20 00:00:00	2020-02-20 00:00:00	None	Authentication Failed (IP=195,CN)
183.136.223.69	24	alj	None	2018-11-28 06:00:00	2020-01-17 00:00:00	None	INDICATOR-COMPROMISE Suspicious .top dns query (1:43687:2) (ip=69,cn) | updated by KF with reason INDICATOR-COMPROMISE Suspici | updated by KF Block was inactive. Reactivated on 20191004 with reason INDICATOR-COMPROMISE Suspicious .top dns query (1:4368
183.136.233.99	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=99,CN)
183.141.141.118	32	RW	None	2020-07-18 00:00:00	2020-08-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03496 (IP=118,CN)
183.15.123.168	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Invalid user - Failed Logon (IP=168,CN)
183.150.62.106	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_12 hr web attacks (IP=106,CN)
183.157.10.183	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=183,CN)
183.167.196.65	24	RR	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Failed password - Failed Logons (IP=65,)
183.167.211.135	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user (IP= 135 , CN )
183.171.113.75	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=75,MY)
183.171.81.169	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Authentication Failed - Failed Logons (IP=169,MY)
183.179.246.128	24	DT	None	2020-08-29 00:00:00	2020-11-29 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=128,HK)
183.182.105.185	24	RR	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=185,LA)
183.185.110.106	24	FT	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=106,CN)
183.185.110.106	24	RR	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt (1:45073:2) - SourceFire (IP=106,CN)
183.185.143.24	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=,CN)
183.185.45.155	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=155,CN)
183.185.7.113	24	GM	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=113,CN)
183.189.194.57	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	Known Attack Tool User Agent - TT# 20C01881 (IP=57,CN)
183.190.116.10	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	APP-DETECT failed FTP login attempt_Failed Logon (IP=10,CN)
183.194.249.169	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=169,CN)
183.195.121.197	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=197,CN)
183.196.172.36	24	BMP	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Authentication Failed - 6hr Failed Logons (IP=36,CN)
183.196.222.216	24	EDBT	None	2018-02-06 06:00:00	2020-01-15 00:00:00	None	ET SCAN Potential SSH Scan (IP=216,CN) | updated by CR with reason Authentication Failed (IP=229,CN) | updated by RR with reason Authentication Failed - Failed Logons (IP=215,CN)
183.196.233.193	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=193,CN)
183.196.29.77	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Authentication Failed_Failed Logon (IP=77,CN)
183.196.31.253	24	EDBT	None	2017-09-09 05:00:00	2020-01-16 00:00:00	None	ET SCAN Potential SSH Scan (IP=253,CN) | updated by RB with reason Failed password (IP=253,CN) | 2019-03-10 | 2017-12-08 | updated by RR with reason Authentication Failed - Failed Logons (IP=253,CN)
183.196.45.54	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	Authentication Failed_Failed Logon (IP=54,CN)
183.196.57.115	24	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	UDP: Host Sweep (IP=115,CN)
183.2.169.116	24	RW	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=116,CN)
183.2.202.41	24	GM	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	ABC Generic ArcSight scan attempt (IP=41,CN)
183.20.159.133	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - Failed Logons (IP=133,CN)
183.203.218.149	24	20200120	None	None	2020-01-20 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - sourcefire (IP=149,CN) | updated by RWB Block was inactive. Reactivated on 20191022 with reason INDICATOR-SCAN PHP backdoor scan attempt - sourcefire (IP=149,CN)
183.204.4.19	24	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=19,CN)
183.212.206.70	24	CR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Illegal user - 6 hr failed logon (IP=70,CN)
183.224.178.3	24	RR	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=3,CN)
183.230.255.55	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=55,CN)
183.230.43.122	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	APP-DETECT failed FTP login attempt_6 Hr Failed Logons (IP=122,CN)
183.230.93.59	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Invalid user - Failed Logon (IP=59,CN)
183.234.60.150	24	RW	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=150,CN)
183.237.79.215	24	EDBT	None	2016-12-28 06:00:00	2020-02-04 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=215,CN) | updated by RR with reason Command Injection Attempt (IP=234,CN)
183.237.79.234	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03001 (IP=234,CN)
183.237.79.234	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03001 (IP=234,CN)
183.238.223.148	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=148,CN)
183.238.233.110	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Illegal user_Failed Logon (IP=10,CN)
183.238.3.28	24	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=28,CN)
183.238.51.72	24	RW	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=72,CN)
183.239.44.164	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password - Failed Logons (IP=164,CN)
183.246.176.179	32	RW	None	2020-07-24 00:00:00	2020-08-24 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03546 (IP=179,CN)
183.249.242.103	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=103,CN)
183.250.157.129	24	KF	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	TCP: SYN Host Sweep (IP=129,CN)
183.251.107.68	24	KF	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=68,CN)
183.3.187.251	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	APP-DETECT failed FTP login attempt_Failed Logon (IP=51,CN)
183.48.32.96	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=96,CN)
183.48.33.213	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=213,CN)
183.56.218.139	24	RB	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep (IP=139,CN)
183.56.221.68	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Failed password for invalid user - Failed Logon (IP=,CN)
183.58.24.176	24	KF	None	2020-05-24 00:00:00	2020-08-22 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=176,CN)
183.58.24.176	24	KF	None	2020-05-24 00:00:00	2020-08-22 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=176,CN)
183.6.107.248	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password - 6hr Logon (IP=248,CN)
183.60.141.171	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	TCP: SYN Host Sweep (IP=171,CN)
183.61.108.96	32	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT # 20C03650 (IP=96,CN)
183.61.130.147	32	BMP	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03242 (IP=147,CN)
183.62.140.155	24	EDBT	None	2017-11-22 06:00:00	2020-01-29 00:00:00	None	ET SCAN Potential SSH Scan (IP=155,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=12 CN) | 2020-01-29 | 2018-02-20
183.62.144.100	24	RW	None	2020-05-12 00:00:00	2020-08-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=100,CN)
183.62.225.103	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=103,CN)
183.62.55.234	24	GM	None	2020-01-10 00:00:00	2020-04-10 00:00:00	None	Illegal user - Web Attacks (IP=234,CN)
183.64.247.126	24	jkc	None	2016-07-25 05:00:00	2020-08-20 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=126,CN) | updated by YM with reason APP-DETECT failed FTP login attempt (I | updated by RB Block was inactive. Reactivated on 20200520 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerabili
183.64.62.173	24	RR	None	2018-12-18 06:00:00	2020-02-29 00:00:00	None	Failed password for invalid user (IP=173,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=173,CN) | 2020-02-29 | 2019-03-18
183.66.79.1	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=1,CN)
183.67.56.7	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=7,CN)
183.76.51.50	24	GM	None	2019-03-26 00:00:00	2020-06-07 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (IP=50,JP) | updated by dbc with reason JP TO-S-2019-0723 Malware Activity
183.80.105.162	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=162,VN)
183.80.116.62	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=62,VN)
183.80.118.68	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=68,VN)
183.80.122.206	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=6,VN)
183.80.131.123	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=123,VN)
183.80.149.126	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=,VN)
183.80.15.224	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=224,VN)
183.80.164.207	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=207,TH)
183.80.224.78	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=78,VN)
183.80.229.208	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=208,VN) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
183.80.33.64	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=64,VN)
183.80.56.213	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=213,VN)
183.80.61.24	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=24,VN)
183.80.81.0	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=0,VN)
183.80.83.89	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=89,VN)
183.80.86.202	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=202,VN)
183.80.89.83	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=83,VN)
183.81.160.0	21	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	MY TO-S-2019-1036 Malicious Email Activity
183.81.45.227	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=227,VN)
183.81.60.222	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=222,VN)
183.81.90.215	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=215,VN)
183.87.149.54	32	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00412 (IP=54,IN)
183.87.42.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
183.87.64.0	18	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	IN TO-S-2019-1036 Malicious Email Activity
183.88.125.29	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=29,TH)
183.88.19.40	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - Failed Logons (IP=40,TH)
183.88.234.85	24	RW	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=85,TH)
183.89.246.117	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Illegal user Failed_Failed Logon (IP=17,TH)
183.90.183.153	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	JP TO-S-2019-0604 Malicious Email Activity
183.90.242.55	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	JP TO-S-2020-0006 Malicious Email Activity
183.91.4.97	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=97,VN)
183.91.68.148	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	ID TO-S-2019-0409 Malicious Email Activity
183.91.87.2	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	ID TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason ID TO-S-2020-0212.01 Malicious Web Application Activity
183.92.72.71	32	RW	None	2020-08-07 00:00:00	2020-09-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03646 (IP=71,CN)
183.94.93.147	24	CR	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt - SourceFire (IP=147,CN)
183.95.84.34	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=34,CN)
183.97.112.151	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=151,KR)
183.97.148.22	24	RR	None	2020-01-03 00:00:00	2020-04-02 00:00:00	None	Authentication Failed - Failed Logons (IP=22,KR)
183.99.48.36	24	BMP	None	2020-03-15 00:00:00	2020-06-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=36,KR)
184.105.139.70	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	US TO-S-2020-0187 Malware Activity
184.105.192.2	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
184.105.247.194	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	US TO-S-2020-0187 Malware Activity
184.106.219.20	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=20,US)
184.107.135.131	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	CA TO-S-2019-0577 Malicious Email Activity
184.107.220.186	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	CA TO-S-2019-0781 Malicious Email Activity
184.13.240.142	32	BP	None	2019-11-20 00:00:00	2020-02-20 00:00:00	None	Authentication Failed (IP=142,US)
184.145.116.174	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2/BOT: Mirai Echobot Activity Detected - TT# 20C02424 (IP=174,CA)
184.153.83.253	32	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Authentication Failed_Failed Logon (IP=53,US)
184.154.104.106	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malicious Email Activity
184.154.190.82	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	EG TO-S-2019-0409 Malware Activity
184.154.207.18	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
184.154.31.114	24	GLM	None	2018-07-16 05:00:00	2020-03-12 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=114,NL) | updated by dbc with reason US TO-S-2019-0488 Malicious Email Ac
184.154.46.217	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
184.154.52.186	32	dbc	None	2019-07-12 00:00:00	2020-07-18 00:00:00	None	US TO-S-2019-0816 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0831 Malicious Email Activity
184.161.92.167	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=167,CA)
184.164.137.180	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malicious Email Activity
184.168.131.14	32	wmp	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	HIVE Case #3755 COLS-NA-TIP-20-0278 (IP=14,US)
184.168.131.16	32	wmp	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	HIVE Case #3755 COLS-NA-TIP-20-0278 (IP=16,US)
184.168.131.233	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	US TO-S-2020-0187 Malicious Web Application Activity
184.168.192.140	32	RB	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03224 (IP=140,US)
184.168.193.47	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
184.168.221.35	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=35,US)
184.168.221.55	32	jky	None	2017-06-27 05:00:00	2020-10-07 00:00:00	None	US TO-S-2017-1208 Phishing activity | updated by wmp Block was inactive. Reactivated on 20200707 with reason HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=55,US)
184.168.221.70	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malicious Email Activity
184.168.221.86	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
184.168.224.170	24	RR	None	2020-03-13 00:00:00	2020-06-11 00:00:00	None	SQL HTTP URI blind injection attempt - SourceFire (IP=170,US)
184.170.248.212	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	NL TO-S-2019-0926 Malicious Email Activity
184.171.165.35	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
184.173.174.233	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
184.173.58.109	32	RB	None	2020-02-05 00:00:00	2020-03-05 00:00:00	None	EXPLOIT-KIT Rig Exploit Kit redirection attempt - TT# 20C01617(IP=109,US)
184.173.87.162	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malware Activity
184.22.12.74	24	RB	None	2020-07-20 00:00:00	2020-10-18 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=74,TH)
184.22.212.139	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=139,TH)
184.24.97.0	24	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	PA TO-S-2020-0206 Malware Activity
184.24.97.160	32	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - sourcefire (IP=160,US)
184.4.160.0	19	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	EC TO-S-2019-0508 Malware Activity
184.51.198.108	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	JP TO-S-2019-0608 Malicious Email Activity
184.51.198.125	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	MX TO-S-2019-0613 Malware Activity
184.55.197.122	32	RW	None	2020-03-06 00:00:00	2020-06-06 00:00:00	None	Web exploit attempt - Hive Case #2167 (IP=122,US)
184.64.13.67	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=67,CA)
184.67.105.182	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Authentication Failed - Failed Logon (IP=182,CA)
184.67.78.106	24	KF	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	Authentication Failed 6 Hr Failed Logons (IP=106,CA)
184.72.198.67	32	RW	None	2020-06-05 00:00:00	2020-09-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=67,US)
184.73.64.9	32	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=9,US)
184.75.209.190	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	CA TO-S-2019-0747 Malware Activity
184.75.220.66	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
184.82.203.197	24	BMP	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=197,TH)
184.86.199.215	32	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt - sourcefire (IP=215,US)
184.86.203.60	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt - SourceFire (IP=60,AU)
184.94.154.51	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	KR TO-S-2019-0626.01 Malicious Email Activity
184.94.157.215	32	RW	None	2020-04-29 00:00:00	2020-07-29 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=215,US)
184.95.52.140	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
184.95.62.58	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
185.10.112.0	22	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	SA TO-S-2019-0626.01 Malware Activity
185.10.68.0	24	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,SC)
185.10.68.150	24	GLM	None	2017-04-03 05:00:00	2020-02-04 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=150,SC) | updated by GLM with reason SERVER-WEBAPP Drupal 8 remote code exec
185.10.68.22	24	BMP	None	2020-07-15 00:00:00	2020-10-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=22,SC)
185.10.75.26	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=26,IR)
185.100.59.59	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=59,NL)
185.100.86.182	24	RR	None	2020-07-18 00:00:00	2020-10-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=182,FI)
185.100.87.231	24	djs	None	2016-06-13 05:00:00	2020-01-04 00:00:00	None	SSH scans (ip=231,RO) | updated by jky with reason CL TO-S-2017-0138 Malicious Cyber Actors communicating with government site | updated by RB with reason APP-DETECT failed FTP login attempt_6 hr Failed Logons (IP=246 RO) | 2020-01-04 | 2018-11-29
185.101.156.0	22	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	CH TO-S-2019-0351 Malicious Email Activity
185.101.231.42	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=42,IR)
185.101.33.135	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NO TO-S-2020-0212.01 Malicious Web Application Activity
185.101.33.135	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NO TO-S-2020-0206 Malicious Web Application Activity
185.101.33.136	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NO TO-S-2020-0212.01 Malicious Web Application Activity
185.101.33.136	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NO TO-S-2020-0206 Malicious Web Application Activity
185.101.98.16	32	RW	None	2020-05-15 00:00:00	2020-08-13 00:00:00	None	TCP: SYN Host Sweep - ABC report (IP=16,US)
185.103.16.167	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	NL TO-S-2019-0468 Malicious Email Activity
185.104.121.5	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity
185.104.126.128	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=128,IT)
185.104.184.187	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	DE TO-S-2020-0006 Malicious Email Activity
185.104.187.62	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	HU TO-S-2019-0952 Malicious Email Activity
185.104.28.58	24	jky	None	2016-12-13 06:00:00	2020-07-05 00:00:00	None	NE TO-S-2017-0293 Malicious Spearphishing email | updated by dbc with reason JP TO-S-2019-0800 Malicious Email Activity
185.104.29.52	24	GLM	None	2018-07-12 05:00:00	2020-02-15 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=52,NL) | updated by dbc with reason NL TO-S-2019-0409 Malware Activity
185.104.44.0	22	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	UA TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason UA TO-S-2020-0212.01 Malware Activity
185.104.45.121	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	UA TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason UA TO-S-2020-0212.01 Malware Activity
185.105.1.0	24	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,IN)
185.105.236.0	23	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	IR TO-S-2020-0047 Malicious Email Activity
185.105.7.248	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=248,RO)
185.105.84.0	22	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	RO TO-S-2019-0551.02 Malicious Email Activity
185.105.95.141	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=141,IT)
185.106.128.132	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=132,IL)
185.106.20.7	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=7,TR)
185.106.96.153	32	RR	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	Known Attack Tool User Agent V2 / HTTP: SqlMap SQL Injection - Scanning I - TT# 20C02450 (IP=153,US)
185.106.96.161	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=161,HU)
185.107.15.209	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Infection Match (IP=209,DK)
185.107.70.202	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	NL TO-S-2020-0012 Malicious Email Activity
185.107.80.2	24	RB	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt_Sourcefire (IP=2,NL)
185.107.83.71	24	RW	None	2020-07-18 00:00:00	2020-10-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=71,NL)
185.107.83.71	24	RW	None	2020-07-18 00:00:00	2020-10-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=71,NL)
185.107.95.210	24	FT	None	2020-09-18 00:00:00	2020-12-18 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Sourcefire (IP=210,IN)
185.107.95.210	24	RR	None	2020-09-19 00:00:00	2020-12-18 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=210,NL)
185.108.128.64	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IE TO-S-2020-0212.01 Malicious Web Application Activity
185.109.170.250	32	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	GB TO-S-2019-0515 Malware Activity
185.109.22.147	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,RU)
185.11.146.112	24	djs	None	2014-12-30 06:00:00	2020-04-29 00:00:00	None	UPnP Service discover attempts (ip=112,NL) | updated by jky with reason NL TO-S-2017-0271 Phishing and malicious attachments
185.11.167.118	24	CR	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=118,PT)
185.11.240.12	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	GB TO-S-2019-0532 Malicious Email Activity
185.110.72.45	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Illegal user - sourcefire (IP=45,CH)
185.111.232.10	24	jky	None	2016-12-01 06:00:00	2020-03-12 00:00:00	None	CY TO-S-2017-0233 Phishing email | updated by dbc with reason GB TO-S-2019-0488 Malware Activity
185.112.145.175	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	IS TO-S-2019-0816 Malicious Email Activity
185.112.249.210	24	YM	None	2018-02-14 06:00:00	2020-01-04 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=210,GB) | updated by dcg with reason GB TO-S-2018-1186 associated with malici | updated by RB with reason MALWARE-CNC URI - known scanner tool muieblackcat (IP=189 GB) | 2020-01-04 | 2019-09-28
185.112.250.241	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Invalid user -Failed Logons (IP=241,GB)
185.112.251.220	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00134 (IP=220,GB)
185.112.82.95	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	FI TO-S-2019-0723 Malicious Email Activity
185.113.140.11	32	dbc	None	2019-02-27 00:00:00	2020-02-27 00:00:00	None	PT TO-S-2019-0444 Malware Activity
185.113.140.20	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	PT TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason PT TO-S-2020-0212.01 Malware Activity
185.114.225.235	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malicious Web Application Activity
185.114.225.235	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity
185.114.23.229	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Immediate Inbound Network Block - TT# 20C00830 (IP=229,US)
185.115.41.253	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	TR TO-S-2020-0190 Malicious Email Activity
185.116.160.0	22	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	IR TO-S-2019-0952 Malware Activity
185.117.119.0	24	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	FI TO-S-2019-0926 Malicious Email Activity
185.117.75.0	24	tjh	None	2016-03-28 05:00:00	2020-07-18 00:00:00	None	NL TO-S-2016-0436 | updated by tjh with reason NL TO-S-2016-0507 | updated by dbc with reason NL TO-S-2016-0803 Malicious Ac | updated by dbc with reason NL TO-S-2019-0734.01 Malicious Email Activity | updated by dbc with reason NL TO-S-2019-0831 M
185.118.212.250	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=250,)
185.118.50.10	24	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=10,AZ)
185.119.172.170	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	GB TO-S-2019-0640.01 Malicious Email Activity
185.119.173.236	24	GLM	None	2017-07-21 05:00:00	2020-05-06 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected (IP=236,GB) | updated by dbc wit | updated by dbc with reason GB TO-S-2019-0640.01 Malicious Email Activity
185.119.175.82	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	GB TO-S-2019-0952 Malware Activity
185.12.179.60	24	ged	None	2015-11-19 06:00:00	2020-02-10 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=60, DE) | updated by CR with reason ET SCAN Potential SSH Scan (IP=96,DE) | updated by GM with reason ABC Generic ArcSight scan attempt (IP=204,DE)
185.12.45.115	24	RW	None	2020-07-18 00:00:00	2020-10-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=115,CH)
185.12.56.133	24	GM	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=133,NO)
185.120.236.0	23	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	IR TO-S-2019-0351 Malware Activity
185.120.56.0	22	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	RU TO-S-2020-0047 Malicious Email Activity
185.120.7.1	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SQL injection - 6hr Web Attacks (IP=1,GB)
185.121.170.165	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	NL TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason NL TO-S-2019-0864 Malware Activity
185.122.200.208	24	RW	None	2020-05-31 00:00:00	2020-09-03 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=208,TR) | updated by RW Block expiration extended with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=208,TR)
185.122.201.127	24	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=127,TR)
185.122.203.148	24	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=148,TR)
185.122.223.250	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Invalid user - Failed Logon (IP=250,RO)
185.123.101.120	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	TR TO-S-2019-0769 Malware Activity
185.123.102.43	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	JP TO-S-2019-0640.01 Malware Activity
185.123.102.45	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	TR TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason TR TO-S-2019-0864 Malware Activity
185.123.162.120	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	PL TO-S-2020-0187 Malicious Email Activity
185.125.204.120	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	DE TO-S-2019-0532.01 Malware Activity
185.126.202.234	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Invalid user - Failed Logons (IP=234,IR)
185.126.218.166	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=166,TR)
185.127.10.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
185.127.24.173	24	RB	None	2020-05-20 00:00:00	2020-08-20 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attack (IP=173,RU)
185.128.139.27	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=27,IR)
185.128.24.107	32	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	SG TO-S-2019-0593 Malware Activity
185.128.25.163	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	FR TO-S-2020-0006 Malicious Email Activity
185.128.26.18	24	KF	None	2019-03-13 00:00:00	2020-06-07 00:00:00	None	Signature: Known Attack Tool User Agent (IP=18,HU) | updated by dbc with reason HU TO-S-2019-0723 Malicious Web Application Activity
185.128.40.0	22	jky	None	2016-12-01 06:00:00	2020-01-09 00:00:00	None	CH TO-S-2017-0241 Unauthorized access attempts | updated by jky with reason TO-S-2017-0381 GRIZZLY STEPPE indicators from JAR | updated by RR with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=50,CH)
185.128.41.50	24	RW	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=50,CH)
185.128.80.0	22	dcg	None	2018-08-10 05:00:00	2020-02-24 00:00:00	None	IR TO-S-2018-1027 associated with malicious web application and malware activity | updated by RR with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=80,IR)
185.129.148.165	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - Sourcefire (IP=165,LV)
185.129.2.5	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3604 COLS-NA-TIP-20-0262 (IP=5,AZ)
185.129.2.5	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=5,AZ)
185.129.92.0	22	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AZ TO-S-2019-1036 Malicious Email Activity
185.13.248.0	23	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	UA TO-S-2019-1002 Malicious Web Application Activity
185.13.36.22	24	GM	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=22,FR)
185.13.38.210	24	RR	None	2020-04-30 00:00:00	2020-07-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=210,FR)
185.130.104.231	24	RR	None	2018-03-25 05:00:00	2020-02-21 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (IP=231,RU) | updated by dbc with reason RU TO-S-2019-0430
185.130.144.74	24	RR	None	2018-05-29 05:00:00	2020-01-29 00:00:00	None	Authentication Failed (IP=74,ES) | updated by GM with reason Authentication Failed - Failed Logons (IP=74,ES)
185.130.215.149	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=149,XX)
185.132.53.28	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=28,no ISC data)
185.132.53.31	24	DT	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	DLINK Command Injection - New Exploit URL (IP=31,DE)
185.133.226.0	24	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,IQ)
185.134.120.0	22	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
185.134.21.114	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity
185.134.232.0	22	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	RU TO-S-2019-0409 Malicious Email Activity
185.135.108.203	32	dbc	None	2020-06-30 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=203,TR) | updated by wmp Block expiration extended with reason HIVE Case #3708 TO-S-2020-0766 (IP=203,TR)
185.135.148.0	22	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
185.135.82.191	24	KF	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (1:13990:26) - SourceFire (IP=191,RU)
185.135.82.191	24	KF	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=191,RU)
185.135.88.187	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=187,PL)
185.135.91.203	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	PL TO-S-2019-0816 Malicious Email Activity
185.136.156.118	24	DT	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=118,UK)
185.136.157.77	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=77,DE)
185.136.163.197	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	DE TO-S-2019-0926 Malicious Email Activity
185.139.236.0	22	dcg	None	2018-05-04 05:00:00	2020-03-05 00:00:00	None	AE TO-S-2018-0717 Web Application activity | updated by RR with reason Failed password for invalid user - Failed Logons (IP=20,RS)
185.139.48.130	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=130,IT)
185.139.70.165	32	jkc	None	2020-07-20 00:00:00	2020-10-21 00:00:00	None	hive case # 3387 CTO 20-199 Malicious IP (IP=165,RO)
185.14.104.63	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	FR TO-S-2019-0658 Malicious Email Activity
185.14.232.134	24	RR	None	2020-04-20 00:00:00	2020-07-19 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=134,CZ)
185.14.39.222	32	DT	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	TO-S-2020-0515 / Suspicious traffic - TT# 20C02751 (IP=222,ES)
185.140.232.0	22	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	IR TO-S-2019-0430 Malware Activity
185.140.249.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	AE TO-S-2019-0626.01 Malware Activity
185.140.53.24	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	DE TO-S-2019-0864 Malicious Email Activity
185.141.24.79	24	MLJ	None	2017-01-25 06:00:00	2020-05-10 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=79,RO) | updated by dbc with reason RO TO-S-2019-0658 Malicious Web Application Activity
185.141.26.0	24	ged	None	2016-10-20 05:00:00	2020-05-01 00:00:00	None	FE-Exploit.Kit.Rig (IP=14,NL) | updated by CR with reason PROTOCOL-DNS DNS query amplification attempt (1:28556:2) (IP=7,RO) | updated by dbc with reason RO TO-S-2019-0634 Malware Activity
185.141.26.70	32	dbc	None	2020-08-04 00:00:00	2020-08-04 00:00:00	None	HIVE Case #3470 CTO-20-210 EUCOM JCC SR 100-20 (IP=70,RO)
185.141.61.111	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	BG TO-S-2019-0613 Malware Activity
185.141.63.81	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	BG TO-S-2019-0617 Malware Activity
185.142.153.73	32	GM	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	17031: HTTP: GetSimple CMS File Upload - TT# 20C01689 (IP=73,US)
185.142.239.16	24	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=16,NL)
185.142.49.34	32	RB	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	8316 HTTP Cross Site Scripting (String.fromCharCode) - TT# 20C02831 (IP=34,SK)
185.142.98.41	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	NL TO-S-2019-0972 Malicious Email Activity
185.143.218.110	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NO TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason NO TO-S-2020-0212.01 Malicious Web Application Activity
185.143.221.62	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=62,RU)
185.143.75.67	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Unauthorized Access-Probe - TT# 20C02689 (IP=67,GB)
185.144.28.220	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=220,RU)
185.144.64.0	22	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	IR TO-S-2019-0430 Malware Activity
185.144.82.181	24	RW	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Generic ArcSight scan attempt (IP=181,GB)
185.145.252.0	22	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	IL TO-S-2019-0864 Malware Activity
185.145.253.108	32	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	IL TO-S-2019-0839 Malicious Email Activity
185.145.253.162	32	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	IL TO-S-2019-0839 Malicious Email Activity
185.146.156.58	24	RW	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	UDP: Host Sweep (IP=58,LU)
185.146.157.196	24	BMP	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=196,RU)
185.146.3.92	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=92,KZ)
185.147.14.237	32	wmp	None	2020-08-17 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3600 CTO-20-225 (IP=237,NL)
185.148.147.210	24	ABC	None	2017-12-16 06:00:00	2020-04-04 00:00:00	None	Generic ArcSight scan attempt (IP=210,BG) | updated by dbc with reason BG TO-S-2019-0571 Malicious Web Application Activity
185.148.76.176	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	CH TO-S-2019-0351 Malicious Web Application Activity
185.149.66.0	24	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	RU TO-S-2019-0604 Malware Activity
185.15.172.0	22	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	RU TO-S-2019-0400 Malicious Reconnaissance Activity
185.15.20.219	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	PT TO-S-2019-0546 Malicious Email Activity
185.15.247.140	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	DE TO-S-2019-0358 Malicious Web Application Activity
185.15.247.154	24	wmp	None	2019-07-22 00:00:00	2020-07-29 00:00:00	None	HIVE Case#503 APT34 LinkedIn IOC (IP=154,DE) | updated by dbc with reason DE TO-S-2019-0852 Malicious Email Activity
185.15.88.0	22	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	RU TO-S-2019-0468 Malicious Web Application Activity
185.150.189.23	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=23,US)
185.150.190.103	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - 6hr Web Attacks (IP=103,NL)
185.151.6.252	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=252,AE)
185.153.180.27	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=27,US)
185.153.196.3	24	RB	None	2018-09-24 05:00:00	2020-01-17 00:00:00	None	Authentication Failed (IP=3 MD) | updated by RR with reason Generic ArcSight scan attempt (IP=28,RU)
185.153.197.10	24	RR	None	2018-05-11 05:00:00	2020-01-17 00:00:00	None	ET SCAN Potential SSH Scan (IP=10,MD) | updated by RR with reason Generic ArcSight scan attempt (IP=116,RU)
185.153.198.182	24	RW	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Generic ArcSight scan attempt (IP=182,RU)
185.153.199.14	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=14,RU)
185.153.199.225	32	dbc	None	2020-08-04 00:00:00	2020-08-04 00:00:00	None	HIVE Case #3470 CTO-20-210 EUCOM JCC SR 101-20 (IP=225,MD)
185.153.45.191	24	RW	None	2020-01-16 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=191,RU) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=191,RU)
185.154.130.188	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=188,TR)
185.156.1.99	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logon (IP=99,RU)
185.156.173.45	24	RB	None	2017-10-01 05:00:00	2020-05-06 00:00:00	None	SQL use of sleep function with select - likely SQL injection (IP=45,FR) | updated by dbc with reason FR TO-S-2019-0640.01 Malware Activity
185.156.176.0	22	dcg	None	2018-05-24 05:00:00	2020-04-11 00:00:00	None	RU TO-S-2018-0786 Malicious web application activity | updated by CR with reason OS-WINDOWS Microsoft Windows Terminal server | updated by GM with reason ABC Generic ArcSight scan attempt (IP=252,NL) | updated by CW with reason OS-WINDOWS Microsoft
185.156.177.252	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=252,NL)
185.156.67.44	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	GB TO-S-2019-0890.01 Malicious Email Activity
185.156.73.42	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=42,no ISC data)
185.157.170.41	24	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	Authentication Failed - Failed Logons (IP=41,SE)
185.157.247.158	24	RR	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	UDP: Host Sweep (IP=158,FR)
185.157.63.49	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malicious Web Application Activity
185.157.63.49	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity
185.158.115.153	24	RR	None	2017-05-03 05:00:00	2020-04-17 00:00:00	None	ET SCAN Potential SSH Scan (IP=153,RU) | updated by dbc with reason RU TO-S-2019-0604 Malware Activity
185.158.140.143	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IT TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason IT TO-S-2020-0212.01 Malicious Web Application Activity
185.158.172.3	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=3,IR)
185.158.248.0	22	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	RO TO-S-2020-0056 Malicious Web Application Activity
185.158.250.46	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	GB TO-S-2019-0613 Malware Activity
185.158.28.20	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	IT TO-S-2019-0852 Malicious Email Activity
185.16.204.65	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	GB TO-S-2019-0952 Malicious Email Activity
185.16.44.132	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	FR TO-S-2019-0351 Malicious Email Activity
185.16.85.155	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	GB TO-S-2020-0109.01 Application Vulnerability Exploit
185.160.31.59	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	TR TO-S-2019-0658 Malware Activity
185.161.209.121	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	NL TO-S-2019-0613 Malware Activity
185.161.209.147	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	NL TO-S-2019-0358 Malicious Web Application Activity
185.161.209.157	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NL TO-S-2019-0626.01 Malware Activity
185.161.209.57	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	NL TO-S-2019-0890.01 Malicious Email Activity
185.161.210.203	24	RW	None	2020-05-31 00:00:00	2020-09-03 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1) - Sourcefire (IP=203,NL) | updated by RW Block expiration extended with reason FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mo
185.161.210.25	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	NL TO-S-2019-0890.01 Malicious Email Activity
185.161.211.86	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NL TO-S-2019-0626.01 Malware Activity
185.162.11.80	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	NL TO-S-2019-0658 Malware Activity
185.162.12.0	22	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	RU TO-S-2019-0658 Malware Activity
185.162.131.92	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	NL TO-S-2019-0468 Malware Activity
185.162.171.35	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	ES TO-S-2019-0351 Malicious Email Activity
185.162.235.163	24	GM	None	2019-06-27 00:00:00	2020-09-13 00:00:00	None	Authentication Failed - Failed Logons (IP=163,NL) | updated by dbc with reason NL TO-S-2019-0890.01 Malicious Email Activity | updated by dbc with reason NL TO-S-2019-0985 Application Vulnerability Exploit
185.163.124.155	32	RB	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	Unauthorized Access-Probe - TT# 20C02378 (IP=155,FR)
185.163.124.247	32	dbc	None	2020-08-04 00:00:00	2020-08-04 00:00:00	None	HIVE Case #3470 CTO-20-210 EUCOM JCC SR 100-20 (IP=247,FR)
185.163.127.8	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=8,FR)
185.164.72.241	24	RW	None	2019-12-19 00:00:00	2020-03-19 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - Sourcefire (IP=241,NL)
185.164.72.96	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malicious Web Application Activity
185.165.168.168	24	GM	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=168,IS)
185.165.184.0	22	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	RO TO-S-2019-0640.01 Malicious Email Activity
185.165.190.34	24	BMP	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - SourceFire (IP=34,SP)
185.165.40.0	24	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	IR TO-S-2019-0420 Malicious Email Activity
185.167.160.1	22	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	UA TO-S-2019-0723 Malicious Web Application Activity
185.169.40.0	22	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	SE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason SE TO-S-2020-0212.01 Malicious Web Application Activity
185.169.99.26	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=26,PT)
185.17.138.33	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	TR TO-S-2019-0890.01 Malicious Email Activity
185.17.27.103	32	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	GB TO-S-2019-0515 Malware Activity
185.171.184.0	22	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	Corrected by TO-S-2019-613; Was RO TO-S-2019-0608 Malicious Email Activity
185.171.91.142	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	TR TO-S-2019-0747 Malware Activity
185.172.110.203	24	GM	None	2017-07-26 05:00:00	2020-08-06 00:00:00	None	Custom Encrypted Files (203,NL) | updated by dcg with reason NL TO-S-2018-0756 Malicious web application activity | updated b | updated by dbc with reason NL TO-S-2019-0864 Malicious Email Activity
185.172.110.223	24	DT	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt - SourceFire (IP=223,NL)
185.172.111.199	32	RW	None	2020-05-19 00:00:00	2020-08-17 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02853 (IP=199,NL)
185.172.111.210	24	GM	None	2020-08-12 00:00:00	2020-11-12 00:00:00	None	SERVER-WEBAPP Dell SonicWall GMS set_time_config XMLRPC method command injection attempt - Sourcefire (IP=210,NL)
185.173.26.195	32	RB	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03768 (IP=195,NL)
185.173.26.236	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	DE TO-S-2019-0358 Malicious Web Application Activity
185.173.35.57	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=57,GB)
185.174.172.0	22	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	UA TO-S-2019-0363.01 Malicious Email Activity
185.175.25.53	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=53,NL)
185.175.93.101	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=101,ES)
185.176.220.0	22	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	LV TO-S-2020-0031 Malicious Email Activity
185.176.27.136	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	RU TO-S-2019-0400 Malicious Email Activity
185.177.0.10	24	KF	None	2019-04-10 00:00:00	2020-01-19 00:00:00	None	APP-DETECT failed FTP login attempt (1:13360:6) (IP=10,TK) | updated by KF with reason Generic ArcSight scan attempt (IP=238,RU)
185.177.59.117	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	BG TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason BG TO-S-2019-0864 Malware Activity
185.177.59.240	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	BG TO-S-2020-0056 Malicious Web Application Activity
185.177.59.70	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	BG TO-S-2019-0890.01 Malicious Email Activity
185.177.59.77	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	BG TO-S-2019-0747 Malware Activity
185.179.24.33	24	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=332,TR)
185.180.199.29	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malware Activity
185.181.10.35	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	DE TO-S-2019-0551.02 Malicious Email Activity
185.181.164.242	24	KF	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=242,UA)
185.181.209.101	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	TR TO-S-2019-0613 Malware Activity
185.181.209.133	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	TR TO-S-2019-1002 Malicious Email Activity
185.181.209.237	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	TR TO-S-2019-0723 Malicious Email Activity
185.181.209.38	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	TR TO-S-2019-0613 Malware Activity
185.181.209.42	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	TR TO-S-2019-0631 Malware Activity
185.181.209.48	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	TR TO-S-2019-0613 Malware Activity
185.181.209.66	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	TR TO-S-2019-0613 Malware Activity
185.181.209.69	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	TR TO-S-2019-0613 Malware Activity
185.181.210.219	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	TR TO-S-2019-0613 Malware Activity
185.181.210.253	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	TR TO-S-2019-0613 Malware Activity
185.181.49.34	24	RR	None	2020-01-18 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=34,MD) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=34,MD) | updated by KF with reason SERVER-WEBAPP MVPower
185.181.8.252	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NL TO-S-2019-0626.01 Malware Activity
185.182.56.209	24	YM	None	2018-05-18 05:00:00	2020-09-13 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=129,MX) | updated by dbc with reason NL TO-S-2019-0351 Malicious Email Activity | updated by dbc with reason NL TO-S-2019-0952 Malware Activity | updated by dbc with reason NL TO-S-2019-0972 Malware Acti
185.182.57.105	24	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=105,NL)
185.182.57.46	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	NL TO-S-2019-0972 Malware Activity
185.182.57.6	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	NL TO-S-2019-0468 Malicious Email Activity
185.182.57.79	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=79,NL)
185.183.104.83	24	RW	None	2020-04-28 00:00:00	2020-07-28 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Sourcefire (IP=83,CH)
185.183.105.185	32	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C00479 (IP=185,IT)
185.183.107.182	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SQL union select - possible sql injection attempt - POST parameter - Sourcefire (IP=182,AT)
185.183.120.29	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user - Failed Logons (IP=29,BY)
185.183.9.6	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	CZ TO-S-2019-0604 Malware Activity
185.183.96.0	22	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	RO TO-S-2019-0626.01 Malware Activity
185.185.25.175	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	DE TO-S-2019-0890.01 Malicious Email Activity
185.186.141.118	24	GM	None	2020-09-16 00:00:00	2020-12-16 00:00:00	None	SQL generic convert injection attempt - GET parameter - Web Attacks (IP=118,RU)
185.186.79.163	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	DK TO-S-2019-0658 Malware Activity
185.187.172.223	24	RR	None	2020-04-18 00:00:00	2020-07-17 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=223,IT)
185.188.182.0	24	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	RU TO-S-2019-0604 Malware Activity
185.188.183.194	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=194,RU)
185.189.112.152	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=152,DE)
185.189.112.228	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=228,DE)
185.189.112.228	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=228,DE)
185.189.113.83	32	GM	None	2019-02-27 00:00:00	2020-06-18 00:00:00	None	Known Attack Tool User Agent 19C01202 (IP=83,US) | updated by dbc with reason FR TO-S-2019-0747 Malware Activity
185.189.115.108	32	RW	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03255 (IP=108,CZ)
185.189.148.0	22	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	CH TO-S-2019-0800 Malicious Email Activity
185.19.190.77	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,ES)
185.190.132.11	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logon (IP=11,AL)
185.191.246.26	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=26,PL)
185.192.112.0	22	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	IR TO-S-2020-0190 Malicious Email Activity
185.193.140.0	22	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	RU TO-S-2019-0634 Malware Activity
185.193.38.91	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	DE TO-S-2019-0723 Malicious Web Application Activity
185.194.140.31	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=31,DE)
185.195.236.146	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	GB TO-S-2019-0508 Malicious Email Activity
185.195.254.203	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=203,TR)
185.195.26.111	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=111,RU)
185.197.74.0	24	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	RU TO-S-2019-0468 Malicious Web Application Activity
185.197.75.223	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
185.198.189.119	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	GB TO-S-2020-0187 Malicious Email Activity
185.198.59.171	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=171,NL)
185.199.109.153	32	NAB	None	2020-10-30 00:00:00	2020-12-09 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=153,US) | Unblock per INC000008076559
185.199.26.162	24	KF	None	2019-08-29 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (IP=162,) | updated by RWB Block was inactive. Reactivated on 20200101 with reason Attempted Administrator Privilege Gain - SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code
185.2.140.155	24	RB	None	2019-01-18 00:00:00	2020-04-25 00:00:00	None	Failed password for invalid user(IP=155,DE) | updated by GM Block was inactive. Reactivated on 20200125 with reason Failed password - Failed Logons (IP=155,DE)
185.2.31.46	24	RB	None	2017-02-25 06:00:00	2020-01-29 00:00:00	None	SMTP_COMMAND_OVERFLOW (IP=46,NL) | updated by GM with reason Failed password - Failed Logons (IP=10,NL)
185.2.4.109	24	MLJ	None	2017-11-01 05:00:00	2020-08-06 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=109,IT) | updated by dcg with reason IT TO-S-2018-0998 associated with malicio | updated by dbc with reason IT TO-S-2019-0864 Malicious Email Activity
185.2.81.90	24	ABC	None	2018-01-06 06:00:00	2020-06-18 00:00:00	None	Generic ArcSight scan attempt (IP=90,NL) | updated by dbc with reason NL TO-S-2019-0747 Malware Activity
185.20.187.92	24	RR	None	2017-07-22 05:00:00	2020-03-21 00:00:00	None	ET SCAN Potential VNC Scan 5900-5920 (IP=92,UA ) | updated by kmw with reason NL TO-S-2019-0358 Malicious Web Application Act
185.201.11.123	32	dbc	None	2019-02-22 00:00:00	2020-10-17 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity | updated by wmp Block was inactive. Reactivated on 20200717 with reason HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=123,US)
185.201.11.148	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
185.201.11.88	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=88,)
185.201.113.111	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=111,PL)
185.201.16.58	32	wmp	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	HIVE Case #3755 COLS-NA-TIP-20-0278 (IP=58,FR)
185.201.38.68	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=68,BU)
185.202.1.217	24	RW	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - Sourcefire (IP=217,FR)
185.202.103.29	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=29,JP)
185.202.174.31	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	Unaffiliated TO-S-2019-0608 Malware Activity
185.202.174.41	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	Unaffiliated TO-S-2019-0617 Malware Activity
185.202.174.44	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	JP TO-S-2019-0617 Malware Activity
185.202.174.80	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	Unaffiliated TO-S-2019-0617 Malware Activity
185.202.174.84	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	Unaffiliated TO-S-2019-0617 Malware Activity
185.202.174.91	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	Unaffiliated TO-S-2019-0617 Malware Activity
185.202.2.35	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=35,NL)
185.202.212.0	22	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
185.202.243.95	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=95,TR)
185.202.3.113	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	FR TO-S-2019-0430 Malware Activity
185.203.116.21	24	JKC	None	2017-11-16 06:00:00	2020-01-25 00:00:00	None	TIP-1180 (IP=21, BG) | updated by jky with reason MY TO-S-2018-0193 Web application activity | updated by kmw with reason BG
185.203.170.234	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	TR TO-S-2019-0409 Malicious Email Activity
185.204.175.26	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed - 6hr Logon (IP=26,FR)
185.206.224.248	24	RW	None	2020-05-23 00:00:00	2020-08-23 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=248,DK)
185.207.154.16	24	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=16,EE)
185.207.30.0	23	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	SA TO-S-2020-0031 Malicious Email Activity
185.207.57.123	24	KF	None	2020-01-20 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=123,) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=123,TR)
185.208.164.151	24	wmp	None	2018-09-27 05:00:00	2020-02-04 00:00:00	None	COLS-NA TIP 18-0355 (IP=151,PL) | updated by dcg with reason PL TO-S-2018-1191 Spear Phishing associated with malicious email
185.208.209.70	24	ABC	None	2018-06-09 05:00:00	2020-06-07 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=70,XX) | updated by dbc with reason NL TO-S-2019-0723 Malicious Email Activity
185.209.0.76	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=76,LV)
185.209.160.0	22	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	RU TO-S-2019-0351 Malicious Email Activity
185.209.162.60	32	GM	None	2020-07-11 00:00:00	2020-10-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03430 (IP=60,NL)
185.209.196.144	32	BMP	None	2020-07-20 00:00:00	2020-10-18 00:00:00	None	Self Report/IP Block Request - TT# 20C03509 (IP=144,US)
185.209.29.215	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=215,RU)
185.21.109.11	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	GB TO-S-2020-0065 Malicious Email Activity
185.21.168.1	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	INDICATOR-COMPROMISE Suspicious .ml dns query (IP=1,NL)
185.21.169.1	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	INDICATOR-COMPROMISE Suspicious .ml dns query (IP=1,NL)
185.21.170.1	24	BP	None	2019-11-21 00:00:00	2020-06-24 00:00:00	None	INDICATOR-COMPROMISE Suspicious .ml dns query (IP=1,NL) | updated by DT Block was inactive. Reactivated on 20200326 with reason SMBv1 opord 2016-191F9 sid:1000011 - SourceFire (IP=1,NL)
185.21.171.1	24	wmp	None	2016-08-17 05:00:00	2020-02-21 00:00:00	None	Suspicious .ml dns query (IP=1,NL) | updated by jkc with reason INDICATOR-COMPROMISE Suspicious .ml dns query (IP=1,NL) | up | updated by BP Block was inactive. Reactivated on 20191121 with reason INDICATOR-COMPROMISE Suspicious .ml dns query (IP=1,NL
185.21.249.234	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=234,IT)
185.210.217.227	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	BE TO-S-2019-0952 Malicious Web Application Activity
185.210.217.228	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	BE TO-S-2019-0952 Malicious Web Application Activity
185.210.217.229	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	BE TO-S-2019-0952 Malicious Web Application Activity
185.210.217.230	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	BE TO-S-2019-0952 Malicious Web Application Activity
185.211.244.0	22	dbc	None	2018-12-26 06:00:00	2020-02-20 00:00:00	None	RU TO-S-2019-0263 Malware Activity | updated by dbc with reason RU TO-S-2019-0420 Malware Activity
185.211.48.40	32	RB	None	2020-08-23 00:00:00	2020-11-21 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03753 (IP=40,CN)
185.211.48.58	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=58,NL)
185.212.128.199	24	GLM	None	2018-07-08 05:00:00	2020-08-06 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=199,NL) | updated by GLM with reason PROTOCOL-DNS DNS query amplification att | updated by dbc with reason NL TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason NL TO-S-2019-0864 Malw
185.212.129.33	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	NL TO-S-2019-0634 Malicious Email Activity
185.212.129.85	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Invalid user - Failed Logon (IP=85,RU)
185.212.170.163	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt - Web Attacks (IP=170,CH)
185.212.171.68	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NL TO-S-2020-0006 Malicious Email Activity
185.212.192.0	22	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	IR TO-S-2019-0430 Malware Activity
185.213.155.170	24	GM	None	2019-08-20 00:00:00	2020-09-10 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=170,DE) | updated by dbc with reason DE TO-S-2019-0972 Malicious Web Application Activity
185.213.166.0	24	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	IR TO-S-2020-0006 Malicious Email Activity
185.214.165.113	24	RW	None	2020-08-18 00:00:00	2020-11-18 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Sourcefire (IP=113,DK)
185.216.117.129	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=,HK)
185.216.119.41	24	DT	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=41,HK)
185.216.140.108	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	NL TO-S-2019-1036 Malicious Web Application Activity
185.216.140.240	24	RW	None	2020-07-19 00:00:00	2020-10-19 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=240,NL)
185.216.140.37	24	ABC	None	2018-04-20 05:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=37 XX) | updated by dcg with reason NL TO-S-2018-1186 associated with malicious web activit | updated by RR with reason Generic ArcSight scan attempt (IP=180,no ISC data)
185.216.140.94	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malicious Web Application Activity
185.216.212.58	24	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	UDP: Host Sweep - Automated Block Calculations (IP=58,DE)
185.216.215.5	24	RW	None	2020-05-31 00:00:00	2020-08-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=5,DE)
185.216.32.170	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Generic ArcSight scan attempt (IP=170,GB)
185.216.34.236	24	DT	None	2020-07-05 00:00:00	2020-10-03 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03372 (IP=236,AT)
185.217.0.0	22	dcg	None	2018-05-01 05:00:00	2020-01-19 00:00:00	None	SE TO-S-2018-0708 DNS Cache Poisoning/IP Block | updated by GM with reason ABC Generic ArcSight scan attempt (IP=239,SE)
185.217.232.144	24	RR	None	2020-01-20 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=144,CZ) | updated by RB Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=144 CZ)
185.217.95.14	24	GM	None	2019-01-29 00:00:00	2020-06-27 00:00:00	None	Phish.URL (IP=14,NL) | updated by dbc with reason NL TO-S-2019-0781 Malicious Email Activity
185.218.234.38	32	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	CA TO-S-2019-0593 Malicious Email Activity
185.219.132.98	24	ABC	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=98,TR)
185.219.133.138	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	TR TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason TR TO-S-2020-0212.01 Malware Activity
185.219.133.71	24	CR	None	2019-02-19 00:00:00	2020-01-31 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=71,TR) | updated by RR with reason Generic ArcSight scan attempt (IP=125,TR)
185.219.221.151	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=151,DE)
185.220.100.253	24	RR	None	2020-07-14 00:00:00	2020-10-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=253,DE)
185.220.101.48	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity
185.220.101.50	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity
185.220.101.61	24	GM	None	2019-08-12 00:00:00	2020-09-10 00:00:00	None	Authentication Failed - Failed Logons (IP=61,DE) | updated by dbc with reason DE TO-S-2019-0972 Malware Activity
185.220.101.65	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity
185.220.101.66	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity
185.220.101.68	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity
185.220.101.70	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity
185.220.103.7	24	RR	None	2020-07-14 00:00:00	2020-10-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=7,DE)
185.220.204.188	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=188,GB)
185.220.70.165	32	KF	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Immediate Inbound Network Block - TT# 20C01098 (IP=165,US)
185.220.70.198	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	Failed password_Failed Logon (IP=98,DE)
185.220.70.202	32	RR	None	2019-04-01 00:00:00	2020-04-16 00:00:00	None	Possible SQLi attempt - TT# 19C01844 (IP=202,DE) | updated by dbc with reason DE TO-S-2019-0593 Malicious Reconnaissance Activ
185.221.134.178	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=178,US)
185.221.202.35	32	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	NL TO-S-2020-0077 Malware Activity
185.221.216.3	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
185.221.69.0	24	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	IN TO-S-2019-0952 Malware Activity
185.222.209.36	24	ABC	None	2018-07-09 05:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=36,XX) | updated by GM with reason Known Attack Tool User Agent TT# 19C00301 (IP=222,GB) | updated by RR with reason performing traffic against HRC IP space - TT# 19C03275 (IP=222,GB) | updated by CR with reason SQL
185.222.211.54	24	MLJ	None	2018-05-17 05:00:00	2020-04-22 00:00:00	None	ET WEB_SERVER Possible SQL Injection Attempt UNION SELECT (IP=54,GB) | updated by dcg with reason GB TO-S-2018-1186 associate
185.222.57.0	24	wmp	None	2020-09-11 00:00:00	2020-12-11 00:00:00	None	HIVE Case #3842 CTO-20-023 (IP=0,NL)
185.222.57.183	24	DT	None	2020-08-30 00:00:00	2020-11-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=183,NL)
185.222.57.242	24	ABC	None	2018-06-05 05:00:00	2020-04-29 00:00:00	None	Generic ArcSight scan attempt | updated by KF with reason 8316: HTTP: Cross Site Scripting (String.fromCharCode) (IP=141,US)
185.223.163.26	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	EE TO-S-2019-0351 Malware Activity
185.223.164.48	24	CW	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web attacks (IP=48,RU)
185.223.165.82	24	DT	None	2020-06-14 00:00:00	2020-09-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=82,HK)
185.224.103.171	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=171,AL)
185.224.132.111	24	RR	None	2018-05-25 05:00:00	2020-08-06 00:00:00	None	ET SCAN Tomcat Auth Brute Force attempt (admin) (IP=111,NL) | updated by dbc with reason NL TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason NL TO-S-2019-0864 Malware Activity
185.224.135.149	32	RB	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Unauthorized Access-Probe - TT# 20C00521 (IP=149,NL)
185.224.138.131	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	NL TO-S-2020-0056 Malicious Email Activity
185.224.138.154	24	RB	None	2019-06-21 00:00:00	2020-09-10 00:00:00	None	SQL use of sleep function with and - likely SQL injection_Sourcefire (IP=154,NL) | updated by dbc with reason NL TO-S-2019-0952 Malicious Email Activity | updated by dbc with reason NL TO-S-2019-0972 Malicious Email Activity
185.224.138.8	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	NL TO-S-2019-0400 Malicious Email Activity
185.224.168.58	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00133 (IP=58,NL)
185.224.169.162	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malicious Web Application Activity
185.224.169.162	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity
185.225.16.0	22	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	RO TO-S-2019-0515 Malware Activity
185.225.16.30	32	dbc	None	2019-03-13 00:00:00	2020-03-13 00:00:00	None	NL TO-S-2019-0492 Malware Activity
185.225.226.16	32	dbc	None	2020-08-04 00:00:00	2020-08-04 00:00:00	None	HIVE Case #3470 CTO-20-210 EUCOM JCC SR 101-20 (IP=16,SE)
185.225.28.0	24	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	MK TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason MK TO-S-2020-0212.01 Malicious Web Application Activity
185.225.36.93	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	TR TO-S-2019-0890.01 Malicious Email Activity
185.226.160.22	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	TR TO-S-2020-0047 Malicious Email Activity
185.226.196.61	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	TR TO-S-2019-0972 Malicious Email Activity
185.226.202.57	24	GM	None	2020-07-05 00:00:00	2020-10-05 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=57,NO)
185.227.108.35	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NL TO-S-2019-0626.01 Malware Activity
185.227.111.117	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Failed password - Failed Logons (IP=117,NL)
185.227.154.19	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0212.01 Malicious Web Application Activity
185.227.154.19	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity
185.227.68.0	24	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	FI TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason FI TO-S-2020-0212.01 Malicious Web Application Activity
185.227.68.214	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	GB TO-S-2020-0187 Malicious Email Activity
185.227.82.68	32	dbc	None	2019-03-13 00:00:00	2020-03-13 00:00:00	None	NL TO-S-2019-0492 Malware Activity
185.228.82.65	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	NL TO-S-2019-0420 Malicious Email Activity
185.228.83.25	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	NL TO-S-2019-0831 Malicious Email Activity
185.228.83.47	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	NL TO-S-2019-0723 Malicious Email Activity
185.23.122.11	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	ES TO-S-2019-0409 Malware Activity
185.23.214.188	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3630 CTO-20-231 (IP=188,NL)
185.230.124.54	32	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Immediate Inbound Network Block - TT# 20C00939 (IP=54,US)
185.230.126.13	32	RR	None	2020-09-19 00:00:00	2020-12-18 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - SourceFire (IP=13,US)
185.230.127.228	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	DE TO-S-2019-0400 Malware Activity
185.230.60.169	32	dbc	None	2018-12-17 06:00:00	2020-11-22 00:00:00	None	US TO-S-2019-0245 Malicious Email Activity | updated by wmp Block was inactive. Reactivated on 20200820 with reason HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=169,US) | updated by wmp Block expiration extended with reason HIVE Case #3623 COLS-NA-TIP-20-02
185.230.60.185	32	dbc	None	2018-12-03 06:00:00	2020-11-24 00:00:00	None	IL TO-S-2019-0187 Malicious Email Activity | updated by wmp Block was inactive. Reactivated on 20200707 with reason HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=185,US) | updated by wmp Block expiration extended with reason HIVE Case #3601 CO
185.230.60.69	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malicious Email Activity
185.230.61.177	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	NL TO-S-2020-0056 Malicious Email Activity
185.230.61.185	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	Unaffiliated TO-S-2019-0400 Malicious Email Activity
185.230.62.185	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	IE TO-S-2019-0634 Malicious Email Activity
185.231.154.0	24	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	RU TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason RU TO-S-2019-0864 Malware Activity
185.231.88.8	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=8,FL)
185.232.21.122	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	BE TO-S-2019-0831 Malicious Email Activity
185.232.21.26	32	kmw	None	2018-11-30 06:00:00	2020-05-23 00:00:00	None	BE TO-S-2019-0184 Malicious Web Application Activity | updated by RR Block was inactive. Reactivated on 20200223 with reason Known Attack Tool User Agent/UDS-OpenVAS_RC8766 - TT# 20C01809 (IP=26,BE)
185.232.21.29	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	Known Attack Tool User Agent V2/UDS-OpenVAS_RC8766 - TT# 20C02496 (IP=29,BE)
185.232.28.194	24	RR	None	2018-05-26 05:00:00	2020-06-18 00:00:00	None	ET SCAN Suspicious inbound to PostgreSQL port 5432 (IP=194,EE) | updated by dbc with reason EE TO-S-2019-0747 Malicious Email Activity
185.232.30.130	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	TCP: SYN Host Sweep (IP=130,EE)
185.232.52.64	24	CR	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=64,RU)
185.232.65.105	32	GM	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03620 (IP=105,RO)
185.232.65.111	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=111,RO)
185.232.65.171	32	RR	None	2020-06-30 00:00:00	2020-09-28 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03331 (IP=171,EU)
185.232.65.36	24	BMP	None	2020-09-08 00:00:00	2020-12-08 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03858 (IP=36,RO)
185.233.181.30	24	GM	None	2020-03-08 00:00:00	2020-06-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=30,AZ)
185.233.185.189	24	GM	None	2019-11-13 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logons (IP=189,GB)
185.234.176.17	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=17,UA)
185.234.216.181	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	IE TO-S-2019-0658 Malware Activity
185.234.216.19	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=19,IE)
185.234.216.232	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	IE TO-S-2019-0658 Malware Activity
185.234.216.251	32	GM	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	Known Attack Tool User Agent V2 / UDS-Hydra_RC8766 - TT# 20C03586 (IP=251,IE)
185.234.217.220	24	RR	None	2018-05-15 05:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=220,IE) | updated by dcg with reason IE TO- | updated by dbc with reason IE TO-S-2019-0952 Malware Activity
185.234.218.68	24	ABC	None	2018-05-30 05:00:00	2020-05-10 00:00:00	None	Generic ArcSight scan attempt (IP=68,XX) | updated by dbc with reason IE TO-S-2019-0658 Malware Activity
185.234.219.235	24	alj	None	2018-11-12 06:00:00	2020-09-02 00:00:00	None	2RCC Immediate Inbound Network Block - TT# 19C00348 (ip=235,il) | updated by GM with reason HTTP: Joomla HTTP Header Unauthent | updated by dbc with reason IE TO-S-2019-0952 Malicious Email Activity
185.234.24.0	22	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,RU)
185.234.73.250	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	PL TO-S-2019-0747 Malware Activity
185.234.73.74	32	dbc	None	2019-03-13 00:00:00	2020-03-13 00:00:00	None	EE TO-S-2019-0492 Malware Activity
185.234.73.9	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	PL TO-S-2019-0734.01 Malicious Email Activity
185.235.15.230	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malware Activity
185.235.236.198	32	dbc	None	2019-09-19 00:00:00	2020-11-18 00:00:00	None	DE TO-S-2019-1002 Malicious Email Activity | updated by wmp Block expiration extended with reason HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=198,DE) | updated by wmp Block expiration extended with reason HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=198,DE)
185.235.236.199	32	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	DE TO-S-2020-0077 Malicious Email Activity
185.236.202.0	24	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	AT TO-S-2020-0006 Malware Activity
185.236.202.147	32	wmp	None	2020-08-17 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3600 CTO-20-225 (IP=147,AT)
185.236.203.112	32	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	DK TO-S-2019-0593 Malware Activity
185.236.203.145	32	dbc	None	2019-03-21 00:00:00	2020-03-26 00:00:00	None	DK TO-S-2019-0515 Malware Activity | updated by dbc with reason DK TO-S-2019-0532.01 Phishing Activity
185.236.203.50	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DK TO-S-2020-0056 Malicious Email Activity
185.236.203.53	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	DK TO-S-2019-0409 Malware Activity
185.236.42.43	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	SE TO-S-2019-0723 Malicious Web Application Activity
185.236.76.35	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NL TO-S-2019-0626.01 Malware Activity
185.236.76.59	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NL TO-S-2019-0626.01 Malware Activity
185.236.76.80	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NL TO-S-2019-0626.01 Malware Activity
185.236.77.17	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NL TO-S-2019-0626.01 Malware Activity
185.236.77.75	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NL TO-S-2019-0626.01 Malware Activity
185.236.78.217	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NL TO-S-2019-0626.01 Malware Activity
185.236.78.63	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NL TO-S-2019-0626.01 Malware Activity
185.237.147.216	24	GM	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=216,DE)
185.237.179.99	32	RR	None	2020-09-10 00:00:00	2020-12-10 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03871 (IP=99,DE)
185.239.227.83	24	CR	None	2019-01-03 06:00:00	2020-02-21 00:00:00	None	Illegal user (IP=83,NL) | updated by dbc with reason NL TO-S-2019-0430 Malicious Web Application Activity
185.239.237.65	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	DE TO-S-2019-0571 Malicious Email Activity
185.239.242.194	32	GM	None	2020-09-05 00:00:00	2020-12-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT # 20C03839 (IP=194,NL)
185.239.242.207	32	FT	None	2020-09-19 00:00:00	2020-12-19 00:00:00	None	Unauthorized Access-Probe/ UDP: Host Sweep - TT# 20C03943 (IP=207,NL)
185.24.218.6	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	PL TO-S-2019-0420 Malicious Email Activity
185.24.68.247	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=247,IT)
185.24.69.6	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=6,IT)
185.24.98.18	24	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=18,UK)
185.240.96.173	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=173,PO)
185.242.6.28	32	CR	None	2019-12-04 00:00:00	2020-01-04 00:00:00	None	Self Report / HTTP Request Attack - TT# 20C01082 (IP=28,US)
185.243.114.121	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	DE TO-S-2019-0864 Malware Activity
185.243.114.165	32	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	NL TO-S-2019-0515 Malware Activity
185.243.115.90	32	dbc	None	2020-08-04 00:00:00	2020-08-04 00:00:00	None	HIVE Case #3470 CTO-20-210 EUCOM JCC SR 101-20 (IP=90,NL)
185.243.242.51	24	RWB	None	2019-10-24 00:00:00	2020-01-23 00:00:00	None	HTTP: SQL Injection Attempt Detected - WebAttacks (IP=51,DE) | updated by CW Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=51,DE)
185.243.242.59	32	KF	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	Immediate Inbound Network Block - TT# 20C01297 (IP=59,US)
185.243.77.10	24	BMP	None	2020-05-02 00:00:00	2020-08-01 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=10,AE) | updated by KF Block expiration extended with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=10,)
185.244.12.0	22	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	FK TO-S-2019-0890.01 Malicious Email Activity
185.244.167.52	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user (IP= 52 , DE )
185.244.212.67	32	CR	None	2019-12-04 00:00:00	2020-01-04 00:00:00	None	Self Report / HTTP Request Attack - TT# 20C01082 (IP=67,US)
185.244.214.194	32	GM	None	2019-02-28 00:00:00	2020-04-17 00:00:00	None	Known Attack Tool User Agent 19C01213 (IP=194,US) | updated by dbc with reason PL TO-S-2019-0604 Malware Activity
185.244.216.192	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
185.244.218.238	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
185.244.25.191	24	ABC	None	2018-05-13 05:00:00	2020-09-02 00:00:00	None	Generic ArcSight scan attempt (IP=191 XX) | updated by RB with reason DLINK Command Injection - New Exploit URL (IP=200,RU) | | updated by dbc with reason NL TO-S-2019-0952 Malware Activity
185.244.31.137	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	DE TO-S-2019-0769 Malicious Email Activity
185.244.39.109	32	RR	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03787 (IP=109,NL)
185.244.39.152	32	KF	None	2020-05-29 00:00:00	2020-08-27 00:00:00	None	Known Attack Tool User Agent V2 / HTTP: SqlMap SQL Injection - TT# 20C02992 (IP=152,NL)
185.244.39.76	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=76,NL)
185.245.41.1	24	BMP	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=1,FR)
185.245.85.178	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	SK TO-S-2019-1036 Malicious Web Application Activity
185.245.85.229	32	RB	None	2019-07-19 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent - TT# 19C02611 (IP=229,SK) | updated by dbc with reason SK TO-S-2019-0864 Malicious Email Activity
185.245.85.242	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	SK TO-S-2020-0187 Malicious Email Activity
185.246.128.0	22	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	SE TO-S-2020-0187 Malware Activity
185.246.130.7	24	ABC	None	2018-05-20 05:00:00	2020-02-12 00:00:00	None	Generic ArcSight scan attempt (IP=7,SE) | updated by GM with reason ABC Command Injection Attempt (IP=16,SE) | updated by GM with reason SERVER-WEBAPP CCTV-DVR command injection attempt - Web Attacks (IP=16,SE)
185.246.155.147	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Authentication Failed (IP= 147 , NL )
185.247.143.56	24	jkc	None	2020-07-01 00:00:00	2020-10-01 00:00:00	None	HIVE Case #3146 CTO-20-172 (IP=56,RU)
185.247.181.7	24	KF	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01762 (IP=7,CN)
185.247.208.0	22	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	UA TO-S-2019-0515 Malware Activity
185.248.140.6	24	KF	None	2018-09-05 05:00:00	2020-03-21 00:00:00	None	Illegal user (IP=6,) | updated by RR with reason Unauthorized Access-Probe - TT# 19C00996(IP=102,DE) | updated by dbc with re
185.248.161.177	24	RR	None	2020-09-25 00:00:00	2020-12-25 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Web Attacks (IP=177,NL)
185.248.196.38	24	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=38, RO) | updated by dbc with reason RO TO-S-2019-0626.01 Malicious Email Activity
185.25.204.136	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=136,IT)
185.25.253.3	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	IS TO-S-2019-0800 Malicious Email Activity
185.250.205.155	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
185.251.39.30	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	NL TO-S-2019-0430 Malware Activity
185.251.39.64	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malicious Web Application Activity
185.251.45.48	24	RR	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=48,PL)
185.253.217.208	24	DT	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=208,UA)
185.253.250.161	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=161,GB)
185.253.96.200	24	RR	None	2018-11-16 06:00:00	2020-04-16 00:00:00	None	Illegal user (IP=200,NL) | updated by dbc with reason NL TO-S-2019-0593 Malware Activity
185.254.11.228	24	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=228,FR)
185.254.120.6	24	KF	None	2018-10-14 05:00:00	2020-01-29 00:00:00	None	Failed keyboard-interactive (IP=6,) | updated by GM with reason ABC Generic ArcSight scan attempt (IP=12,US)
185.254.68.171	32	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=171,US)
185.254.68.84	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	NL TO-S-2019-0723 Malicious Web Application Activity
185.254.98.166	24	BMP	None	2020-05-02 00:00:00	2020-07-31 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=166,DE)
185.255.76.0	22	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	BY TO-S-2019-0972 Malicious Email Activity
185.26.122.76	24	RW	None	2020-05-12 00:00:00	2020-08-12 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr web attacks (IP=76,RU)
185.26.145.82	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	TR TO-S-2019-0781 Malicious Email Activity
185.27.134.183	24	RR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=183,GB)
185.28.141.3	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	ES TO-S-2019-0972 Malicious Web Application Activity
185.29.81.244	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	Authentication Failed (IP=244,HU)
185.3.235.163	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=163,DE)
185.30.21.20	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=20,RU)
185.30.233.149	32	BMP	None	2020-07-09 00:00:00	2020-08-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03406 (IP=149,NL)
185.30.236.138	32	wmp	None	2020-08-20 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=138,NL) | updated by wmp Block expiration extended with reason HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=138,NL)
185.30.32.164	24	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=164,DE)
185.31.160.1	22	bob	None	2016-09-02 05:00:00	2020-01-24 00:00:00	None	RU TO-S-2016-1068 Malicious activity | updated by GLM with reason ABC Generic ArcSight scan attempt (IP=67,RU)
185.31.208.92	24	DT	None	2020-06-17 00:00:00	2020-09-15 00:00:00	None	SQL url ending in comment characters - possible sql injection attempt - SourceFire (IP=92,DE)
185.32.188.19	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=19,PT)
185.33.172.138	24	RR	None	2019-04-07 00:00:00	2020-01-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=138,SA) | updated by GM with reason SERVER-WEBAPP Netgear DGN1000
185.33.54.2	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	HU TO-S-2019-0890.01 Malicious Email Activity
185.34.216.148	24	RW	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - Sourcefire (IP=148,NL)
185.35.172.251	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=251,BE)
185.35.202.222	24	RW	None	2020-07-19 00:00:00	2020-10-17 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=222,NO)
185.35.67.183	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	FR TO-S-2019-0658 Malicious Email Activity
185.35.67.28	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	FR TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason FR TO-S-2020-0212.01 Malware Activity
185.35.67.42	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	FR TO-S-2020-0109.01 Malicious Email Activity
185.36.102.202	24	EDBT	None	2017-05-07 05:00:00	2020-04-16 00:00:00	None	ET SCAN LibSSH Based Frequent SSH | updated by dbc with reason NL TO-S-2019-0593 Malware Activity
185.36.191.195	24	KF	None	2019-04-12 00:00:00	2020-08-15 00:00:00	None	FIREEYE Web: Malware Callback Detected (blocked) (IP=195, NL) | updated by dbc with reason NL TO-S-2019-0890.01 Malicious Email Activity
185.36.72.157	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	UDP: Host Sweep - ARCSight Sauron (IP=157,IT)
185.36.81.170	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=170,no ISC data)
185.36.81.42	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02393 (IP=42,LT)
185.37.212.6	32	GM	None	2020-03-05 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent/TTP: Masscan Scanner Traffic Detected - TT# 20C01988 (IP=6,US)
185.37.228.225	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	ES TO-S-2019-0658 Malware Activity
185.37.68.64	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	NL TO-S-2019-0972 Malware Activity
185.38.148.168	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=168,GB)
185.38.149.27	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	GB TO-S-2020-0187 Malware Activity
185.38.175.72	24	RB	None	2020-07-16 00:00:00	2020-10-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6h failed logon (IP=72,DK)
185.38.44.195	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	GB TO-S-2019-0571 Malicious Email Activity
185.38.49.226	24	RW	None	2019-10-02 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6 hr web attacks (IP=226,DE)
185.39.10.54	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=54,CH)
185.39.11.41	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Illegal user_Failed Logon (IP=41,CH)
185.40.76.100	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=100,RU)
185.41.187.2	24	RR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=2,RU)
185.42.104.246	24	RR	None	2017-12-01 06:00:00	2020-02-08 00:00:00	None	SQL use of sleep function with and - likely SQL injection (IP=246,ES) | updated by ABC with reason Generic ArcSight scan attem | updated by RB with reason HTTP: Blind SQL Injection - Timing_12 hr web attacks (IP=222,ES) | 2020-02-08 | 2019-04-25
185.42.112.46	24	alj	None	2018-11-05 06:00:00	2020-01-10 00:00:00	None	Authentication Failed (ip=46,fr) | updated by RR with reason Authentication Failed - Failed Logons (IP=4,FR)
185.42.137.89	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	SE TO-S-2019-0626.01 Malware Activity
185.43.207.221	24	RR	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire D12 (IP=221,HU)
185.43.220.18	24	RW	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=18,NL)
185.43.6.194	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=194,RU)
185.43.6.194	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=194,RU)
185.44.174.233	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=233,PL)
185.44.64.158	32	RR	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C02137 (IP=158,DE)
185.44.8.0	22	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
185.46.163.163	24	GM	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	Illegal user - Failed Logons (IP=163,BG)
185.46.18.69	24	GM	None	2020-05-25 00:00:00	2020-08-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=69,RU)
185.47.135.70	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malicious Web Application Activity
185.47.135.70	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity
185.47.40.36	32	dbc	None	2019-03-18 00:00:00	2020-11-18 00:00:00	None	NO TO-S-2019-0508 Malicious Email Activity | updated by wmp Block was inactive. Reactivated on 20200817 with reason HIVE Case #3560 COLS-NA-TIP-20-0259 (IP=36,NO) | updated by wmp Block expiration extended with reason HIVE Case #3601 COLS-NA-TIP-20-026
185.49.169.8	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Invalid user - Failed Logons (IP=8,ES)
185.49.71.101	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	DE TO-S-2019-0571 Malware Activity
185.5.248.167	24	CR	None	2017-09-16 05:00:00	2020-05-06 00:00:00	None	GPL SNMP public access udp (IP=167,RU) | updated by dbc with reason RU TO-S-2019-0640.01 Malware Activity
185.5.52.0	22	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	LT TO-S-2019-0604 Malicious Email Activity
185.50.197.159	24	RB	None	2018-07-15 05:00:00	2020-03-29 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=159,ES) | updated by dbc with reason ES TO-S-2019-0551.02 Malicious Email Act
185.50.248.72	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	NL TO-S-2020-0056 Malicious Web Application Activity
185.50.37.141	24	RR	None	2018-12-18 06:00:00	2020-02-04 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (1:13990:25) (IP=141,IR) | updated by kmw with reason IR TO
185.51.113.180	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=180,TR)
185.51.124.0	22	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	RU TO-S-2019-0468 Malicious Web Application Activity
185.51.200.0	22	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	IR TO-S-2019-0658 Malware Activity
185.52.3.112	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	NL TO-S-2019-1036 Malicious Web Application Activity
185.52.67.126	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Web Attacks(IP=126,IT)
185.53.141.132	24	RB	None	2018-06-09 05:00:00	2020-03-11 00:00:00	None	ET SCAN Potential SSH Scan (IP=132, | updated by dbc with reason IR TO-S-2019-0468 Malicious Web Application Activity
185.53.160.165	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=165,NL)
185.53.178.130	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=130,DE)
185.53.178.9	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=9,DE)
185.53.179.8	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=8,DE)
185.53.212.22	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	SE TO-S-2019-0658 Malware Activity
185.53.58.6	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=6,GB)
185.53.88.25	24	CR	None	2019-02-03 00:00:00	2020-01-19 00:00:00	None	RECONNAISSANCE - UDP PORTSCAN (IP=25,EE) | updated by KF with reason Generic ArcSight scan attempt (IP=32,no ISC data)
185.53.88.34	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malicious Web Application Activity
185.53.91.59	24	sjl	None	2014-11-16 06:00:00	2020-03-12 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=59 | updated by dlb with reason NL TO-S-2018-1080 Malware Activit
185.55.213.95	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6hr web attacks (IP=95,IT)
185.55.224.0	22	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	IR TO-S-2019-0551.02 Malicious Email Activity
185.55.48.171	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=171,no ISC data)
185.56.80.137	24	dbc	None	2014-07-04 05:00:00	2020-02-03 00:00:00	None	Potential VNC Scan 5900-5920 (ip=137 NL) | updated by dlb with reason ET SCAN Potential VNC Scan 5900-5920 (IP=120, NL) | up | updated by RR with reason Generic ArcSight scan attempt (IP=46,NL)
185.56.81.2	24	YM	None	2017-08-01 05:00:00	2020-01-17 00:00:00	None	ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack (IP=2,NLD) | updated by CR with reason RECONNAISSANCE - | updated by RB with reason Generic ArcSight scan attempt (IP=41,SC) | 2020-01-17 | 2019-05-03
185.56.91.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	AE TO-S-2019-0626.01 Malware Activity
185.57.13.227	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	FR TO-S-2019-1036 Malicious Email Activity
185.58.206.227	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=227,RU)
185.58.53.66	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	Illegal user - Web Attacks (IP=66,AT )
185.6.139.240	24	dbc	None	2016-06-14 05:00:00	2020-09-02 00:00:00	None	HU TO-S-2016-0758 Malicious Activity | updated by MLJ with reason SQL union select - possible sql | updated by dbc with reason HU TO-S-2019-0952 Malware Activity
185.6.30.238	24	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	Authentication Failed - Failed Logons (IP=238,PL)
185.62.36.84	24	CR	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=84,NL)
185.62.56.18	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=18,NL)
185.65.135.91	24	RR	None	2017-03-30 05:00:00	2020-09-02 00:00:00	None	APP-DETECT failed FTP login attempt (IP=91,SE) | updated by RB with reason FireEye Network SmartVision - CVE-2019-0708 (IP=180,SE) | 2019-09-29 | 2017-06-28 | updated by dbc with reason SE TO-S-2019-0952 Malware Activity
185.66.41.52	24	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=52, ES) | updated by dbc with reason ES TO-S-2019-0626.01 Malicious Email Activity
185.67.177.242	24	RR	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt - SourceFire (IP=242,AL)
185.67.3.148	24	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=148,UA)
185.67.33.243	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP Hikvision IP camera admin authentication attempt - Sourcefire (IP=243,TR)
185.68.109.249	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=249,ES)
185.68.92.0	22	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	RU TO-S-2019-0734.01 Malicious Email Activity
185.70.104.0	22	kmw	None	2019-02-04 00:00:00	2020-02-20 00:00:00	None	RU TO-S-2019-0382 Malicious Web Application Activity | updated by dbc with reason RU TO-S-2019-0420 Malicious Email Activity
185.70.186.142	24	MLJ	None	2017-09-22 05:00:00	2020-05-01 00:00:00	None	ET SCAN Potential SSH Scan (IP=142,NL) | updated by wmp with reason Infraguard GrandCrab Malware (IP=150,NL) | updated by R | updated by dbc with reason NL TO-S-2019-0634 Malware Activity
185.73.228.142	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	PL TO-S-2019-0816 Malicious Email Activity
185.74.4.120	24	RR	None	2019-02-13 00:00:00	2020-03-05 00:00:00	None	Failed password for invalid user (IP=120,UZ) | updated by GM with reason Invalid user - Failed Logons (IP=189,UZ)
185.74.4.189	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=189,UZ)
185.76.34.87	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password - Failed Logon (IP=87,IQ)
185.77.248.0	24	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	IL TO-S-2020-0212.01 Malicious Web Application Activity
185.77.248.0	24	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	IL TO-S-2020-0206 Malicious Web Application Activity
185.78.188.0	22	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,CH)
185.79.131.38	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=38,ES)
185.8.136.237	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=237,DE)
185.8.236.164	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=164,CZ)
185.80.128.0	22	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	LT TO-S-2019-0723 Malicious Web Application Activity
185.81.113.121	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	GB TO-S-2019-0608 Malware Activity
185.81.157.0	24	wmp	None	2020-09-11 00:00:00	2020-12-11 00:00:00	None	HIVE Case #3842 CTO-20-023 (IP=0,FR)
185.81.157.132	24	wmp	None	2018-11-07 06:00:00	2020-03-05 00:00:00	None	NTP monlist Amplification Attack (IP=132,FR) | updated by RB with reason PROTOCOL-DNS DNS query amplification attempt_Sourcefire (IP=140 FR) | 2020-03-05 | 2019-02-07
185.82.126.41	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	SE TO-S-2020-0187 Malicious Email Activity
185.82.202.100	32	dbc	None	2020-08-04 00:00:00	2020-08-04 00:00:00	None	HIVE Case #3470 CTO-20-210 EUCOM JCC SR 100-20 (IP=100,NL)
185.82.216.97	32	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	Immediate Inbound Network Block- TT# 20C01572 (IP=97,BG)
185.82.78.158	32	wmp	None	2020-07-21 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=158,GB) | updated by wmp Block expiration extended with reason HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=158,GB)
185.83.112.0	22	dcg	None	2018-06-11 05:00:00	2020-02-08 00:00:00	None	IR TO-S-2018-0831 associated with malicious web application | updated by GM with reason Invalid user - Failed Logons (IP=196,IR)
185.83.51.31	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=31,BE)
185.85.160.0	22	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
185.85.17.16	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=16,NL)
185.85.206.71	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	TR TO-S-2019-0890.01 Malicious Email Activity
185.86.148.0	23	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	SE TO-S-2019-1036 Malicious Email Activity
185.86.148.14	24	dbc	None	2016-10-14 05:00:00	2020-04-22 00:00:00	None	SE TO-S-2016-0771 Malicious Activity | updated by jky with reason SE TO-S-2017-0160 Country Block | updated by jky with reas
185.86.150.0	23	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	SE TO-S-2019-0551.02 Malicious Web Application Activity
185.86.200.112	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	IT TO-S-2019-0409 Malicious Email Activity
185.86.76.0	22	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	UA TO-S-2019-0571 Malware Activity
185.87.187.182	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	NL TO-S-2019-0363.01 Malware Activity
185.87.187.183	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	NL TO-S-2019-0430 Malware Activity
185.87.187.198	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	NL TO-S-2019-0604 Malicious Email Activity
185.87.187.218	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	NL TO-S-2019-0800 Malicious Email Activity
185.88.152.12	24	MLJ	None	2018-01-19 06:00:00	2020-02-15 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=12,IR) | updated by dbc with reason IR TO-S-2019-0351 Malicious Email Activity
185.89.102.128	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	NL TO-S-2020-0056 Malicious Web Application Activity
185.89.102.131	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	NL TO-S-2020-0056 Malicious Web Application Activity
185.89.102.132	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	NL TO-S-2020-0056 Malicious Web Application Activity
185.89.102.135	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
185.89.102.136	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	NL TO-S-2020-0056 Malicious Web Application Activity
185.89.102.137	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	Phish.URL Hive Case 926 (IP=137 NL)
185.89.102.5	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	NL TO-S-2020-0056 Malicious Web Application Activity
185.9.18.0	24	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	CH TO-S-2019-1002 unknown activity
185.90.56.136	24	RR	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	SQL use of sleep function with and - likely SQL injection - SourceFire (IP=136,PT)
185.92.192.0	22	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	RO TO-S-2019-0640.01 Malicious Email Activity
185.92.222.161	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	NL TO-S-2019-0604 Malware Activity
185.92.222.238	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	NL TO-S-2019-0800 Malicious Email Activity
185.92.223.74	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
185.92.233.72	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	SI TO-S-2020-0190 Malware Activity
185.92.73.88	24	RW	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Generic ArcSight scan attempt (IP=88,NL)
185.93.2.77	24	FT	None	2020-07-30 00:00:00	2020-10-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=77,CZ)
185.94.189.190	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	HTTP: test-cgi Directory Listing_web attacks (IP=90,FR)
185.94.230.114	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	NL TO-S-2019-0800 Malicious Email Activity
185.94.252.13	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	DE TO-S-2019-1036 Malicious Email Activity
185.94.96.0	22	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IR TO-S-2019-0626.01 Malicious Email Activity
185.94.97.0	24	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	IR TO-S-2019-0409 Malicious Email Activity
185.95.206.43	24	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	IQ TO-S-2020-0065 Malware Activity | unblocked: TO-S-2020-0065.01 Lift IP Block that was in Error in TO-S-2020-0065
185.96.5.160	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	NL TO-S-2019-0577 Malicious Email Activity
185.97.116.0	22	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	IR TO-S-2019-0430 Malware Activity
185.97.201.170	24	DT	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - SourceFire (IP=170,RU)
185.98.131.147	24	MLJ	None	2018-03-13 05:00:00	2020-04-08 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=147,FR) | updated by RB with reason SQL union select - possible sql injection
185.98.208.101	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	SK TO-S-2020-0212.01 Malicious Web Application Activity
185.98.208.101	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	SK TO-S-2020-0206 Malicious Web Application Activity
185.98.4.0	22	kmw	None	2019-01-25 00:00:00	2020-02-14 00:00:00	None	KZ TO-S-2019-0358 Malware Activity | updated by dbc with reason KZ TO-S-2019-0400 Malicious Email Activity
185.98.7.104	32	RW	None	2020-07-01 00:00:00	2020-08-01 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03350 (IP=104,KZ)
185.99.1.144	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=144,BA)
185.99.133.153	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NZ TO-S-2020-0006 Command and Control Exploit
185.99.133.194	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	NZ TO-S-2019-0769 Malicious Email Activity
185.99.133.215	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NZ TO-S-2020-0006 Command and Control Exploit
185.99.133.216	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NZ TO-S-2020-0006 Command and Control Exploit
185.99.133.220	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NZ TO-S-2020-0006 Command and Control Exploit
185.99.133.241	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NZ TO-S-2020-0006 Command and Control Exploit
185.99.133.242	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NZ TO-S-2020-0006 Command and Control Exploit
185.99.133.45	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NZ TO-S-2020-0006 Command and Control Exploit
185.99.133.60	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	NZ TO-S-2019-0631 Malware Activity
185.99.133.9	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	NZ TO-S-2019-0430 Malware Activity
185.99.254.38	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=38,GB)
186.1.30.76	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=76,NI)
186.10.122.234	24	CR	None	2020-05-24 00:00:00	2020-08-24 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6 hr web attacks (IP=234,CL)
186.10.124.0	24	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	CL TO-S-2019-0658 Malware Activity
186.10.21.236	24	GM	None	2019-11-12 00:00:00	2020-02-12 00:00:00	None	Failed Password - Failed Logons (IP=236,CL)
186.10.243.70	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	CL TO-S-2019-0747 Malware Activity
186.10.83.251	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=251,CL)
186.101.123.194	24	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - Web Attacks (IP=194,EC)
186.101.230.155	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=155,EC)
186.103.139.228	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=228,CL)
186.104.0.0	15	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	CL TO-S-2019-0800 Malicious Email Activity
186.107.251.71	24	RW	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=71,CL)
186.107.53.153	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=153,CL)
186.109.81.185	24	RR	None	2019-01-17 00:00:00	2020-02-01 00:00:00	None	Illegal user (IP=185,AR) | updated by RR with reason Illegal user (IP=185,AR) | updated by RB with reason Failed password_6 hr Failed Logons (IP=185,AR) | 2020-02-01 | 2019-04-18
186.118.98.2	24	MLJ	None	2018-05-11 05:00:00	2020-04-07 00:00:00	None	Illegal user (IP=2,CO) | updated by RB with reason Illegal user_6 hr Failed Logons (IP=2,CO) | 2020-04-07 | 2018-08-11
186.119.224.0	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=0,CO)
186.121.206.116	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=116,BO)
186.123.51.196	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=196,AR) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
186.124.128.0	21	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,AR)
186.124.135.109	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=109,AR)
186.134.148.85	24	RR	None	2020-06-25 00:00:00	2020-09-23 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=85,AR)
186.136.154.235	24	RB	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=235,AR)
186.136.191.5	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=5,AR)
186.136.199.40	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=40,AR)
186.136.91.106	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=106,AR)
186.137.0.0	19	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	AR TO-S-2019-0571 Malicious Email Activity
186.138.152.228	32	dbc	None	2019-12-17 00:00:00	2020-12-26 00:00:00	None	AR TO-S-2020-0187 Malicious Email Activity | updated by dbc Block expiration extended with reason AR TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason AR TO-S-2020-0212.01 Malicious Email Activity
186.139.21.29	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Invalid user_Failed Logon (IP=29,AR)
186.149.184.82	24	MLJ	None	2017-07-14 05:00:00	2020-02-14 00:00:00	None	ET SCAN Potential SSH Scan (IP=82,DO) | updated by RR with reason INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=76,DO)
186.149.46.4	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=4,DO)
186.15.235.155	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=155,CR) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=155,CR)
186.151.170.222	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	Failed password_6 hr Failed Logons (IP=222,GT)
186.153.100.132	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_6 hr web attacks (IP=132,AR)
186.153.180.146	24	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=146,AR)
186.154.218.14	24	GM	None	2020-07-12 00:00:00	2020-10-12 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=14,CO)
186.155.215.238	32	RW	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02728 (IP=238,CO)
186.158.174.95	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=95,AR)
186.159.0.0	18	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	CO TO-S-2019-0734.01 Malicious Email Activity
186.159.195.188	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	Authentication Failed (IP=188,CR)
186.16.40.133	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	PY TO-S-2019-0658 Malware Activity
186.167.2.35	24	FT	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	SMBv1 opord 2016-191F9 sid:1000011 - Sourcefire (IP=35,CL)
186.169.2.237	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	CO TO-S-2019-0604 Malware Activity
186.17.190.10	24	dbc	None	2014-09-04 05:00:00	2020-02-08 00:00:00	None	Potential SSH Scan (ip=10 PY) | updated by YM with reason SERVER-ORACLE Oracle WebLogic Server remote command execution attemp | updated by RR with reason performing traffic against HRC IP space - TT# 19C03275 (IP=232,PY) | updated by KF with reason
186.17.190.232	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	PY TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason PY TO-S-2020-0212.01 Malicious Web Application Activity
186.170.28.46	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password - Failed Logons (IP=46,CO)
186.177.192.189	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=189,AR)
186.177.87.58	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=58,CR)
186.179.75.210	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	CR TO-S-2019-0409 Malicious Email Activity
186.18.18.124	32	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C01337 (IP=124,AR)
186.183.198.0	23	dbc	None	2019-12-17 00:00:00	2020-12-26 00:00:00	None	CO TO-S-2020-0187 Malicious Email Activity | updated by dbc Block expiration extended with reason CO TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason CO TO-S-2020-0212.01 Malicious Email Activity
186.188.69.2	32	GM	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	Known Attack Tool User Agent/ BOT: Mirai Echobot Activity Detected - TT# 20C02165 (IP=2,US)
186.188.73.219	24	RB	None	2020-04-08 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt (IP=219,VE) | not blocked: No Huawei routers on CorpsNet
186.19.224.0	20	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	AR TO-S-2019-0926 Malicious Reconnaissance Activity
186.19.8.47	32	GM	None	2020-07-27 00:00:00	2020-10-27 00:00:00	None	Known Attack Tool User Agent V2 / UDS-WhatWeb_RC8766 - TT# 20C03569 (IP=47,AR)
186.192.205.238	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C01894 (IP=238,BR)
186.193.108.11	24	RR	None	2020-01-18 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=11,BR) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=11,BR) | updated by KF with reason SERVER-WEBAPP MVPower D
186.193.194.240	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=240,BR)
186.201.194.58	24	CR	None	2019-10-17 00:00:00	2020-01-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt_web attack (IP=58,BR)
186.202.0.0	16	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	BR TO-S-2019-0723 Malicious Email Activity
186.202.127.215	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=215,BR)
186.202.127.95	24	sjl	None	2014-07-27 05:00:00	2020-02-14 00:00:00	None	China Chopper PHP/Backdoor Detected (IP=95, BR) | updated by djs with reason China Chopper PHP/Backdoor Detected (ip=38,BR) |
186.202.153.108	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=108,BR)
186.211.85.104	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
186.212.0.0	14	dbc	None	2018-09-18 05:00:00	2020-01-04 00:00:00	None	BR TO-S-2018-1145 Malicious Reconnaissance Activity | updated by RB with reason SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=45 BR) | 2020-01-04 | 2019-09-18
186.213.148.28	24	RW	None	2020-09-01 00:00:00	2020-12-01 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Sourcefire (IP=28,BR)
186.213.148.28	32	RR	None	2020-09-01 00:00:00	2020-12-01 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and CVE-2017-12617) - TT# 20C03804 (IP=28,BR) | updated by BMP Block expiration extended with reason FIREEYE Web: Infection Match - Hive Case 3738 (IP=28,US)
186.215.89.210	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=10,BR)
186.219.0.0	19	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BR TO-S-2019-0409 Malicious Email Activity
186.224.92.24	24	RW	None	2020-03-09 00:00:00	2020-06-09 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr web attacks (IP=24,BR)
186.226.184.0	21	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	BR TO-S-2019-0734.01 Malicious Email Activity
186.226.80.0	21	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,BR)
186.232.24.0	21	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	BR TO-S-2020-0012 Malware Activity
186.235.193.14	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=14,BR)
186.235.205.99	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=99,BR)
186.235.210.88	24	BMP	None	2020-02-23 00:00:00	2020-03-23 00:00:00	None	Known Attack Tool User Agent - TT# 20C01804 (IP=88,BR)
186.237.140.226	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password_6 hr Failed Logons (IP=226,BR)
186.237.223.78	24	GM	None	2020-09-09 00:00:00	2020-12-10 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=78,BR) | updated by RW Block expiration extended with reason HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - web attacks (IP=78,BR)
186.237.48.0	21	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BR TO-S-2019-0409 Malicious Email Activity
186.237.59.245	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=245,BR)
186.248.0.0	16	dbc	None	2018-09-18 05:00:00	2020-01-09 00:00:00	None	BR TO-S-2018-1145 Malicious Reconnaissance Activity | updated by dcg with reason BR TO-S-2018-1191 associated with malicious w | updated by GM with reason SERVER-WEBAPP Drupal 8 remote code
186.250.10.0	23	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,BR)
186.251.108.0	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=0,BR)
186.251.197.125	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=125,BR)
186.251.251.179	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=179,BR)
186.30.6.79	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=79,CO)
186.4.128.0	17	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	EC TO-S-2019-1036 Malicious Email Activity
186.42.224.0	22	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	EC TO-S-2020-0187 Malicious Email Activity
186.42.226.46	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	AR TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason AR TO-S-2020-0212.01 Malicious Email Activity
186.47.153.3	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	EC TO-S-2019-0420 Malicious Email Activity
186.47.73.26	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=26,EC)
186.47.86.2	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - sourcefire (IP=2,EC)
186.48.43.148	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=148,UY)
186.48.49.58	24	RR	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	Authentication Failed - Failed Logons (IP=58,UY)
186.5.109.211	24	GLM	None	2018-08-05 05:00:00	2020-02-27 00:00:00	None	Illegal user (IP=211,EC) | updated by RW Block was inactive. Reactivated on 20191127 with reason Authentication Failed - 6hr Failed Logon(IP=211,EC)
186.5.75.243	24	RB	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_6 hr web attacks (IP=243,EC)
186.6.140.182	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=182,DO)
186.6.233.211	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Authentication Failed - Failed Logons (IP=211,DO)
186.60.0.0	14	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	AR TO-S-2020-0006 Malicious Email Activity
186.64.111.99	24	RB	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_Sourcefire (IP=99,GT)
186.64.116.86	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=86,CL)
186.64.118.85	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=85,CL)
186.67.134.0	24	GLM	None	2016-11-24 06:00:00	2020-02-02 00:00:00	None	SERVER-WEBAPP Setup.php access (IP=175,CL) | updated by KF with reason HTTP: SQL Injection Attempt Detected_Web Attacks (IP=162,CL)
186.67.203.22	24	klb	None	2016-08-11 05:00:00	2020-04-09 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=22 CL) | updated by CR with reason Illegal user (IP=22,CL)Â Â  | updated by RB with reason Illegal user_6 hr Failed Logons (IP=22,CL) | 2020-04-09 | 2019-01-19
186.67.72.73	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	CL TO-S-2019-0577 Malicious Email Activity
186.7.120.202	24	CR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	Authentication Failed - 6 hr Failed Logon (IP=202,DO)
186.7.144.162	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=162,DO)
186.7.54.89	24	BMP	None	2020-05-17 00:00:00	2020-08-15 00:00:00	None	Command Injection (IP=89,DO)
186.71.57.18	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=18,EC)
186.73.188.133	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=3,PA)
186.75.122.34	24	GM	None	2020-04-13 00:00:00	2020-08-10 00:00:00	None	Automated Block Calculations (IP=34,PA) | unblocked: False Positive DrayTek and DD-WRT signature hits. | updated by KF Block was inactive. Reactivated on 20200512 with reason Command Injection (IP=34,PA)
186.80.0.0	14	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	CO TO-S-2019-1036 Malicious Email Activity
186.84.172.87	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=87,CO)
186.84.174.215	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password (IP=215,CO)
186.88.0.0	13	jky	None	2017-12-15 06:00:00	2020-04-21 00:00:00	None	VE TO-S-2018-0246 Recon activity | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=22,VE) | updated by RWB with reason Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR S
186.90.212.14	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=14,VE)
186.90.216.161	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=161,VE)
186.90.34.237	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=237,VE)
186.90.78.175	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=175,VZ)
186.91.129.176	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=176,VE)
186.93.37.35	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=35,VE)
186.96.113.66	24	RB	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt_6 hr web attacks (IP=66,CO)
186.96.208.0	20	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	TT TO-S-2020-0012 Malware Activity
187.0.211.99	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user_Failed Logon (IP=99,BR)
187.102.160.70	24	RR	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=70,BR)
187.103.230.190	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed - 6hr Logon (IP=190,BR)
187.109.2.165	32	RW	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	FTKNOX_HRC_IPS - TT# 20C01854(IP=165,BR)
187.109.34.243	24	RR	None	2020-07-26 00:00:00	2020-10-24 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=243,BR)
187.110.225.5	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password (IP=5,BR)
187.111.204.0	24	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	BR TO-S-2019-0604 Malware Activity
187.111.208.154	24	KF	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Illegal user - 6 Hr Failed Logons (IP=154,BR)
187.111.209.28	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Illegal user - Failed Logons (IP=28,BR)
187.111.212.216	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Illegal user - 6hr Logons (IP=216,BR)
187.111.213.62	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=62,BR)
187.111.215.112	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Illegal user - Failed Logons (IP=112,BR)
187.111.80.0	20	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BR TO-S-2019-0409 Malicious Email Activity
187.113.216.122	24	CR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=122,BR)
187.114.81.178	24	GM	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	ABC Generic ArcSight scan attempt (IP=178,BR)
187.116.11.59	24	RB	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	Authentication Failed_6 hr Failed Logons_CPC (IP=59,BR)
187.116.137.100	24	CW	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	Illegal user_Failed Logon (IP=0,BR)
187.116.250.226	24	RB	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=226,BR)
187.120.241.79	24	KF	None	2020-03-07 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent/BOT:Mirai Echobot Activity Detected - TT# 20C02018 (IP=79,BR)
187.131.211.5	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=5,MX)
187.131.224.140	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt -Web Attacks (IP=140,MX)
187.134.197.40	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password (IP=40,MX)
187.135.136.8	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=8,MX)
187.137.119.125	24	RB	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=125 MX) | updated by RW Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=125,MX)
187.137.163.173	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=173,MX)
187.137.36.117	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt-Sourcefire (IP=117,MX)
187.137.73.91	24	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=91,MX)
187.138.56.1	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=1,MX)
187.138.89.238	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=238,MX)
187.140.45.116	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	MX TO-S-2019-0864 Malicious Email Activity
187.142.217.71	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=71,MX)
187.144.227.2	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	MX TO-S-2019-1036 Malicious Email Activity
187.144.76.174	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	MX TO-S-2019-0508 Malware Activity
187.146.129.26	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Command Injection Attempt (IP=26,MX)
187.148.68.16	32	KF	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	Known Attack Tool User / BOT: Mirai Echobot Activity Detected - TT# 010420-00020 (IP=16,MX)
187.150.154.224	24	RB	None	2020-04-02 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_Sourcefire (IP=224,MX) | updated by BMP Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=224,MX)
187.150.156.221	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	MX TO-S-2019-0658 Malware Activity
187.150.158.168	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	MX TO-S-2019-0658 Malware Activity
187.150.188.124	24	BMP	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=124,MX)
187.152.112.119	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=119,MX)
187.153.123.162	24	RB	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	SERVER-WEBAPP Joomla
187.153.153.50	24	RW	None	2020-04-07 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=50,MX)
187.155.1.35	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=35,MX)
187.155.16.86	24	RW	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	UDP: Host Sweep (IP=86,MX)
187.155.17.18	24	GM	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	Automated Block Calculations (IP=18,MX) | unblocked: False Positive DrayTek and DD-WRT signature hits.
187.155.233.46	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	MX TO-S-2019-1036 Malicious Email Activity
187.155.26.176	32	RW	None	2020-04-06 00:00:00	2020-05-06 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Mirai Echobot Activity Detected - TT# 20C02443 (IP=176,MX)
187.155.9.120	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=20,MX)
187.157.125.165	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	MX TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason MX TO-S-2020-0212.01 Malicious Web Application Activity
187.157.166.100	24	RR	None	2020-04-08 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=100,MX) | not blocked: This is a signature for home routers.
187.157.249.109	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=109,MX)
187.159.190.11	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=11,MX)
187.16.96.37	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=37,BR)
187.161.71.4	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=4,MX)
187.162.246.209	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=209,MX)
187.162.58.134	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=134,MX)
187.163.92.154	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=154,MX)
187.167.220.177	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=177,MX)
187.17.201.181	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=181,BR)
187.170.27.164	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed - 6hr Logon (IP=164,MX)
187.173.198.16	32	kmw	None	2019-02-04 00:00:00	2020-02-14 00:00:00	None	MX TO-S-2019-0382 Malicious Email Activity | updated by dbc with reason MX TO-S-2019-0400 Malicious Email Activity
187.174.191.154	24	KF	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	Failed password - 6 Hr Failed Logons (IP=154,MX)
187.174.201.179	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	MX TO-S-2019-0626.01 Malware Activity
187.177.109.238	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	Authentication Failed - 6hr Logons (IP=109, MX)
187.177.183.18	24	BMP	None	2020-04-21 00:00:00	2020-07-22 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - 6hr Web Attacks (IP=18,MX)
187.177.30.154	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	MX TO-S-2019-0409 Malicious Email Activity
187.188.166.192	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	MX TO-S-2019-1036 Malicious Email Activity
187.188.193.211	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=211,MX)
187.188.22.115	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=115,MX)
187.188.33.94	24	wmp	None	2018-11-20 06:00:00	2020-04-21 00:00:00	None	authentication bypass vulnerability (IP=94,MX) | updated by RWB with reason Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=,MX)
187.188.40.11	24	RB	None	2020-04-08 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (IP=11,MX) | not blocked: This is a signature for home routers
187.188.40.84	32	RW	None	2020-04-03 00:00:00	2020-05-03 00:00:00	None	Known Attack Tool User Agent - TT# 20C02350 (IP=84,MX)
187.189.144.227	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=227,MX)
187.189.210.160	24	RW	None	2020-04-03 00:00:00	2020-06-03 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02325 (IP=160,MX)
187.189.237.59	24	RB	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt_6 hr web attacks (IP=59,MX)
187.189.244.210	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=210,MX)
187.189.65.10	24	GLM	None	2018-07-03 05:00:00	2020-01-16 00:00:00	None	Illegal user (IP=10,MX) | updated by dbc with reason MX TO-S-2019-0067.01 Malware Activity | updated by RW with reason Authentication Failed - 6hr Failed Logon (IP=79,MX)
187.189.93.10	24	CR	None	2019-04-29 00:00:00	2020-01-03 00:00:00	None	Authentication Failed_6 hr Failed Logon Report (IP=10,MX) | updated by GM with reason Illegal user - Failed Logons (IP=10,MX)
187.190.111.29	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	MX TO-S-2019-0952 Malware Activity
187.190.166.178	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password - Failed Logons (IP=178,MX)
187.190.221.119	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 hr web attacks (IP=10,DE)
187.190.235.89	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Failed password - Failed Logons (IP=89,MX)
187.190.236.124	24	YM	None	2017-03-17 05:00:00	2020-01-27 00:00:00	None	BLACKLIST User-Agent known malicious user agent - DigExt (IP=124,MX) | updated by RR with reason Illegal user (IP=88,MX) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=88,MX)
187.190.246.249	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02420 (IP=249,MX)
187.192.12.90	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=90,MX)
187.194.154.198	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=198,MX)
187.194.184.189	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Authentication Failed (IP=189,MX)
187.199.127.164	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Invalid user - Failed Logons (IP=164,MX)
187.202.153.0	32	GM	None	2020-07-11 00:00:00	2020-10-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03434 (IP=0,MX)
187.202.154.161	24	DT	None	2020-04-23 00:00:00	2020-07-22 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=161,MX)
187.202.167.186	24	CR	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6 hr Web Attacks (IP=186,MX)
187.202.173.4	24	GM	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web attacks (IP=4,MX)
187.202.189.171	24	YM	None	2018-05-25 05:00:00	2020-02-18 00:00:00	None	ET WEB_SERVER 401TRG Generic Webshell Request - POST with wget in body (IP=171,BR) | updated by GM with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - 20C00999 (IP=123,US)
187.202.197.240	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	MX TO-S-2020-0212.01 Malicious Web Application Activity
187.202.197.240	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	MX TO-S-2020-0206 Malicious Web Application Activity
187.202.218.77	32	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00491 (IP=77,MX)
187.202.247.191	24	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=191,MX)
187.204.74.214	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=214,MX)
187.204.77.22	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=22,MX)
187.206.1.164	24	RB	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt_6 hr web attacks (IP=164,MX)
187.207.167.137	24	GM	None	2019-11-12 00:00:00	2020-02-12 00:00:00	None	Invalid user - Failed Logons (IP=137,MX)
187.207.212.190	32	dbc	None	2020-06-30 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=190,MX) | updated by wmp Block expiration extended with reason HIVE Case #3708 TO-S-2020-0766 (IP=190,MX)
187.208.75.112	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=112,MX)
187.209.44.214	24	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=214,MX)
187.210.94.69	24	ABC	None	2019-10-14 00:00:00	2020-01-12 00:00:00	None	Command Injection Attempt (IP=69,MX)
187.211.25.27	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=27,MX)
187.212.72.188	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - 6hr web attacks (IP=188,MX)
187.214.71.181	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=181,MX)
187.214.76.166	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_12 hr web attacks (IP=166,MX)
187.216.127.147	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Failed password for invalid user - Failed Logons (IP=147,MX)
187.216.144.152	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=152,MX)
187.217.84.36	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	MX TO-S-2019-0409 Malicious Email Activity
187.218.80.117	24	DT	None	2020-06-15 00:00:00	2020-09-15 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=117,MX)
187.234.125.157	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=157,MX)
187.234.4.249	24	RR	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=249,MX)
187.237.235.103	24	GM	None	2020-08-17 00:00:00	2020-11-17 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=103,MX)
187.24.133.82	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	Authentication Failed (IP=82,BR)
187.24.141.107	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - Failed Logons (IP=107,BR)
187.245.164.21	24	RR	None	2020-07-09 00:00:00	2020-10-07 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=21,MX)
187.248.59.118	32	KF	None	2018-12-12 06:00:00	2020-10-13 00:00:00	None	Signature: UDS-JBoss Exploit Web Shell RC_5026744 (IP=118,US) | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=118,MX) | updated by BMP Block was inactive. Reactivated on 20200713 with reason HTTP: vBul
187.250.163.76	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Web Attacks(IP=76,MX)
187.26.141.155	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=155,BR)
187.26.147.91	24	RB	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=91,BR)
187.26.148.3	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Illegal user (IP=3,BR)
187.26.158.160	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=160,BR)
187.26.159.233	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Authentication Failed - Failed Logons (IP=233,BR)
187.26.162.81	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=81,BR)
187.26.169.22	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=22,BR)
187.26.200.8	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=8,BR)
187.26.204.30	24	GM	None	2019-11-18 00:00:00	2020-02-18 00:00:00	None	Illegal user - Failed Logons (IP=30,BR)
187.26.215.72	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Authentication Failed (IP=72,BR)
187.26.218.71	24	RB	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=71,BR)
187.26.220.187	24	KF	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	Authentication Failed (IP=187,BR)
187.26.96.110	24	RR	None	2020-01-03 00:00:00	2020-04-02 00:00:00	None	Authentication Failed - Failed Logons (IP=110,BR)
187.27.157.129	24	BMP	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Authentication Failed - 6hr Failed Logons (IP=129,BR)
187.27.244.130	24	GM	None	2019-10-01 00:00:00	2020-01-01 00:00:00	None	Illegal user - Failed logons (IP=130,BR)
187.32.0.0	16	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BR TO-S-2019-0409 Malicious Email Activity
187.33.56.207	24	GM	None	2020-06-18 00:00:00	2020-08-18 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=207,BR)
187.34.0.0	15	dcg	None	2018-10-01 05:00:00	2020-04-21 00:00:00	None	BR TO-S-2018-1191 associated with malicious web activity | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=158,BR) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary c
187.40.192.0	18	dcg	None	2018-10-01 05:00:00	2020-04-17 00:00:00	None	BR TO-S-2018-1191 associated with malicious web activity | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=14,BR)
187.41.49.216	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=216,BR)
187.44.106.12	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password - Failed Logons (IP=12,BR)
187.45.105.166	24	KF	None	2020-03-09 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent/ BOT: Mirai Echobot Activity - TT# 20C02077 (IP=166,BR)
187.45.106.136	24	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=136,BR)
187.45.107.127	32	RW	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01861 (IP=127,BR)
187.45.240.108	32	wmp	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	HIVE Case #3755 COLS-NA-TIP-20-0278 (IP=108,BR)
187.49.226.27	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=27,BR)
187.58.182.114	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=114,BR)
187.58.82.82	24	KF	None	2019-10-15 00:00:00	2020-01-13 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=82,BR)
187.59.172.101	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=101,BR)
187.60.32.153	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=153,BR)
187.61.104.0	22	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	BR TO-S-2020-0187 Malicious Email Activity
187.61.104.0	21	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	BR TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason BR TO-S-2020-0212.01 Malicious Email Activity
187.63.210.191	32	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C01910 (IP=191,US)
187.63.220.51	32	KF	None	2020-03-07 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02048 (IP=51,US)
187.68.212.46	24	RB	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=46,BR)
187.70.227.45	24	RW	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=45,BR)
187.70.229.36	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=36,BR)
187.70.242.50	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_SourceFire (IP=50,BR)
187.71.137.32	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	Illegal user - Failed Logons (IP=32,BR)
187.71.4.174	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	Authentication Failed (IP=174,BR)
187.72.118.191	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=191,BR)
187.73.91.100	32	RR	None	None	2020-06-29 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=100,BR)
187.74.74.213	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=213,BR)
187.8.54.170	24	RB	None	2020-04-22 00:00:00	2020-07-21 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - 6 hr web attacks (IP=170,BR)
187.84.224.0	20	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	BR TO-S-2019-0577 Malicious Email Activity
187.86.0.0	14	jky	None	2017-12-15 06:00:00	2020-04-21 00:00:00	None	BR TO-S-2018-0246 Recon activity | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=231,BR) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt
187.9.6.156	24	CR	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=156,NL)
187.91.0.91	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=91,BR)
187.91.170.211	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Authentication Failed - Failed Logons (IP=211,BR)
187.91.2.129	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	Authentication Failed (IP=129,BR)
187.95.234.109	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=109,BR)
187.95.243.165	32	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C01907 (IP=165,US)
187.99.239.82	24	RR	None	2020-04-08 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=82,BR) | not blocked: This is a signature for home routers.
188.10.94.121	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password - Failed Logons (IP=121,IT)
188.112.148.163	24	RW	None	2020-09-01 00:00:00	2020-12-01 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Sourcefire (IP=163,LV)
188.118.52.49	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	BE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason BE TO-S-2020-0212.01 Malicious Web Application Activity
188.118.52.50	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	BE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason BE TO-S-2020-0212.01 Malicious Web Application Activity
188.118.52.52	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	BE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason BE TO-S-2020-0212.01 Malicious Web Application Activity
188.119.64.0	23	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	RU TO-S-2019-0658 Malware Activity
188.12.153.68	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=68,IT)
188.120.225.71	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=71,RU)
188.120.239.34	24	RW	None	2019-12-17 00:00:00	2020-03-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=34,RU)
188.121.41.53	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	NL TO-S-2019-0546 Malicious Email Activity
188.121.57.43	24	FT	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=43,DE)
188.121.57.43	24	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Web Attacks (IP=43,DE)
188.126.52.36	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=36,RU)
188.127.164.37	24	CR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6 hr failed logon (IP=37,ES)
188.127.230.237	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3289 COLS-NA-TIP-20-0211 (IP=237,RU)
188.127.239.142	24	KF	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=142,RU)
188.127.251.145	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3289 COLS-NA-TIP-20-0211 (IP=145,RU)
188.128.0.0	17	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	RU TO-S-2019-0468 Malicious Web Application Activity
188.128.134.141	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	PL TO-S-2019-0631 Malicious Email Activity
188.128.166.37	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	PL TO-S-2019-0577 Malicious Email Activity
188.130.44.205	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=205,FR)
188.131.134.172	24	RB	None	2019-01-18 00:00:00	2020-02-08 00:00:00	None	Failed password for invalid user(IP=172,CN) | updated by RB with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_12 hr web attacks (IP=11,CN) | 2020-02-08 | 2019-04-18
188.131.144.229	24	CR	None	2018-11-26 06:00:00	2020-02-14 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=229,CN) | updated by RW with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=100,CN)
188.131.150.212	24	GM	None	2020-04-24 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=212,CN)
188.131.161.252	24	CR	None	2018-12-10 06:00:00	2020-01-22 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=252,CN) | updated by CW Block was inactive. Reactivated on 20191024 with reason HTTP: SQL Injection Attempt Detected_Web Attacks (IP=52,CN)
188.131.169.198	24	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=198,RU)
188.131.170.119	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=119,RU)
188.131.192.69	32	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	Immediate Inbound Network Block - TT# 20C00137 (IP=69,US)
188.131.200.191	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	Failed password (IP=191,RU)
188.131.223.181	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=181,RU)
188.131.224.179	24	CR	None	2019-05-27 00:00:00	2020-02-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_CIRT Web Attacks - Prior 6 hours (IP=179,RU) | updated by RR with reason Invalid user - Failed Logons (IP=32,RU)
188.131.233.27	32	JKC	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	Malicious IP Case # 3063 - IOC_ISO CTOs 20-164, 20-165 (IP=27, RU)
188.131.234.5	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=5,RU)
188.131.234.5	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=5,RU)
188.131.234.5	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=5,RU)
188.131.246.128	24	KF	None	2020-06-28 00:00:00	2020-09-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=128,CN)
188.131.249.145	24	CW	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_web attacks (IP=45,RU)
188.131.250.143	24	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=143,CN)
188.132.217.221	32	wmp	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3506 COLS-NA-TIP-20-0252 (IP=221,TR)
188.132.219.172	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=172,XX)
188.136.174.4	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=4,ZZ)
188.138.111.121	32	RB	None	2020-06-28 00:00:00	2020-09-26 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - TT# 20C03302 (IP=121,IN)
188.138.111.121	24	RR	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	Phish.URL - HIVE Case #1842 (IP=121,RU)
188.138.33.216	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=216,DE)
188.14.112.149	24	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr Web Attacks (IP=149,IT)
188.142.209.49	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=49,HU)
188.143.91.142	24	RB	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	Failed password_6 hr Failed Logons (IP=142,HU)
188.148.14.185	32	RB	None	2020-03-11 00:00:00	2020-06-11 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02121 (IP=185,SE)
188.148.172.215	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Sourcefire (IP=215,SE)
188.149.146.190	24	RR	None	2020-08-04 00:00:00	2020-11-02 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - SourceFire (IP=190,SW)
188.149.210.145	24	KF	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	Known Attack Tool User Agent/BOT:Mirai Echobot Activity Detected - TT# 20C02017 (IP=145,SE)
188.149.74.14	32	RR	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	Known Attack Tool User Agent/ BOT: Mirai Echobot Activity Detected - TT# 20C02132 (IP=14,SE)
188.149.74.142	32	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02046 (IP=142,US)
188.151.70.120	32	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01936 (IP=120,SE)
188.152.239.98	32	GM	None	2020-03-20 00:00:00	2020-04-20 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected TT# 20C02192 (IP=98,US)
188.153.52.161	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=161,IT)
188.157.155.225	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=225,HU) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
188.16.112.171	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	Illegal user - Failed Logons (IP=171,RU)
188.16.146.40	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=40,RU)
188.161.76.94	24	RW	None	2019-10-02 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6 hr web attacks (IP=94,PS)
188.162.223.223	32	BMP	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	Possible SQLi attempt / HTTP: Blind SQL Injection - Timing - TT# 20C02866 (IP=223,RU)
188.162.228.249	24	dbc	None	2016-07-27 05:00:00	2020-04-16 00:00:00	None	RU TO-S-2016-0932 Malicious Activity | updated by dbc with reason RU TO-S-2019-0593 Malware Activity
188.163.0.0	16	jky	None	2017-12-15 06:00:00	2020-04-14 00:00:00	None	UA TO-S-2018-0246 Recon activity | updated by RR with reason FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=222,UK)
188.164.197.206	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=206,ES)
188.165.148.25	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=25,FR)
188.165.201.89	24	RR	None	2018-08-14 05:00:00	2020-07-29 00:00:00	None	Illegal user (IP=89,FR) | updated by dbc with reason FR TO-S-2019-0852 Malicious Email Activity
188.165.211.201	24	GLM	None	2018-12-13 06:00:00	2020-01-14 00:00:00	None	Invalid user (IP=201,FR) | updated by RR with reason APP-DETECT failed FTP login attempt - Web Attacks (IP=181,FR)
188.165.217.27	24	saj	None	2014-04-02 05:00:00	2020-03-26 00:00:00	None	ET SCAN Potential SSH Scan (ip=27, FR) | updated by sjl with reason SERVER-WEBAPP RevSlider information disclosure attempt (IP
188.165.235.75	32	BP	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02237 (IP=75,FR)
188.165.238.65	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password (IP=65,FR)
188.165.24.200	24	CR	None	2019-01-17 00:00:00	2020-02-12 00:00:00	None	Failed password for invalid user user (IP=200,LT) | updated by RR with reason Failed password for invalid user -Failed Logons (IP=200,RU)
188.165.242.200	24	RR	None	2018-12-19 06:00:00	2020-01-29 00:00:00	None	Failed password for invalid user (IP=200,FR) | updated by GM with reason Failed password - Failed Logons (IP=200,FR)
188.165.250.71	24	dbc	None	2014-03-28 05:00:00	2020-02-12 00:00:00	None	SSH Scan (ip=71,FR) | updated by dlb with reason ET SCAN Potential SSH Scan (IP=228, FR) | updated by wmp with reason CGI en | updated by RR with reason Failed password for invalid user -Failed Logons (IP=228,FR)
188.165.251.13	24	jkc	None	2015-10-05 05:00:00	2020-01-19 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (IP=13 , FR) | updated by RR with reason Illegal user - Failed Logons (IP=225,FR)
188.165.253.116	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	APP-DETECTfailed FTP login attempt - Failed Logon (IP=116,FR)
188.165.27.173	32	BP	None	2019-12-13 00:00:00	2020-01-12 00:00:00	None	TO-S-2020-0189 / Foreign IP block - TT# 20C01158(IP=173,LT)
188.165.51.93	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=93,FR)
188.165.55.33	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password for invalid user - Failed Logons (IP=33,FR)
188.166.0.213	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=213,NL)
188.166.1.4	24	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=4,NL)
188.166.100.45	24	MLJ	None	2018-01-25 06:00:00	2020-01-25 00:00:00	None	ET SCAN Potential SSH Scan (IP=45,RU) | updated by kmw with reason NL TO-S-2019-0358 Malicious Web Application Activity
188.166.105.228	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=228,NL)
188.166.111.54	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	NL TO-S-2019-0358 Malicious Web Application Activity
188.166.118.79	24	KF	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt_Web Attacks (IP=79,RU)
188.166.119.57	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	NL TO-S-2019-0358 Malicious Web Application Activity
188.166.13.189	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malicious Web Application Activity
188.166.13.189	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity
188.166.133.163	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
188.166.146.162	32	RB	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	Phish.URL.Emotet | updated by RB Block was inactive. Reactivated on 20191010 with reason Phish.URL.Emotet
188.166.16.216	24	RW	None	2020-04-19 00:00:00	2020-07-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=146,IN)
188.166.163.2	24	RB	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Sourcefire (IP=2,DE)
188.166.171.84	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malware Activity
188.166.18.214	24	ABC	None	2018-05-06 05:00:00	2020-04-19 00:00:00	None	Generic ArcSight scan attempt (IP=214 ZZ) | updated by dbc with reason NL TO-S-2019-0608 Malicious Email Activity
188.166.211.194	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=194,SG)
188.166.216.84	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=84,SG)
188.166.216.84	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=84,SG)
188.166.216.84	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=84,SG)
188.166.220.17	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=17,SG)
188.166.229.205	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Illegal user - 6hr Logons (IP=205,SG)
188.166.237.191	24	RR	None	2019-02-13 00:00:00	2020-01-21 00:00:00	None	Illegal user (IP=191,RU) | updated by GM with reason Illegal user - Failed Logons (IP=191,SG)
188.166.247.82	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password - Failed Logons (IP=82,SG)
188.166.248.217	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	SG TO-S-2019-0577 Malicious Email Activity
188.166.251.76	24	MLJ	None	2017-07-06 05:00:00	2020-02-11 00:00:00	None	ET SCAN Potential SSH Scan (IP=76,RU) | updated by GM with reason Invalid user - Failed Logons (IP=87,SG)
188.166.253.46	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	SG TO-S-2019-1036 Malicious Email Activity
188.166.26.69	32	RW	None	2020-05-15 00:00:00	2020-08-13 00:00:00	None	TCP: SYN Host Sweep - ABC report (IP=69,US)
188.166.4.149	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Failed password - Failed Logons (IP=149,NL)
188.166.45.125	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=125,NL)
188.166.5.20	24	RR	None	2018-02-10 06:00:00	2020-03-10 00:00:00	None	ET SCAN Potential SSH Scan (IP=20,RU) | updated by GM with reason Invalid user - Failed Logons (IP=84,NL)
188.166.50.112	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=112,NL)
188.166.54.199	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=199,NL)
188.166.68.8	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=8,TH)
188.166.77.220	24	KF	None	2019-01-11 06:00:00	2020-09-02 00:00:00	None	Illegal user (IP=220,RU) | updated by dbc with reason NL TO-S-2019-0952 Malicious Email Activity
188.166.85.185	24	ABC	None	2018-06-09 05:00:00	2020-03-29 00:00:00	None	Generic ArcSight scan attempt (IP=185,ZZ) | updated by dbc with reason NL TO-S-2019-0551.02 Malicious Email Activity
188.168.42.24	24	KF	None	2020-06-10 00:00:00	2020-09-08 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03121 (IP=24,RU)
188.169.172.2	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=2,GE)
188.173.21.185	24	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=185,RO)
188.18.231.205	24	GM	None	2020-03-11 00:00:00	2020-06-11 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=205,RU)
188.18.239.83	24	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode_Sourcefire (IP=83,RU)
188.191.161.225	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=225,RU)
188.191.168.0	21	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	RU TO-S-2019-0952 Malware Activity
188.192.15.174	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=174,DE)
188.194.110.106	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_SourceFire (IP=6,DE)
188.20.145.196	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=196,AT)
188.208.56.0	21	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	IR TO-S-2019-0723 Malicious Web Application Activity
188.209.224.205	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=205,MD)
188.212.22.5	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	SA TO-S-2019-0468 Malicious Email Activity
188.213.19.45	24	FT	None	2020-09-18 00:00:00	2020-12-17 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=45,RO)
188.213.49.211	32	RW	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03256 (IP=211,RO)
188.213.49.83	24	MLJ	None	2017-12-14 06:00:00	2020-02-11 00:00:00	None	ET DOS Possible NTP DDoS Inbound Frequent Un-Authed MON_LIST Requests IMPL 0x03 (IP=83,RO) | updated by CR with reason RECONN | updated by GM with reason Failed password - Failed Logons (IP=60,RO)
188.214.133.69	24	RW	None	2020-09-10 00:00:00	2020-12-10 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=69,LT)
188.214.30.166	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	UDP: Host Sweep - ARCSight Sauron (IP=166,RO)
188.214.30.202	32	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	Immediate Inbound Network Block - TT# 20C01573 (IP=2,RO)
188.214.35.200	32	RB	None	2020-05-05 00:00:00	2020-08-03 00:00:00	None	TO-S-2020-0495/ Multiple Blocks - TT# 20C02618 (IP=200,RO)
188.215.230.27	24	djs	None	2016-04-11 05:00:00	2020-02-04 00:00:00	None	WEBAPP modules.php access (ip=27,RO) | updated by kmw with reason RO TO-S-2019-0192.01 Malicious Email Activity | updated by
188.216.5.54	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=54,IT)
188.217.2.122	32	RR	None	2020-01-17 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=122,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=122,IT)
188.217.234.9	24	RR	None	2020-01-18 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=9,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=9,IT) | updated by RWB with reason SERVER-WEBAPP MVPower DV
188.217.238.230	24	RR	None	2020-01-20 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=230,IT) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=230,IT)
188.217.244.81	24	RW	None	2020-01-16 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=81,IT) | updated by RW Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=81,IT) |
188.218.42.158	24	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=158,IT)
188.219.160.178	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=178,IT)
188.220.79.106	24	GM	None	2020-02-07 00:00:00	2020-05-08 00:00:00	None	Authentication Failed - Failed Logons (IP=106,GB) | updated by GM Block expiration extended with reason Authentication Failed - Failed Logons (IP=106,GB)
188.221.42.189	24	BP	None	2019-12-19 00:00:00	2020-03-18 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=189,GB)
188.222.35.152	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=152,)
188.223.70.176	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=176,GB)
188.225.22.201	24	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=201,RU)
188.225.24.0	21	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	RU TO-S-2020-0077 Malware Activity
188.225.38.190	24	ged	None	2014-05-09 05:00:00	2020-04-03 00:00:00	None	ET SCAN Potential SSH Scan (IP=190, RU) | updated by RR with reason Illegal user - Failed Logons (IP=241,RU)
188.225.72.0	21	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	RU TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason RU TO-S-2020-0212.01 Malware Activity
188.226.167.212	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password - Failed Logon (IP=212,NL)
188.226.170.162	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	NL TO-S-2019-0409 Malware Activity
188.226.182.209	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=209,NL)
188.226.226.82	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=82,NL)
188.226.234.131	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Invalid user - Failed Logons (IP=131,NL)
188.227.192.0	22	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	GE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GE TO-S-2020-0212.01 Malicious Web Application Activity
188.229.0.0	17	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RO TO-S-2019-0430 Malware Activity
188.23.172.57	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	AT TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason AT TO-S-2020-0212.01 Malicious Web Application Activity
188.235.161.75	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=75,RU)
188.240.220.58	24	ABC	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=58,GB)
188.241.200.198	24	MLJ	None	2017-07-31 05:00:00	2020-04-19 00:00:00	None	ET SCAN Potential SSH Scan (IP=198,RO) | updated by dbc with reason RO TO-S-2019-0608 Malware Activity
188.241.222.0	24	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	RO TO-S-2020-0212.01 Malicious Web Application Activity
188.241.222.0	24	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	RO TO-S-2020-0206 Malicious Web Application Activity
188.241.58.222	32	RW	None	2020-06-16 00:00:00	2020-09-16 00:00:00	None	Unauthorized Access-Probe - TT# 20C03185 (IP=222,RO)
188.241.76.0	22	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	RO TO-S-2019-0952 Malware Activity
188.242.124.76	24	RW	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=76,RU)
188.243.100.4	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=4,RU)
188.247.65.17	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=17,JO)
188.250.5.124	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Authentication Failed - 6hr Logons (IP=124,PT)
188.252.69.82	24	MLJ	None	2017-08-31 05:00:00	2020-03-25 00:00:00	None	ET SCAN Potential SSH Scan (IP=82,PL) | updated by RB with reason INDICATOR-SCAN SSH brute force login attempt (IP=82,PL) | 2 | updated by RW Block was inactive. Reactivated on 20191225 with reason Authentication Failed - 6hr Failed Logon(IP=82,PL)
188.254.181.220	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	BG TO-S-2019-0926 Malicious Reconnaissance Activity
188.255.44.170	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password for invalid user (IP=170,RU)
188.29.165.24	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	GB TO-S-2020-0012 Malicious Email Activity
188.3.139.158	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=158,TR)
188.3.58.161	24	KF	None	2020-04-22 00:00:00	2020-07-21 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=161,TR)
188.32.21.100	24	DT	None	2020-05-04 00:00:00	2020-08-04 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=100,RU)
188.37.7.90	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=90,PT)
188.4.3.109	24	RW	None	2019-10-28 00:00:00	2020-01-28 00:00:00	None	- 6hr Failed Logon (IP=109,GR)
188.40.175.235	24	RR	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=235,DE)
188.40.247.237	32	wmp	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=237,DE)
188.40.249.226	32	RR	None	2020-01-03 00:00:00	2020-02-02 00:00:00	None	Unauthorized Access-Probe - TT# 20C01322 (IP=226,DE)
188.43.136.169	32	dbc	None	2020-06-30 00:00:00	2020-09-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=169,RU)
188.53.14.239	32	BMP	None	2020-07-28 00:00:00	2020-10-26 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) TT# 20C03575 (IP=239,SA)
188.61.30.109	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logons (IP=109,CH)
188.64.184.90	24	GM	None	2018-07-11 05:00:00	2020-06-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=90,GB) | updated by dbc with reason GB TO-S-2019-0723 Malicious Email Activity
188.65.115.157	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	GB TO-S-2019-0608 Malicious Email Activity
188.65.117.67	24	RR	None	2017-03-06 06:00:00	2020-06-07 00:00:00	None	EXPLOIT-KIT Angler exploit kit viewforum uri request attempt (IP=67,GB) | updated by GLM with reason SQL 1 = 1 - possible sql | updated by dbc with reason GB TO-S-2019-0723 Malicious Email Activity
188.65.208.18	24	RB	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr web attacks (IP=18,RU)
188.68.47.111	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	DE TO-S-2019-0468 Malicious Email Activity
188.68.47.117	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	DE TO-S-2019-0571 Malicious Email Activity
188.68.60.175	24	RB	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	Failed password_6 hr Failed Logons (IP=175,DE)
188.7.183.202	24	RR	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=202,FR)
188.72.202.174	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	NL TO-S-2020-0088 Malicious Email Activity
188.72.202.175	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	NL TO-S-2020-0088 Malicious Email Activity
188.72.202.2	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	PUP.Generic - HIVE (IP=2,NL)
188.75.129.130	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=130,CZ)
188.79.71.106	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=106,ES)
188.85.27.107	24	EDBT	None	2017-09-02 05:00:00	2020-05-19 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=107,ES) | updated by CR Block was inactive. Reactivated on 20200219 with reason UDP: Host Sweep (IP=107,ES)
188.9.190.243	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Illegal user - 6hr Logon (IP=243,IT)
188.93.230.135	24	RR	None	2018-01-13 06:00:00	2020-03-26 00:00:00	None	Authentication Failed (IP=135,PT) | updated by dbc with reason PT TO-S-2019-0532.01 Malicious Email Activity
188.93.230.40	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3289 COLS-NA-TIP-20-0211 (IP=40,PT)
188.93.235.238	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=238,PT)
188.95.32.254	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=254,SE)
188.96.217.206	24	RR	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Timeout before authentication for - Failed Logons (IP=206,DE)
188.97.90.79	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
189.0.214.108	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=108,BR)
189.1.135.215	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=215,BR)
189.112.61.142	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Illegal user - Failed Logons (IP=142,BR)
189.113.175.56	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=56,BR)
189.115.44.180	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Illegal user Failed_Failed Logon (IP=80,BR)
189.115.92.79	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user - Failed Logons (IP=79,BR)
189.124.134.14	24	GLM	None	2017-10-13 05:00:00	2020-01-29 00:00:00	None	SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt (IP=14,BR) | updated by GM with reason ABC Generic ArcSight scan attempt (IP=58,BR)
189.124.4.39	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=39,BR)
189.126.106.8	24	RR	None	2020-09-12 00:00:00	2020-12-11 00:00:00	None	SERVER-WEBAPP Atlassian Jira makeRequest server side request forgery attempt - Web Attacks (IP=8,BR)
189.126.112.119	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=119,BR)
189.126.112.157	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=157,BR)
189.126.112.57	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=57,BR)
189.126.112.68	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=68,BR)
189.126.199.106	24	djs	None	2014-03-11 05:00:00	2020-02-14 00:00:00	None	SSH Scans (ip=106,BR) | updated by RB with reason Failed password_6 hr Failed Logons (IP=194,BR) | 2020-02-14 | 2014-06-11
189.128.41.28	24	dbc	None	2014-03-21 05:00:00	2020-02-12 00:00:00	None	https Local File Inclusion (ip=28,MX) | updated by RR with reason Generic ArcSight scan attempt (IP=76,MX)
189.129.13.11	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=11,MX)
189.129.135.99	24	GM	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	Command Injection (IP=99,MX)
189.129.173.176	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	MX TO-S-2020-0212.01 Malicious Web Application Activity
189.129.173.176	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	MX TO-S-2020-0206 Malicious Web Application Activity
189.129.210.248	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	MX TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason MX TO-S-2020-0212.01 Malicious Web Application Activity
189.129.90.43	24	KF	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=43,MX) | updated by BMP Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=43,MX)
189.132.105.96	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=96,MX)
189.132.113.43	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=43,MX)
189.134.25.183	24	RR	None	None	2020-07-09 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=183,MX)
189.14.186.65	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=65,BR)
189.142.193.34	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=34,MX)
189.142.31.46	24	BMP	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - 6hr Web Attacks (IP=46,MX)
189.143.79.101	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=101,MX)
189.146.125.10	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=10,MX)
189.146.158.91	24	RR	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=91,MX) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=91,MX)
189.146.81.102	24	RR	None	2020-01-17 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=102,MX) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=102,MX)
189.148.44.72	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	MX TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason MX TO-S-2020-0212.01 Malicious Web Application Activity
189.148.68.59	24	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=59,MX)
189.149.234.23	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	MX TO-S-2019-0658 Malware Activity
189.149.237.3	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	MX TO-S-2019-0658 Malware Activity
189.149.3.197	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	MX TO-S-2019-0508 Malware Activity
189.15.112.113	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=113,BR)
189.150.2.216	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	MX TO-S-2019-0658 Malware Activity
189.152.232.51	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	ARCSight Sauron (IP=51,MX)
189.152.246.167	24	RR	None	2020-04-08 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=167,MX) | not blocked: This is a signature for home routers
189.155.112.231	24	ABC	None	2019-10-14 00:00:00	2020-01-12 00:00:00	None	Command Injection Attempt (IP=231,MX)
189.155.133.245	24	RB	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_6 hr web attacks (IP=245,MX)
189.155.15.253	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=253,MX)
189.155.89.140	24	RR	None	2020-07-19 00:00:00	2020-10-17 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=140,MX)
189.156.123.142	32	RR	None	2020-07-18 00:00:00	2020-10-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03498 (IP=142,MX)
189.156.166.201	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=201,MX)
189.156.192.246	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=246,MX)
189.156.202.214	24	RR	None	None	2020-07-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=214,MX)
189.156.94.159	24	KF	None	2020-03-21 00:00:00	2020-06-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=159,MX)
189.159.119.135	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=135,MX) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=135,MX)
189.159.93.27	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=27,MX)
189.165.1.235	24	CW	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt _SourceFire (IP=35,MX)
189.165.215.29	24	RR	None	2020-01-17 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=29,MX) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=29,MX) | updated by KF with reason SERVER-WEBAPP MVPower D
189.165.5.121	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=121,MX)
189.166.170.146	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=146 MX)
189.166.184.150	24	RB	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=150,MX)
189.166.186.169	32	KF	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	Immediate Inbound Network Block - TT# 20C01286 (IP=169,US)
189.167.216.155	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=155,MX)
189.169.128.64	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Authentication Failed (IP=64,MX)
189.169.50.178	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02412 (IP=178,MX)
189.176.0.16	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed - 6hr Logon (IP=16,MX)
189.176.15.67	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Authentication Failed - 6hr Logons (IP=67,MX)
189.177.144.118	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=118,MX)
189.177.169.220	24	ABC	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	Command Injection- ARCSight Sauron (IP=220,MX)
189.177.91.80	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=80,MX)
189.179.105.253	24	RW	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=253,MX)
189.179.164.229	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=229,MX)
189.179.2.57	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=57,MX)
189.189.177.47	24	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=47,MX)
189.190.146.83	24	GM	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	ABC Generic ArcSight scan attempt (IP=83,MX)
189.194.250.74	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	MX TO-S-2019-0508 Malware Activity
189.195.128.243	24	RR	None	2020-01-20 00:00:00	2020-04-21 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=243,MX) | updated by RWB with reason Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=,MX)
189.195.141.162	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02390 (IP=162,MX)
189.195.141.162	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=162,MX) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=162,MX)
189.195.41.98	24	RB	None	2019-04-27 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (IP=98 MX) | updated by RB Block was inactive. Reactivated on 20200129 with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=98,MX)
189.197.37.73	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=73,MX)
189.201.180.61	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=61,MX)
189.203.165.119	24	RB	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt_6 hr web attacks (IP=119,MX)
189.204.131.143	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	MX TO-S-2020-0047 Malicious Email Activity
189.205.187.90	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2/BOT: Mirai Echobot Activity Detected - TT# 20C02397 (IP=90,MX)
189.205.187.90	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=90,MX)
189.205.187.90	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=90,MX)
189.206.249.66	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	MX TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason MX TO-S-2020-0212.01 Malicious Web Application Activity
189.206.70.50	24	RB	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6 hr web attacks (IP=50,MX)
189.207.245.14	24	BMP	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=14,MX)
189.208.166.14	24	KF	None	2020-01-14 00:00:00	2020-04-28 00:00:00	None	Authentication Failed | updated by GM Block expiration extended with reason Authentication Failed - Failed Logons (IP=14,MX)
189.209.135.214	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=214,MX) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=214,MX)
189.209.217.49	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	MX TO-S-2019-1036 Malicious Email Activity
189.209.60.23	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=23,MX) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
189.213.27.104	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=104,MX)
189.222.137.126	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	MX TO-S-2020-0212.01 Malicious Web Application Activity
189.222.137.126	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	MX TO-S-2020-0206 Malicious Web Application Activity
189.222.138.164	24	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=164,MX)
189.222.149.146	24	CR	None	2020-04-25 00:00:00	2020-07-25 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=146,MX)
189.222.163.110	32	GM	None	2020-07-30 00:00:00	2020-08-30 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03584 (IP=110,MX)
189.222.188.60	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Command Injection Attempt (IP=60,MX)
189.223.181.120	24	DT	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=120,MX)
189.223.188.40	24	RR	None	2020-07-14 00:00:00	2020-10-12 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attack (IP=40,MX)
189.223.191.110	24	RR	None	2020-07-11 00:00:00	2020-10-09 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attack (IP=110,MX)
189.223.195.150	24	BMP	None	2020-03-17 00:00:00	2020-06-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=150,MX)
189.223.202.191	24	GM	None	2020-08-11 00:00:00	2020-11-10 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=191,MX)
189.223.227.38	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=38,MX)
189.223.228.181	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	MX TO-S-2019-0488 Malware Activity
189.223.231.251	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	MX TO-S-2020-0212.01 Malicious Web Application Activity
189.223.231.251	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	MX TO-S-2020-0206 Malicious Web Application Activity
189.223.246.58	24	RR	None	None	2020-06-23 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=58,MX)
189.223.66.101	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=101,MX)
189.230.124.74	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	MX TO-S-2019-0508 Malware Activity
189.232.112.1	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=1,MX)
189.235.240.44	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Failed password for invalid user - Failed Logon (IP=,CN)
189.235.47.246	24	YM	None	2018-05-14 05:00:00	2020-03-29 00:00:00	None	ET WEB_SERVER 401TRG Generic Webshell Request - POST with wget in body (IP=246,MX) | updated by KF with reason APP-DETECT failed FTP login attempt (1:13360:7) (IP=233,MX)
189.236.147.48	24	djs	None	2014-12-31 06:00:00	2020-04-19 00:00:00	None	WEBAPP setup.php access (ip=48,MX) | updated by RW Block was inactive. Reactivated on 20200119 with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=48,MX)
189.236.68.104	24	KF	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=104,MX)
189.238.18.229	24	RW	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	UDP: Host Sweep (IP=229,MX)
189.238.27.21	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=21,MX)
189.243.119.226	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=226,MX)
189.243.191.126	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=126,MX)
189.245.135.12	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	MX TO-S-2019-1036 Malicious Email Activity
189.251.28.94	24	GM	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=94,MX)
189.252.106.18	24	KF	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	Command Injection (IP=18,MX)
189.252.79.100	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02423 (IP=100,MX)
189.254.119.131	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Authentication Failed (IP=131,MX)
189.254.206.106	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=106,MX)
189.254.33.157	24	RR	None	2017-11-25 06:00:00	2020-01-15 00:00:00	None	Illegal user (IP=157,MX) | updated by RR with reason Illegal user (IP=157,MX) | updated by GM with reason Illegal user - Failed Logons (IP=157,MX)
189.26.113.98	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=98,BR)
189.36.207.242	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=242,BR)
189.36.62.48	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=48,BR)
189.38.90.177	32	wmp	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=177,BR)
189.39.13.1	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=1,BR)
189.40.75.19	24	RB	None	2019-05-19 00:00:00	2020-01-26 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=19 BR) | updated by RR with reason Authentication Failed - Failed Logons (IP=0,BR)
189.50.252.105	24	RR	None	2020-01-18 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=105,BR) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=105,BR) | updated by RWB with reason SERVER-WEBAPP MVPow
189.51.6.188	24	GED	None	2014-06-15 05:00:00	2020-02-11 00:00:00	None	TCP HOST SWEEPS (IP=188, BR) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=221,BR)
189.54.0.212	24	BMP	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - 6hr Web Attacks (IP=212,BR)
189.55.176.89	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=89,BR)
189.55.246.111	24	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=111,BR)
189.76.176.10	24	RB	None	2018-07-14 05:00:00	2020-02-20 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=10,BR) | updated by ALJ with reason SQL 1 = 1 - possible sql injection attemp
189.80.134.122	32	dbc	None	2019-12-17 00:00:00	2020-12-26 00:00:00	None	BR TO-S-2020-0187 Malicious Email Activity | updated by dbc Block expiration extended with reason BR TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason BR TO-S-2020-0212.01 Malicious Email Activity
189.83.20.35	24	BMP	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	Known Attack Tool User Agent / UDS-WhatWeb_RC8766 - TT# 20C01540 (IP=35,BR)
189.84.212.82	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=82,BR)
189.90.130.248	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=248,BR)
189.90.24.19	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=19,BR)
189.91.239.1	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Invalid user -Failed Logons (IP=1,BR)
189.92.118.126	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Authentication Failed - Failed Logons (IP=126,BR)
189.92.121.95	24	RR	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=95,BR)
189.92.125.64	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Illegal user - Failed Logons (IP=64,BR)
189.92.186.161	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=161,BR)
189.92.216.28	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Authentication Failed - Failed Logon (IP=28,BR)
189.92.244.11	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	Illegal user - Failed Logons (IP=11,BR)
189.92.56.55	24	GM	None	2019-12-16 00:00:00	2020-03-16 00:00:00	None	Illegal user - Failed Logons (IP=55,BR)
189.93.158.64	24	EDBT	None	2017-11-25 06:00:00	2020-03-14 00:00:00	None	ET SCAN Potential SSH Scan (IP=64,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=195,BR) | 2020-03-14 | 2018-02-23
189.94.104.116	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Authentication Failed_Failed Logon (IP=16,BR)
189.94.108.41	24	RB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=41,BR)
189.94.162.40	24	RW	None	2020-02-18 00:00:00	2020-05-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=40,BR) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=40,BR)
189.94.54.123	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Authentication Failed - Failed Logons (IP=123,BR)
189.94.96.60	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=60,BR)
189.95.2.53	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Authentication Failed (IP=53,BR)
189.98.122.245	24	RW	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=245,BR)
189.98.183.251	24	KF	None	2019-10-14 00:00:00	2020-01-12 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=251,BR)
190.0.159.86	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=86,UY)
190.0.22.66	24	RR	None	2019-01-19 00:00:00	2020-03-10 00:00:00	None	Failed password for invalid user (IP=66,CO) | updated by GM with reason Failed password - Failed Logons (IP=66,CO)
190.1.127.168	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=168,AR)
190.1.203.180	24	RR	None	2019-01-19 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user (IP=180,CO) | updated by BP Block was inactive. Reactivated on 20191122 with reason Failed password (IP= 180 , CO )
190.1.32.0	19	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AR TO-S-2019-1036 Malicious Email Activity
190.101.58.167	24	RB	None	2020-04-27 00:00:00	2020-07-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=167,CL)
190.102.156.149	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	PE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason PE TO-S-2020-0212.01 Malicious Web Application Activity
190.102.251.36	24	RR	None	2019-04-05 00:00:00	2020-01-06 00:00:00	None	Authentication Failed (IP=36,CL) | updated by RR with reason Authentication Failed - Failed Logons (IP=104,CL)
190.102.71.49	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=49,HT)
190.104.170.165	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=165,PY)
190.104.197.90	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password for invalid user - Failed Logons (IP=90,AR)
190.105.227.40	32	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C02954 (IP=40,AR)
190.105.227.63	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=63,AR)
190.105.239.0	24	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	CL TO-S-2019-0571 Malicious Email Activity
190.107.177.244	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=244,CL)
190.107.208.57	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=57,NI)
190.107.226.60	32	RW	None	2020-05-04 00:00:00	2020-06-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02611 (IP=60,CL)
190.107.6.18	24	GM	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=18,CU)
190.109.128.0	18	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	CO TO-S-2019-0734.01 Malicious Email Activity
190.109.192.0	19	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	HN TO-S-2020-0088 Malware Activity
190.109.223.0	24	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	HN TO-S-2019-0508 Malware Activity
190.110.247.191	24	RR	None	2020-01-17 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=191,AR) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=191,AR)
190.113.142.97	24	EDBT	None	2017-11-22 06:00:00	2020-02-12 00:00:00	None	Severe network attack (IP=97,AR) | updated by RR with reason Invalid user -Failed Logons (IP=197,AR)
190.114.252.125	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Command Injection Attempt (IP=125,ZZ)
190.115.18.172	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=172,XX)
190.119.190.122	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Failed password - Failed Logons (IP=122,PE)
190.119.217.82	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	PE TO-S-2020-0212.01 Malicious Web Application Activity
190.119.217.82	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	PE TO-S-2020-0206 Malicious Web Application Activity
190.12.72.154	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=154,PE)
190.121.135.102	24	CR	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attack (IP=102,CO)
190.121.236.10	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 020420-00066 (IP=10,VE)
190.124.162.73	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=73,HN)
190.128.154.222	24	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=222,PY)
190.128.226.34	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=34,PY)
190.128.230.14	24	RR	None	2018-12-08 06:00:00	2020-03-02 00:00:00	None	Failed password for invalid user (IP=14,PY) | updated by KF Block was inactive. Reactivated on 20191203 with reason Failed Password - 6 Hr Failed Logons (IP=14,PY)
190.128.96.181	24	RW	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Generic ArcSight scan attempt (IP=181,CO)
190.129.47.148	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Failed password for invalid user - Failed Logon (IP=148,BO)
190.129.90.34	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3576 CTO-20-226 (IP=34,BO)
190.13.160.0	24	dbc	None	2019-12-17 00:00:00	2020-12-26 00:00:00	None	CL TO-S-2020-0187 Malicious Email Activity | updated by dbc Block expiration extended with reason CL TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason CL TO-S-2020-0212.01 Malicious Email Activity
190.13.238.41	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=41,AR)
190.131.201.34	32	CR	None	2020-06-15 00:00:00	2020-09-15 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03171 (IP=34,CO)
190.138.4.111	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=111,AR)
190.139.36.89	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
190.139.39.190	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=190,)
190.14.159.6	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=6,AR)
190.14.240.74	24	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Failed password - Failed Logons (IP=74,CO)
190.14.38.185	24	sjl	None	2016-02-04 06:00:00	2020-01-24 00:00:00	None	TLSv1 Malicious Heartbleed Request V2 (IP=185 PA) | updated by dbc with reason PA TO-S-2019-0351 Malicious Web Application Act
190.141.226.185	24	RR	None	2019-11-20 00:00:00	2020-02-19 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=185,PA) | updated by KF Block expiration extended with reason SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=185,PA)
190.141.72.143	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=143,PA)
190.143.142.162	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=162,GT)
190.144.135.118	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=118,CO) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
190.144.135.118	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=118,CO) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
190.144.14.170	24	RR	None	2018-08-14 05:00:00	2020-03-05 00:00:00	None	Illegal user (IP=170,CO) | updated by RW Block was inactive. Reactivated on 20191205 with reason Authentication Failed - 6hr Failed Logon(IP=170,CO)
190.144.22.30	24	GM	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Illegal user - Failed Logons (IP=30,CO)
190.145.12.58	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	BOT: Mirai Echobot Activity Detected - TT# 020420-00053 (IP=58,CO)
190.146.40.134	24	ged	None	2014-05-11 05:00:00	2020-02-13 00:00:00	None	TCP HOST SWEEPS (IP=134, CO) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=67,CO)
190.147.2.190	24	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=190,CO)
190.148.39.187	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=187,GT)
190.15.111.123	24	ABC	None	2019-10-14 00:00:00	2020-01-19 00:00:00	None	Command Injection Attempt (IP=123,BR) | updated by KF with reason Immediate Inbound Network Block - TT# 20C00519 (IP=27,US)
190.15.16.98	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 Hr Failed Logons (IP=98,CO)
190.151.0.0	17	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	CL TO-S-2019-0734.01 Malicious Email Activity
190.151.163.72	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
190.151.171.11	32	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	FPSE: service.pwd Access - TT# 20C00165 (IP=11,AR)
190.151.171.110	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt (IP=10,AR)
190.152.14.17	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Authentication Failed_Failed Logon (IP=17,EC)
190.152.144.202	32	RW	None	2020-04-03 00:00:00	2020-05-03 00:00:00	None	FTKNOX_HRC_IPS Signature: Known Attack Tool User Agent - TT# 20C02338 (IP=202,EC)
190.152.154.5	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=5,EC)
190.152.180.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	EC TO-S-2020-0109.01 Malicious Email Activity
190.152.36.86	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	EC TO-S-2019-0420 Malicious Email Activity
190.152.4.0	24	dbc	None	2019-12-17 00:00:00	2020-12-26 00:00:00	None	EC TO-S-2020-0187 Malicious Email Activity | updated by dbc Block expiration extended with reason EC TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason EC TO-S-2020-0212.01 Malicious Email Activity
190.154.192.0	19	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	EC TO-S-2020-0187 Malicious Email Activity
190.154.192.0	20	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	EC TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason EC TO-S-2020-0212.01 Malicious Email Activity
190.158.201.33	24	GM	None	2019-10-21 00:00:00	2020-05-03 00:00:00	None	Failed password - Failed Logons (IP=33,CO) | updated by KF Block was inactive. Reactivated on 20200203 with reason Failed password (IP=33,CO)
190.16.125.169	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Authentication Failed - Failed Logons (IP=169,AR)
190.163.230.230	24	RR	None	2020-06-30 00:00:00	2020-09-28 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt -Web Attacks (IP=230,CL)
190.166.121.191	24	RW	None	2020-05-20 00:00:00	2020-08-18 00:00:00	None	Command Injection - ABC Report (IP=191,DR)
190.166.176.99	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=99,DO)
190.166.252.202	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=202,DR)
190.169.105.240	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=240,VE)
190.17.155.94	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=94,AR)
190.17.208.123	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=123,AR)
190.177.180.223	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=223,AR)
190.18.0.0	15	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AR TO-S-2019-1036 Malicious Email Activity
190.181.32.59	24	GM	None	2020-09-22 00:00:00	2020-12-22 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=59,BO)
190.181.60.26	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=26,BO)
190.184.202.110	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	CO TO-S-2019-0634 Malicious Email Activity
190.186.170.83	24	BP	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Invalid user - 6hr Logons (IP=83,BO)
190.186.192.0	18	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	BO TO-S-2019-1036 Malicious Email Activity
190.187.67.67	24	RR	None	2018-08-14 05:00:00	2020-01-14 00:00:00	None	Illegal user (IP=67,PE) | updated by CR with reason Illegal user_6 hr Failed Logon (IP=67,PE)
190.188.55.107	32	RW	None	2020-03-16 00:00:00	2020-04-16 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02152 (IP=107,US)
190.189.92.211	24	KF	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SQL HTTP URI blind injection attempt (1:49666:2) - SourceFire (IP=211,AR)
190.19.15.51	32	BMP	None	2020-06-29 00:00:00	2020-07-29 00:00:00	None	35290: HTTP: FxCodeShell Webshell Traffic Detected - TT# 20C03321 (IP=51,AR)
190.191.77.200	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=200,AR)
190.192.169.34	24	RB	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=34,AR)
190.192.214.95	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6hr web attacks (IP=95,AR)
190.193.189.60	24	RB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Invalid user_6 hr Failed Logons (IP=60,AR)
190.193.43.215	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=215,AR)
190.193.50.29	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=29,AR) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
190.195.98.135	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=135,AR)
190.196.32.0	20	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	CL TO-S-2019-0734.01 Malicious Email Activity
190.196.91.43	24	RB	None	2020-04-22 00:00:00	2020-07-21 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - 6 hr web attacks (IP=43,CL)
190.198.73.177	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=177,VE)
190.199.228.115	32	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=115,US)
190.199.250.154	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=154,VE)
190.2.142.59	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NL TO-S-2019-0626.01 Malware Activity
190.2.143.60	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=60,NL)
190.2.144.124	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	NL TO-S-2019-0532.01 Malicious Connections Activity
190.202.109.244	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=244,VE)
190.202.54.12	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=12,VE)
190.203.226.181	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=181,VE)
190.205.191.82	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=82,VE)
190.206.226.7	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=7,VE)
190.210.132.98	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=98,AR)
190.210.180.77	24	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=77,AR)
190.210.186.71	32	wmp	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	HIVE Case #3555 COLS-NA-TIP-20-0254 (IP=71,AR)
190.210.222.124	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password for invalid user - Failed Logons (IP=124,AR)
190.210.42.209	24	RR	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Failed password - Failed Logons (IP=209,)
190.210.94.108	24	dbc	None	2014-03-21 05:00:00	2020-01-17 00:00:00	None	Remote code Execution (ip=108,AR) | updated by Malware with reason Callback (IP=131,AR) | updated by RB with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00476 (IP=131,AR)
190.211.160.253	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Invalid user - Failed Logons (IP=253,CL)
190.211.254.201	32	GM	None	2020-07-05 00:00:00	2020-10-05 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03378 (IP=201,US)
190.212.68.44	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logon (IP=44,NI)
190.214.77.245	24	RR	None	2018-12-31 06:00:00	2020-01-17 00:00:00	None	Failed password (IP=245,EC) | updated by RB with reason Illegal user_6 hr Failed Logons (IP=25,EC) | 2020-01-17 | 2019-03-31
190.215.148.239	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	Authentication Failed - 6hr Logons (IP=239,CL)
190.216.96.0	20	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	EC TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason EC TO-S-2020-0212.01 Malicious Web Application Activity
190.217.185.7	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=7,CH)
190.218.154.0	24	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,PA)
190.22.186.59	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=59,CL)
190.22.197.208	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=8,CL)
190.22.221.204	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=4,CL)
190.22.236.21	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=21,CL)
190.22.240.192	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=192,CL)
190.221.11.130	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=130,AR)
190.225.67.246	24	GM	None	2020-06-10 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=246,AR)
190.225.77.203	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=203,AR)
190.226.0.0	15	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AR TO-S-2019-1036 Malicious Email Activity
190.226.40.0	21	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AR TO-S-2019-1036 Malicious Email Activity
190.228.0.0	14	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AR TO-S-2019-1036 Malicious Email Activity
190.228.72.0	21	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	AR TO-S-2019-0508 Malware Activity
190.235.98.76	24	KF	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02177 (IP=76,PE)
190.237.52.233	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Authentication Failed (IP=233,PE)
190.242.109.128	32	RW	None	2020-09-27 00:00:00	2020-12-27 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03996 (IP=128,CO)
190.242.60.132	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02807 (IP=132,CO)
190.246.150.72	24	sjl	None	2015-04-13 05:00:00	2020-04-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=72 AR) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=110,AR) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell a
190.246.155.29	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=29,AR)
190.246.45.81	24	RW	None	2019-12-17 00:00:00	2020-03-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=81,AR)
190.248.67.134	24	RB	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Authentication Failed_6 hr Failed Logons_CPC (IP=134,CO)
190.25.232.2	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user_Failed Logon (IP=2,CO)
190.250.66.245	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=245,CO)
190.27.160.0	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=0,CO)
190.27.94.170	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web attacks (IP=70,CO)
190.28.111.56	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=56,CO)
190.28.120.164	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=164,CO)
190.3.111.10	24	RW	None	2020-04-08 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=10,AR) | not blocked: This is a signature for home routers.
190.32.23.226	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=226,PA)
190.34.247.53	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=53,PA)
190.34.255.231	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=231,PA)
190.35.51.156	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=156,PA)
190.36.231.169	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=169,VE)
190.37.124.218	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=218,VE)
190.38.238.67	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	Failed password_6 hr Failed Logons (IP=67,VE)
190.38.49.122	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=122,VZ)
190.40.113.27	24	BMP	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr Web Attacks (IP=27,PE)
190.40.161.58	24	RR	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Failed password - Failed Logons (IP=58,PE)
190.45.37.216	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=216,CL)
190.45.37.216	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CL TO-S-2020-0212.01 Malicious Web Application Activity
190.46.101.169	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=169,CL)
190.46.196.203	32	FT	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=203,CL)
190.5.135.121	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	SV TO-S-2020-0212.01 Malicious Web Application Activity
190.5.135.121	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	SV TO-S-2020-0206 Malicious Web Application Activity
190.5.242.114	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=114,PA)
190.52.32.98	24	RR	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=98,AR) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=98,AR)
190.53.135.0	24	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	SV TO-S-2019-1036 Malicious Email Activity
190.54.116.0	22	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CL TO-S-2020-0212.01 Malicious Web Application Activity
190.55.0.0	18	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AR TO-S-2019-1036 Malicious Email Activity
190.55.112.62	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed - 6hr Logon (IP=62,AR)
190.57.236.62	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=62,AR)
190.6.128.0	20	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DO TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason DO TO-S-2020-0212.01 Malicious Web Application Activity
190.61.250.150	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=150,CO)
190.61.250.160	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	MX TO-S-2019-1036 Malicious Email Activity
190.64.64.0	20	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	UY TO-S-2019-0604 Malicious Email Activity
190.69.19.130	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=130,CO)
190.7.128.74	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=74,CO)
190.72.34.23	24	KF	None	2020-04-21 00:00:00	2020-07-20 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=23,VE)
190.73.237.122	24	RB	None	2020-04-22 00:00:00	2020-07-21 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - 6 hr web attacks (IP=122,VE)
190.74.21.233	24	CW	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_web attacks (IP=33,VE)
190.8.168.244	24	RB	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_Sourcefire (IP=244,VE)
190.8.176.3	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	HTTP: Blind SQL Injection - Timing(IP=3,CO)
190.8.66.121	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=121,CL)
190.80.34.30	24	CR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6 hr failed logon (IP=30,GY)
190.81.186.114	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	PE TO-S-2020-0212.01 Malicious Web Application Activity
190.81.186.114	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	PE TO-S-2020-0206 Malicious Web Application Activity
190.83.128.0	17	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	TT TO-S-2019-0972 Malicious Web Application Activity
190.85.102.124	32	RB	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03524 (IP=124,CO)
190.85.15.66	24	YM	None	2018-04-12 05:00:00	2020-03-08 00:00:00	None	ET SCAN Potential SSH Scan (IP=66,CR) | updated by RR with reason Invalid user - Failed Logons (IP=251,CO)
190.85.171.126	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=126,CO)
190.85.213.2	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=2,CO)
190.85.32.42	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=42,CO)
190.85.83.230	24	CR	None	2018-05-23 05:00:00	2020-04-19 00:00:00	None	Illegal user (IP=230,CO) | updated by RR with reason Illegal user - Failed Logons (IP=230,CO)
190.85.91.54	24	CW	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_web attacks (IP=54,CO)
190.9.130.71	24	djs	None	2015-05-30 05:00:00	2020-02-18 00:00:00	None	SSH Scans (ip=71,VE) | updated by RR with reason HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerabilit | updated by RR with reason Failed password - Failed Logons (IP=159,VE)
190.9.36.235	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	PA TO-S-2019-0420 Malicious Email Activity
190.92.26.74	24	RR	None	None	2020-07-09 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=74,HN)
190.93.208.176	24	KF	None	2018-11-07 06:00:00	2020-02-14 00:00:00	None	Illegal user (IP=176,AR) | updated by RR with reason Generic ArcSight scan attempt (IP=123,AR)
190.93.222.228	24	RR	None	2020-01-18 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - Failed Logons (IP=228,AR) | updated by KF Block expiration extended with reason Authentication Failed (IP=228,AR)
190.94.0.0	17	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	DO TO-S-2019-0508 Malware Activity
190.94.192.8	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=8,VE) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=8,VE)
190.95.112.0	21	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	CL TO-S-2019-0468 Malicious Email Activity
190.95.12.22	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CL TO-S-2020-0212.01 Malicious Web Application Activity
190.95.44.151	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	Authentication Failed - 6hr Logon (IP=151,CL)
190.96.145.9	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=9 CO)
190.96.172.101	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=101,CO)
190.96.215.48	32	RB	None	2020-03-20 00:00:00	2020-04-20 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C00988 (IP=48,CO)
190.96.67.243	24	RB	None	2020-05-20 00:00:00	2020-08-20 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 hr web attacks (IP=243,CL)
190.97.0.0	19	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AR TO-S-2019-1036 Malicious Email Activity
190.98.199.144	32	wmp	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HIVE Case #3445 COLS-NA-TIP-20-0243 (IP=144,CL)
191.10.161.186	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_SoureFire (IP=86,BR)
191.10.203.107	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=107,BR)
191.10.63.159	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - Failed Logons (IP=159,BR)
191.100.10.124	24	RR	None	2020-06-15 00:00:00	2020-09-13 00:00:00	None	SERVER-WEBAPP Tomato router web interface bruteforce scan attempt - SourceFire (IP=124,EC)
191.100.9.242	24	FT	None	2020-09-26 00:00:00	2020-12-26 00:00:00	None	SERVER-WEBAPP Tomato router web interface bruteforce scan attempt - Web Attacks (IP=242,EC)
191.102.94.155	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=155,CO)
191.103.128.0	17	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	CO TO-S-2019-0734.01 Malicious Email Activity
191.109.124.127	24	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=127,CO)
191.109.73.0	24	GM	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	Command Injection (IP=0,CO)
191.109.74.119	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=119,CO)
191.115.4.166	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CL TO-S-2020-0212.01 Malicious Web Application Activity
191.12.103.197	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=197,BR)
191.12.107.81	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - Failed Logons (IP=81,BR)
191.12.107.81	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - Failed Logons (IP=81,BR)
191.12.109.2	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Illegal user - Failed Logons (IP=2,BR)
191.125.13.116	24	20200120	None	None	2020-01-20 00:00:00	None	Authentication Failed - Fail Logins (IP=116,CL) | updated by RWB Block was inactive. Reactivated on 20191022 with reason Authentication Failed - Fail Logins (IP=116,CL)
191.125.131.253	24	GM	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=253,CL)
191.125.185.158	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Authentication Failed - Failed Logons (IP=158,CL)
191.125.33.40	24	RR	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	Authentication Failed - Failed Logons (IP=40,CL)
191.125.58.255	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=255,CL)
191.126.152.31	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Authentication Failed_Failed Logon (IP=31,CL)
191.126.157.168	24	RR	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Authentication Failed - Failed Logons (IP=168,CL)
191.126.37.157	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Authentication Failed - Failed Logons (IP=157,CL)
191.126.46.118	24	CR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6 hr Failed (IP=118,CL)
191.126.62.16	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=16,CL)
191.129.179.69	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Authentication Failed - Failed Logons (IP=69,BR)
191.14.113.138	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=138,BR)
191.14.239.173	24	CW	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	Failed password_Failed logon (IP=73,BR)
191.14.68.238	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	Authentication Failed - Failed Logons (IP=238,BR)
191.142.0.0	15	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	BR TO-S-2019-1002 Malware Activity
191.160.123.245	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - Failed Logons (IP=245,BR)
191.162.43.195	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=195,BR)
191.162.90.141	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=141,BR)
191.163.133.216	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=216,BR)
191.165.150.119	24	CR	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	Authentication Failed_6 hr failed logon (IP=119,BR)
191.17.23.24	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	Authentication Failed - Failed Logons (IP=24,BR)
191.178.50.52	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=52,BR)
191.179.115.220	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=220,BR)
191.18.113.109	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Authentication Failed_Failed Logon (IP=9,BR)
191.18.13.198	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=198 BR)
191.18.15.35	24	GM	None	2019-11-13 00:00:00	2020-02-13 00:00:00	None	Authentication Failed - Failed Logons (IP=35,BR)
191.18.19.66	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=66,BR)
191.18.4.134	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=134,BR)
191.18.52.21	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	Authentication Failed_6 hr Failed Logon (IP=21,BR)
191.18.65.127	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Illegal user - Failed Logons (IP=127,BR)
191.18.68.16	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	Authentication Failed_Failed Logon (IP=16,BR)
191.18.79.57	24	RR	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	Authentication Failed - Failed Logons (IP=57,BR)
191.18.8.224	24	KF	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=224,BR)
191.18.85.39	24	YM	None	2017-10-09 05:00:00	2020-02-19 00:00:00	None	ET SCAN Potential SSH Scan (IP=39,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=224,BR) | 2020-02-19 | 2018-01-07
191.193.88.134	24	RR	None	2018-01-19 06:00:00	2020-02-18 00:00:00	None	Severe network attack (IP=134,BR) | updated by RR with reason Failed password - Failed Logons (IP=43,BR)
191.194.1.115	24	RWB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Authentication Failed - Failed Logon (IP=115,BR)
191.194.104.61	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=61,BR)
191.194.109.16	24	RB	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	Authentication Failed-6 hr Failed Logons (IP=16,BR)
191.194.116.54	24	BMP	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	Authentication Failed - 6hr Logons (IP=54,BR)
191.194.121.205	24	KF	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	Authentication Failed 6 Hr Failed Logons (IP=205,BR)
191.194.123.36	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=36,BR)
191.194.124.145	24	RB	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	Authentication Failed-6 hr Failed Logons (IP=145,BR)
191.194.14.121	24	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=121,BR)
191.194.15.105	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Authentication Failed - Failed Logon (IP=105,BR)
191.194.16.123	24	KF	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Authentication Failed (IP=123,BR)
191.194.19.158	24	RW	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=158,BR)
191.194.28.47	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	Authentication Failed - Failed Logon (IP=47,BR)
191.194.37.53	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=53,BR)
191.194.39.181	24	CR	None	2020-01-06 00:00:00	2020-04-06 00:00:00	None	Authentication Failed - 6 hr Failed Logon (IP=181,BR)
191.194.4.202	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed_Faield Logon (IP=2,BR)
191.194.47.17	24	RR	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Authentication Failed - Failed Logons (IP=17,BR)
191.194.52.214	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	Authentication Failed_Failed Logon
191.194.65.207	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - Failed Logons (IP=207,BR)
191.194.7.38	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=38,BR)
191.194.96.230	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Authentication Failed - 6hr Logons (IP=230,BR)
191.195.128.127	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	Authentication Failed - Web Attacks (IP=127,BR)
191.195.199.123	24	RR	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	Authentication Failed - Failed Logons (IP=123,BR)
191.199.190.66	24	RB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=66,BR)
191.199.205.97	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=97,BR)
191.199.205.97	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=97,BR)
191.201.13.164	24	MLJ	None	2018-03-08 06:00:00	2020-01-25 00:00:00	None	ET SCAN Potential SSH Scan (IP=164,BR) | updated by RR with reason Authentication Failed - Failed Logons (IP=50,BR)
191.201.203.108	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=108,BR)
191.201.203.108	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	Authentication Failed - 6hr Failed
191.201.216.69	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Authentication Failed_Failed Logon (IP=69,BR)
191.201.227.105	24	MLJ	None	2017-10-10 05:00:00	2020-03-24 00:00:00	None	ET SCAN Potential SSH Scan (IP=105,BR) | updated by GM with reason Authentication Failed - Failed Logons (IP=105,BR)
191.201.233.158	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=158,BR)
191.201.238.160	24	MLJ	None	2017-10-11 05:00:00	2020-02-19 00:00:00	None	ET SCAN Potential SSH Scan (IP=160,BR) | updated by BP with reason Authentication Failed - 6hr Failed Logon (IP=219,BR)
191.201.238.19	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=219,BR)
191.201.252.3	24	MLJ	None	2018-03-14 05:00:00	2020-01-04 00:00:00	None	ET SCAN Potential SSH Scan (IP=3,BR) | updated by GM with reason INDICATOR-SC AN SSH brute force login attempt (IP=250,BR) | updated by RB with reason Illegal user_6 hr Failed Logons (IP=1 BR) | 2020-01-04 | 2019-06-19
191.201.34.88	24	GM	None	2020-01-08 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=88,BR)
191.201.40.173	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=173,BR)
191.201.90.146	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=146,BR)
191.201.95.138	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=138,BR)
191.203.38.211	24	RB	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	Failed password_6 hr Failed Logons (IP=211,BR)
191.206.150.93	24	CR	None	2019-12-27 00:00:00	2020-03-27 00:00:00	None	Authentication Failedr - 6 hr Failed logon (IP=93,BR)
191.207.10.132	24	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=132,BR)
191.207.118.9	24	RB	None	2017-10-28 05:00:00	2020-04-06 00:00:00	None	TELNET: RootLogin with Wrong Password (IP=9,BR) | updated by Authentication with reason Failed_6 hr Failed Logons (IP=230 GB) | -- | 2018-01-26
191.207.28.105	24	GM	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	Authentication Failed - Failed Logons (IP=105,BR)
191.207.49.171	24	RR	None	2017-12-14 06:00:00	2020-01-17 00:00:00	None	Authentication Failed (IP=171,BR) | updated by KF with reason Failed password (IP=92,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=32,BR) | 2020-01-17 | 2019-03-18
191.207.62.3	24	MLJ	None	2017-07-04 05:00:00	2020-02-09 00:00:00	None	ET SCAN Potential SSH Scan (IP=3,BR) | updated by KF with reason Authentication Failed (IP=45,BR) | updated by KF with reason Authentication Failed (IP=241,BR)
191.207.81.218	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Invalid user (IP=218,BR)
191.207.85.156	24	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=156,BR)
191.207.85.156	24	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=156,BR)
191.208.24.56	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Authentication Failed - Failed Logons (IP=56,BR)
191.208.3.238	24	MLJ	None	2017-12-15 06:00:00	2020-02-09 00:00:00	None	ET SCAN Potential SSH Scan (IP=238,BR) | updated by KF with reason Failed password (IP=39,BR)
191.208.36.165	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=165,BR)
191.208.36.165	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Illegal user - Failed Logons (IP=165,BR)
191.208.36.165	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=165,BR)
191.208.36.202	24	BMP	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	Authentication Failed - 6hr Logon (IP=202,BR)
191.208.38.227	24	KF	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	Authentication Failed - Failed Logons (IP=227,BR)
191.208.57.225	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Authentication Failed - Failed Logons (IP=225,BR)
191.208.7.151	24	RR	None	2018-05-29 05:00:00	2020-01-20 00:00:00	None	ET SCAN Potential SSH Scan (IP=151,BR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=163,BR) | 2020-01-20 | 2018-08-27
191.208.93.48	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=48,BR)
191.210.240.48	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	Invalid user - Failed Logons (IP=48,BR)
191.211.105.29	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed_Failed Logon (IP=29,BR)
191.211.111.51	24	BMP	None	2019-12-30 00:00:00	2020-03-30 00:00:00	None	Invalid username - 6hr Failed Logon (IP=51,BR)
191.211.111.51	24	BMP	None	2019-12-30 00:00:00	2020-03-30 00:00:00	None	Invalid username - 6hr Failed Logon (IP=51,BR)
191.211.118.30	24	RB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=30,BR)
191.211.119.171	24	GM	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	Authentication Failed - Failed Logons (IP=171,BR)
191.211.119.244	24	RB	None	2017-12-03 06:00:00	2020-04-20 00:00:00	None	ET SCAN Potential SSH Scan (IP=244,BR) | updated by CR with reason Authentication Failed - 6 hr Failed Logon (IP=1,BR)
191.211.121.242	24	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - Failed Logons (IP=242,BR)
191.211.123.75	24	CR	None	2019-12-27 00:00:00	2020-03-27 00:00:00	None	Authentication Failed - 6 hr Failed logon (IP=75,BR)
191.211.126.54	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed - 6hr Logon (IP=54,BR)
191.211.2.41	24	GLM	None	2017-06-28 05:00:00	2020-02-16 00:00:00	None	ET SCAN Potential SSH Scan (IP=41,BR) | updated by RR with reason Authentication Failed - Failed Logons (IP=169,BR)
191.211.21.96	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP= 96 , BR )
191.211.25.236	24	MLJ	None	2018-03-08 06:00:00	2020-02-20 00:00:00	None	ET SCAN Potential SSH Scan (IP=236,BR) | updated by RR with reason Authentication Failed - Failed Logons (IP=91,BR)
191.211.44.36	24	RWB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Authentication Failed - Failed Logon (IP=36,BR)
191.211.63.36	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - Failed Logons (IP=36,BR)
191.211.79.210	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=210,BR)
191.211.81.91	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=91,BR)
191.211.84.170	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=170,BR)
191.211.95.149	24	CW	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_SourceFire (IP=49,BR) | updated by KF Block expiration extended with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=149,BR)
191.23.199.237	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=237,BR)
191.23.211.100	24	MLJ	None	2017-10-10 05:00:00	2020-02-06 00:00:00	None	ET SCAN Potential SSH Scan (IP=100,BR) | updated by RB with reason Authentication Failed (IP=245,BR) | 2019-03-12 | 2018-01-1 | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=245 BR) | 2020-02-06 | 2019-03-12
191.23.252.131	24	CW	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	Authentication Failed_Failed Logon (IP=31,BR)
191.232.163.135	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=135,BR)
191.232.193.48	32	wmp	None	2020-06-24 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3109 COLS-NA-TIP-20-0192 (IP=48,BR) | updated by wmp Block expiration extended with reason HIVE Case #3708 TO-S-2020-0766 (IP=48,BR)
191.232.212.207	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=207,US)
191.235.112.72	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=72,BR)
191.235.84.248	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password for invalid user (IP=248,BR)
191.235.91.156	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=156,BR)
191.237.248.2	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Illegal user_Failed Logon (IP=2,BR)
191.238.218.151	32	RB	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	Unauthorized Access-Probe - TT# 20C03080 (IP=151,BR)
191.239.252.114	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=114,BR)
191.240.103.116	24	RR	None	2020-01-20 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=116,BR) | updated by RB Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=116 BR)
191.242.129.116	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=116,BR)
191.242.202.36	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=36,BR)
191.243.199.0	24	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	BR TO-S-2020-0056 Malicious Email Activity
191.243.57.237	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=237,BR)
191.246.1.103	24	RW	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=103,BR)
191.246.4.44	24	RB	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_Sourcefire (IP=44,BR)
191.25.104.117	24	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	Authentication Failed - 6hr Logons (IP=117, BR)
191.25.134.222	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Authentication Failed - Failed Logons (IP=222,BR)
191.25.218.59	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
191.25.244.224	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Authentication Failed - Failed Logons (IP=224,BR)
191.25.56.79	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Authentication Failed (IP=79,BR)
191.25.91.203	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=203,BR)
191.252.0.0	16	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	BR TO-S-2019-0723 Correction to TO-S-2018-0394 Malware Activity
191.252.0.134	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=134,BR)
191.252.30.130	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=130,BR)
191.252.51.242	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=242,BR)
191.252.88.9	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=9,BR)
191.26.205.246	24	MLJ	None	2017-07-03 05:00:00	2020-01-02 00:00:00	None	ET SCAN Potential SSH Scan (IP=246,BR) | updated by RR with reason Authentication Failed - Failed Logons (IP=63,BR)
191.26.209.135	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=135,BR)
191.27.117.207	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password_6 hr Failed Logons (IP=207,BR)
191.27.118.137	24	KF	None	2019-10-14 00:00:00	2020-01-12 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=137,BR)
191.27.19.86	24	RR	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Authentication Failed - Failed Logons (IP=86,BR)
191.27.56.38	24	RB	None	2020-01-07 00:00:00	2020-04-06 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=38 BR)
191.27.73.9	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Authentication Failed - 6hr Logons (IP=9,BR)
191.28.209.79	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=79,BR)
191.29.67.12	24	RW	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	Failed keyboard-interactive - 6hr Failed Logon (IP=12,BR)
191.29.78.122	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed - 6hr Logon (IP=122,BR)
191.29.95.206	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=206,BR)
191.36.189.113	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=113,BR)
191.36.189.170	32	RW	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01864 (IP=170,BR)
191.37.149.102	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Authentication Failed - 6hr Logons (IP=102,BR)
191.37.150.46	24	RW	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=46,BR)
191.37.181.0	24	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	BR TO-S-2020-0187 Malicious Email Activity
191.37.181.0	21	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	BR TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason BR TO-S-2020-0212.01 Malicious Email Activity
191.39.95.53	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=53,BR)
191.5.0.122	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=122,BR)
191.5.130.69	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user - Failed Logons (IP=69,BR)
191.5.45.42	24	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=42,BR)
191.6.192.0	19	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	BR TO-S-2019-0604 Malicious Email Activity
191.6.196.88	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=88,BR)
191.6.196.88	32	wmp	None	2020-09-24 00:00:00	2020-12-23 00:00:00	None	HIVE Case #3974 COLS-NA-TIP-20-0301 (IP=88,BR)
191.6.198.80	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=80,BR)
191.6.198.83	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=83,BR)
191.6.204.145	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=145,BR)
191.6.204.60	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BR TO-S-2019-0409 Malicious Email Activity
191.6.204.94	32	wmp	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=94,BR)
191.6.208.141	32	wmp	None	2020-09-02 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3725 COLS-NA-TIP-20-0277 (IP=141,BR)
191.6.208.15	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=15,BR)
191.6.208.34	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=34,BR)
191.6.208.34	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=34,BR)
191.6.209.198	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=198,BR)
191.6.209.235	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=235,BR)
191.6.210.40	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=40,BR)
191.6.81.242	24	RR	None	2020-03-05 00:00:00	2020-06-03 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=242,BR)
191.6.81.54	24	KF	None	2020-03-07 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02021 (IP=54,BR)
191.8.247.70	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Authentication Failed - Failed Logon (IP=70,BR)
191.86.215.41	24	GM	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - Failed Logons (IP=41,BR)
191.9.200.205	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Logon (IP=205,BR)
191.96.140.15	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	UDP: Host Sweep (IP=15,CL)
191.96.192.204	24	RB	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	UDP: Host Sweep - Automated Block Report (IP=204,HR)
191.98.146.224	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=224,PE)
192.0.22.34	32	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=34,US)
192.0.79.32	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532.01 Malicious Connections Activity
192.102.6.71	24	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=71,UA)
192.108.179.42	32	dbc	None	2019-10-11 00:00:00	2020-10-11 00:00:00	None	KR TO-S-2020-0027 Burnished Pyrite IOCs Malware Activity
192.111.136.123	32	dbc	None	2019-09-02 00:00:00	2020-10-07 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity | updated by wmp Block expiration extended with reason HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=123,US)
192.115.76.0	22	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	IL TO-S-2019-0532 Malware Activity
192.116.128.0	18	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	IL TO-S-2019-0571 Malicious Email Activity
192.116.146.81	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=81,IL)
192.119.111.111	32	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	UDP: Host Sweep (IP=111,US)
192.119.248.242	32	GM	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	BOT: Mirai Echobot Activity Detected - TT# 020420-00049 (IP=242,US)
192.119.68.130	32	wmp	None	2020-07-02 00:00:00	2020-10-02 00:00:00	None	HIVE Case #3190 COLS-NA-TIP-20-0200 (IP=130,US)
192.119.73.107	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3322 CTO-20-193 (IP=107,US)
192.119.73.108	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3322 CTO-20-193 (IP=108,US)
192.119.73.89	32	wmp	None	2020-07-08 00:00:00	2020-10-08 00:00:00	None	HIVE Case #3253 COLS-NA-TIP-20-0203 (IP=89,US)
192.124.224.75	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=75,US)
192.124.224.77	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=77,US)
192.124.224.81	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=81,US)
192.124.249.11	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
192.124.249.156	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	US TO-S-2019-0831 Malicious Email Activity
192.126.119.173	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Command Injection Attempt (IP=173,US)
192.138.210.121	32	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password - 6hr Logon (IP=121,US)
192.143.174.91	24	CR	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=91,ZA)
192.144.103.70	32	KF	None	2020-03-08 00:00:00	2020-06-06 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02056 (IP=70,US)
192.144.128.8	24	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	TCP: SYN Host Sweep (IP=8,CN)
192.144.128.8	24	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	TCP: SYN Host Sweep (IP=8,CN)
192.144.129.193	24	RR	None	2020-02-07 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=193,CN) | not blocked because Target is an RWP address (goma.sam.usace.army.mil), back-end web server runs run Windows/ASP rather than PHP. | update
192.144.129.193	24	RR	None	2020-02-07 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=193,CN) | not blocked because Target is an RWP address (goma.sam.usace.army.mil), back-end web server runs run Windows/ASP rather than PHP. | update
192.144.129.193	32	RW	None	2020-06-12 00:00:00	2020-10-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03149 (IP=193,US) | updated by RR Block was inactive. Reactivated on 20200718 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759
192.144.129.193	32	RW	None	2020-06-12 00:00:00	2020-10-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03149 (IP=193,US) | updated by RR Block was inactive. Reactivated on 20200718 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759
192.144.130.114	24	RR	None	2018-08-07 05:00:00	2020-02-01 00:00:00	None	Authentication Failed (IP=114,CN) | updated by GLM with reason Invalid user (IP=31,FR) | updated by RB with reason Failed password_6 hr Failed Logons (IP=62,CN) | 2020-02-01 | 2019-03-13
192.144.130.54	32	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01620 (IP=54,CN)
192.144.131.184	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=184,)
192.144.133.71	24	RB	None	2018-05-12 05:00:00	2020-01-03 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=71 CN) | updated by KF Block was inactive. Reactivated on 20191005 with reason SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=71,)
192.144.135.112	24	RW	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=146,IN)
192.144.135.224	24	YM	None	2018-05-21 05:00:00	2020-02-13 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=224,CN) | updated by RR with reason INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=112,CN)
192.144.137.92	24	GM	None	2020-04-21 00:00:00	2020-07-21 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=92,CN)
192.144.148.163	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - WebAttacks (IP=163,CN)
192.144.157.33	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=33,CN)
192.144.159.239	24	GM	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web attacks (IP=239,CN) | not blocked because This is an RWP address, back-end server runs Oracle Apex not PHP.
192.144.162.29	24	ABC	None	2019-10-15 00:00:00	2020-01-13 00:00:00	None	Command Injection Attempt (IP=29,CN)
192.144.164.111	24	KF	None	2019-10-19 00:00:00	2020-01-18 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=111,) | updated by KF Block expiration extended with reason Command Injection Attempt (IP=111,CN)
192.144.166.244	24	BMP	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=244,CN)
192.144.167.155	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=155,CN)
192.144.169.139	24	RW	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 hr web attacks (IP=139,CN)
192.144.176.172	32	KF	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=172,US)
192.144.176.99	24	RR	None	2020-08-28 00:00:00	2020-11-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=99,CN)
192.144.182.13	24	RW	None	2020-04-19 00:00:00	2020-07-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=13,CN)
192.144.182.13	24	RW	None	2020-04-19 00:00:00	2020-07-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=13,CN)
192.144.182.13	32	CR	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03465 (IP=13,CN)
192.144.191.248	24	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=248,CN)
192.144.200.84	32	FT	None	2020-07-30 00:00:00	2020-10-28 00:00:00	None	20200729 SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=84,US)
192.144.203.63	32	KF	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=63,US)
192.144.203.63	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=63,CN)
192.144.204.132	24	RR	None	2019-05-23 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 hr Web Attacks (IP=132,CN) | updated by KF Block was inactive. Reactivated on 20191103 with reason Generic ArcSight scan attempt (IP=132,CN)
192.144.207.2	24	CR	None	2019-06-25 00:00:00	2020-01-12 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=2,CN) | updated by ABC with reason Command Injection Attempt (IP=37,CN)
192.144.207.37	32	GM	None	2020-03-07 00:00:00	2020-11-08 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C02037 (IP=37,US) | updated by DT Block was inactive. Reactivated on 20200808 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03664 (
192.144.215.180	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=180,CN)
192.144.216.206	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=206,CN)
192.144.220.104	24	BMP	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=104,CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=1
192.144.230.143	24	GM	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	ABC Command Injection Attempt (IP=143,CN)
192.144.232.225	24	GM	None	2019-10-17 00:00:00	2020-01-17 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=225,CN)
192.144.233.121	24	KF	None	2020-03-15 00:00:00	2020-06-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=121,CN)
192.144.253.81	24	DT	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=81,CN)
192.145.232.82	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
192.145.235.177	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
192.145.237.245	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
192.145.239.216	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=216,US)
192.146.217.197	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	US TO-S-2020-0109.01 Malicious Web Application Activity
192.146.217.40	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	US TO-S-2020-0109.01 Malicious Web Application Activity
192.146.217.50	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	US TO-S-2020-0109.01 Malicious Web Application Activity
192.15.0.0	16	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	IR TO-S-2019-0430 Malware Activity
192.151.202.10	32	KF	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Immediate Inbound Network Block - TT# 20C01310 (IP=10,US)
192.154.101.210	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=210,US)
192.154.248.72	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
192.154.26.34	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
192.155.108.144	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
192.155.108.153	32	GL	None	2020-08-12 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=153,US) | updated by wmp Block expiration extended with reason HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=153,US)
192.155.83.249	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=249,US)
192.155.85.174	32	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=174,US)
192.155.91.158	32	RW	None	2020-05-07 00:00:00	2020-08-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=158,US)
192.157.196.42	32	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web attacks (IP=42,US)
192.158.237.226	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
192.160.102.168	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malicious Web Application Activity
192.161.140.65	32	wmp	None	2020-08-17 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=65,US) | updated by wmp Block expiration extended with reason HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=65,US)
192.162.151.237	24	DT	None	2020-04-20 00:00:00	2020-07-19 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=237,PL)
192.162.68.32	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	FR TO-S-2019-0363.01 Malicious Email Activity
192.162.68.42	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	FR TO-S-2020-0006 Malicious Email Activity
192.163.203.141	32	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=141,US)
192.163.209.92	32	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	SQL use of sleep function with and - likely SQL injection - SourceFire (IP=92,US)
192.163.238.84	32	wmp	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HIVE Case #3374 COLS-NA-TIP-20-0228 (IP=84,US)
192.166.218.25	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=25,PO)
192.168.1.158	32	RW	None	2020-09-10 00:00:00	2020-12-10 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - TT# 20C03875 (IP=158,NL)
192.169.138.13	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
192.169.140.74	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
192.169.158.210	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=210,US)
192.169.190.48	32	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Illegal user - 6hr Logon (IP=48,US)
192.169.218.242	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	NL TO-S-2019-0926 Malicious Email Activity
192.169.227.23	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
192.169.235.118	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
192.169.236.22	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
192.169.243.64	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
192.169.249.36	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
192.169.82.134	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
192.171.255.41	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
192.175.111.231	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malicious Web Application Activity
192.175.111.233	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malicious Web Application Activity
192.175.111.239	32	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	Immediate Network Block TT# 20C01524 (IP=39,CA)
192.175.111.241	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malicious Web Application Activity
192.175.111.243	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malicious Web Application Activity
192.175.111.252	24	YM	None	2018-04-17 05:00:00	2020-01-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite | updated by CR with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=252,CA)
192.175.111.252	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malicious Web Application Activity
192.175.120.182	32	dbc	None	2019-10-29 00:00:00	2020-10-29 00:00:00	None	CA TO-S-2020-0075 Site Hosting Malicious Software (IP=182,US)
192.184.10.9	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=9,US)
192.184.42.145	32	BMP	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 20C01567 (IP=145,US)
192.184.68.231	32	RB	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	HTTP: PHP-FPM Remote Code Execution Vulnerability (CVE-2019-11043) - TT# 20C03108 (IP=231,US)
192.185.101.172	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
192.185.103.114	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0610 Malicious Email Activity
192.185.103.198	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
192.185.104.97	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	US TO-S-2019-0831 Malicious Email Activity
192.185.105.186	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
192.185.107.98	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
192.185.109.44	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
192.185.111.178	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
192.185.111.229	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
192.185.119.38	32	dbc	None	2019-01-30 00:00:00	2020-01-30 00:00:00	None	US TO-S-2019-0370 Malware Activity
192.185.121.190	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
192.185.121.203	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malicious Email Activity
192.185.128.27	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=27, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
192.185.128.96	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
192.185.129.109	32	dbc	None	2019-04-04 00:00:00	2020-11-29 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity | updated by wmp Block was inactive. Reactivated on 20200623 with reason HIVE Case #3072 COLS-NA-TIP-20-0190 (IP=109,US) | updated by wmp Block expiration extended with reason HIVE Case #3723 COLS-NA-TIP-20-02
192.185.129.194	32	GM	None	2019-01-28 00:00:00	2020-04-04 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=194,US) | updated by dbc with reason US TO-S-2019-0571 Malicious Email Activit
192.185.129.71	32	ABC	None	2019-01-28 00:00:00	2020-04-29 00:00:00	None	Generic ArcSight scan attempt (IP=71,US) | updated by dbc with reason US TO-S-2019-0631 Malicious Email Activity
192.185.129.72	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
192.185.129.96	32	dbc	None	2019-04-04 00:00:00	2020-12-02 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity | updated by wmp Block was inactive. Reactivated on 20200903 with reason HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=96,US)
192.185.13.141	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	US TO-S-2019-0816 Malicious Email Activity
192.185.130.240	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
192.185.131.153	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	US TO-S-2019-0608 Malicious Email Activity
192.185.131.29	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=29,US)
192.185.131.59	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
192.185.137.57	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malicious Email Activity
192.185.138.18	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
192.185.139.232	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
192.185.139.76	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
192.185.141.115	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=115, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
192.185.142.88	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
192.185.143.193	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
192.185.143.46	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=46,US)
192.185.144.97	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
192.185.146.7	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
192.185.147.61	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
192.185.147.7	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
192.185.149.104	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
192.185.149.132	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
192.185.153.253	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
192.185.154.151	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malicious Email Activity
192.185.154.71	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
192.185.156.163	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
192.185.156.243	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
192.185.16.193	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
192.185.16.214	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	US TO-S-2019-0926 Malicious Email Activity
192.185.16.246	32	wmp	None	2020-06-23 00:00:00	2020-09-23 00:00:00	None	HIVE Case #3072 COLS-NA-TIP-20-0190 (IP=246,US)
192.185.160.61	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
192.185.163.96	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	US TO-S-2019-0634 Malicious Email Activity
192.185.164.215	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
192.185.165.99	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
192.185.168.132	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
192.185.170.179	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
192.185.171.22	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malicious Email Activity
192.185.171.23	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
192.185.176.101	24	RR	None	2019-01-19 00:00:00	2020-09-10 00:00:00	None	SQL 1= 1- possible sql injection attempt (IP=101,CN) | updated by dbc with reason US TO-S-2019-0972 Malware Activity
192.185.179.112	32	GM	None	2020-08-11 00:00:00	2020-11-10 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=112,US)
192.185.180.29	32	dbc	None	2018-06-20 05:00:00	2020-09-23 00:00:00	None	US TO-S-2018-0847 Malicious Web Application and Malware Activity | updated by wmp Block was inactive. Reactivated on 20200623 with reason HIVE Case #3072 COLS-NA-TIP-20-0190 (IP=29,US)
192.185.182.56	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
192.185.183.192	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
192.185.183.206	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
192.185.183.58	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
192.185.184.125	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
192.185.184.95	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
192.185.185.128	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
192.185.187.171	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
192.185.188.171	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
192.185.189.186	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
192.185.189.89	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malicious Email Activity
192.185.193.213	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=213,US)
192.185.196.23	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3560 COLS-NA-TIP-20-0259 (IP=23,US)
192.185.2.239	32	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Generic ArcSight scan attempt (IP=239,US)
192.185.225.10	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
192.185.225.132	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
192.185.226.10	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malicious Email Activity
192.185.226.188	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
192.185.236.180	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
192.185.24.126	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	US TO-S-2019-0608 Malicious Email Activity
192.185.27.175	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
192.185.27.176	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
192.185.30.244	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
192.185.35.63	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0382 Malicious Email Activity
192.185.41.100	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
192.185.46.52	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
192.185.46.59	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
192.185.48.185	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
192.185.48.38	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3560 COLS-NA-TIP-20-0259 (IP=38,US)
192.185.48.84	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=84,US)
192.185.50.28	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=28,US)
192.185.50.93	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=93,US)
192.185.52.244	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
192.185.56.254	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
192.185.57.248	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
192.185.66.35	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
192.185.78.67	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
192.185.79.106	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
192.185.79.22	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
192.185.82.111	32	RW	None	2020-08-09 00:00:00	2020-11-09 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=111,US)
192.185.88.194	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
192.185.88.196	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
192.185.89.112	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
192.185.99.31	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
192.185.99.51	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
192.186.10.225	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Command Injection Attempt (IP=225,XX)
192.186.104.6	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=6,CA)
192.186.142.74	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	GB TO-S-2019-0488 Malware Activity
192.186.239.162	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
192.186.242.169	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
192.187.108.170	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
192.187.114.18	32	RB	None	2020-06-27 00:00:00	2020-09-25 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03297 (IP=18,US)
192.187.127.2	32	RW	None	2020-01-18 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6hr web attacks (IP=2,US) | updated by RW Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=2,US)
192.187.127.230	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	US TO-S-2019-0634 Malicious Email Activity
192.188.120.188	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	NL TO-S-2019-0952 Malware Activity
192.188.217.246	32	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	An account failed to log on. - Failed Logon (IP=246,US)
192.197.62.35	24	RR	None	2020-08-06 00:00:00	2020-11-04 00:00:00	None	APP-DETECT SSH server detected on non-standard port - SourceFire (IP=35,CA)
192.200.109.106	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
192.200.109.26	32	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=26,US)
192.200.215.91	32	GM	None	2019-12-18 00:00:00	2020-01-18 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - 20C01182 (IP=91,US)
192.206.5.169	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	CA TO-S-2019-1036 Malicious Email Activity
192.207.62.181	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	US TO-S-2019-0608 Malware Activity
192.209.63.50	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=50,US)
192.209.63.53	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=53,US)
192.210.139.177	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=177,US)
192.210.142.146	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
192.210.150.19	32	GL	None	2020-08-12 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=19,US) | updated by wmp Block expiration extended with reason HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=19,US)
192.210.171.229	32	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=229,US)
192.210.199.67	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
192.210.216.178	32	GM	None	2020-07-12 00:00:00	2020-10-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03442 (IP=178,US)
192.210.236.212	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=212,US)
192.210.238.26	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
192.220.18.92	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3289 COLS-NA-TIP-20-0211 (IP=92,US)
192.227.111.105	32	RR	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Generic ArcSight scan attempt (IP=105,US)
192.227.130.157	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
192.227.132.199	32	dbc	None	2020-06-30 00:00:00	2020-09-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=199,US)
192.227.223.137	32	RW	None	2020-05-07 00:00:00	2020-08-07 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=137,US)
192.227.223.138	32	KF	None	2020-05-04 00:00:00	2020-08-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=138,US)
192.227.223.242	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
192.227.232.37	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
192.227.236.82	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
192.227.86.107	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
192.228.100.133	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=133,US)
192.228.100.228	32	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=228,US)
192.230.46.66	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	FR TO-S-2019-0640.01 Malware Activity
192.230.74.101	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	US TO-S-2019-0831 Malicious Email Activity
192.232.216.118	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
192.232.218.156	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
192.232.223.48	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
192.232.223.75	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
192.232.230.100	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
192.232.236.158	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=158,US)
192.232.246.56	32	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity
192.232.249.113	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malicious Email Activity
192.232.249.164	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
192.232.250.108	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
192.236.155.214	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=214,US)
192.236.162.232	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3322 CTO-20-193 (IP=232,US)
192.236.163.117	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3322 CTO-20-193 (IP=117,US)
192.236.192.119	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3322 CTO-20-193 (IP=119,US)
192.236.192.5	32	RW	None	2020-03-03 00:00:00	2020-10-13 00:00:00	None	TCP: SYN Host Sweep (IP=5,US) | updated by wmp Block was inactive. Reactivated on 20200713 with reason HIVE Case #3322 CTO-20-193 (IP=5,US)
192.236.192.6	32	CR	None	2019-12-27 00:00:00	2020-10-13 00:00:00	None	Unauthorized Access-Probe - TT# 20C01249 (IP=6,US) | updated by wmp Block was inactive. Reactivated on 20200713 with reason HIVE Case #3322 CTO-20-193 (IP=6,US)
192.236.194.154	32	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=154,US)
192.240.52.226	32	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=226,US) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
192.241.129.144	32	BMP	None	2020-05-02 00:00:00	2020-08-01 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=144,US) | updated by KF Block expiration extended with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=144,US)
192.241.152.20	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malicious Email Activity
192.241.160.8	32	CR	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=8,US)
192.241.165.133	32	CR	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=133,US)
192.241.166.24	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=24,US)
192.241.166.80	32	CR	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=80,US)
192.241.175.250	32	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Web Attacks (IP=250,US)
192.241.181.33	32	CR	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=33,US)
192.241.182.161	32	CR	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=161,US)
192.241.183.167	32	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=167,US)
192.241.193.11	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=11,US)
192.241.194.171	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=171,US)
192.241.194.198	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=198,US)
192.241.194.53	32	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=53,US)
192.241.195.168	32	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=168,US)
192.241.195.42	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=42,US)
192.241.198.175	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=175,US)
192.241.198.223	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=223,US)
192.241.199.239	32	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	Unauthorized Scanning - ARCSight Sauron (IP=239,US)
192.241.199.246	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=246,US)
192.241.199.63	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=63,US)
192.241.200.167	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=167,US)
192.241.200.170	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=170,US)
192.241.200.71	32	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	Unauthorized Scanning- ARCSight Sauron (IP=71,US)
192.241.202.110	32	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=110,US)
192.241.202.15	32	KF	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	TCP: SYN Host Sweep (IP=15,US)
192.241.202.251	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=251,US)
192.241.203.139	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=139,US)
192.241.203.163	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=163,US)
192.241.203.202	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	Unauthorized Scanning (IP=202,US)
192.241.203.41	32	GLM	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=41,US)
192.241.204.128	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=128,US)
192.241.205.120	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=120,US)
192.241.205.175	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=175,US)
192.241.205.24	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=24,US)
192.241.206.126	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=126,US)
192.241.206.133	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=133,US)
192.241.206.218	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=218,US)
192.241.206.237	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=237,US)
192.241.207.112	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=112,US)
192.241.207.175	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=175,US)
192.241.207.200	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=200,US)
192.241.208.127	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=127,US)
192.241.208.131	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=131,US)
192.241.208.152	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=152,US)
192.241.208.177	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=177,US)
192.241.208.234	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=234,US)
192.241.208.9	32	RW	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	Unauthorized Scanning (IP=9,US)
192.241.208.92	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=92,US)
192.241.209.175	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=175,US)
192.241.209.214	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=214,US)
192.241.209.216	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=216,US)
192.241.209.230	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=230,US)
192.241.209.30	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=30,US)
192.241.209.47	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=47,US)
192.241.209.7	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=7,US)
192.241.209.75	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=75,US)
192.241.210.125	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=125,US)
192.241.210.136	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=136,US)
192.241.210.169	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=169,US)
192.241.210.193	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=193,US)
192.241.210.232	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=232,US)
192.241.210.245	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=245,US)
192.241.210.47	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=47,US)
192.241.211.106	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=106,US)
192.241.211.13	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=13,US)
192.241.211.136	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=136,US)
192.241.211.138	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=138,US)
192.241.211.144	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=144,US)
192.241.211.150	32	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=150,US)
192.241.211.169	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=169,US)
192.241.211.204	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=204,US)
192.241.211.215	32	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	Failed password_6 hr Failed Logons (IP=215,US)
192.241.211.238	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=238,US)
192.241.211.34	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=34,US)
192.241.211.98	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=98,US)
192.241.212.115	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=115,US)
192.241.212.138	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=138,US)
192.241.212.225	32	ABC	None	2018-02-01 06:00:00	2020-06-02 00:00:00	None	Generic ArcSight scan attempt (IP=225,US) | updated by RR Block was inactive. Reactivated on 20200304 with reason TCP: SYN Host Sweep (IP=225,US)
192.241.212.239	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=239,US)
192.241.213.10	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=10,US)
192.241.213.101	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=101,US)
192.241.213.142	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=142,US)
192.241.213.144	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=144,US)
192.241.213.169	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=169,US)
192.241.213.192	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=192,US)
192.241.213.231	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=231,US)
192.241.213.251	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=251,US)
192.241.213.252	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=252,US)
192.241.213.79	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=79,US)
192.241.213.94	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=94,US)
192.241.214.109	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=109,US)
192.241.214.114	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=114,US)
192.241.214.115	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=115,US)
192.241.214.172	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=172,US)
192.241.214.201	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=201,US)
192.241.214.87	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=87,US)
192.241.214.99	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=99,US)
192.241.215.134	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=134,US)
192.241.215.158	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=158,US)
192.241.215.188	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=188,US)
192.241.215.41	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=41,US)
192.241.215.51	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=51,US)
192.241.215.82	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=82,US)
192.241.216.109	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=109,US)
192.241.216.137	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=137,US)
192.241.216.147	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=147,US)
192.241.216.197	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=197,US)
192.241.216.200	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=200,US)
192.241.216.57	32	EDBT	None	2017-07-23 05:00:00	2020-06-02 00:00:00	None	ET SCAN Potential SSH Scan (IP=57,US) | updated by RR Block was inactive. Reactivated on 20200304 with reason TCP: SYN Host Sweep (IP=57,US)
192.241.216.95	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=95,US)
192.241.217.113	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=113,US)
192.241.217.125	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=125,US)
192.241.217.164	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=164,US)
192.241.217.251	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=251,US)
192.241.217.48	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=48,US)
192.241.217.57	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malware Activity
192.241.217.85	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=85,US)
192.241.218.130	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=130,US)
192.241.218.175	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=175,US)
192.241.218.207	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=207,US)
192.241.218.22	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=22,US)
192.241.218.35	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=35,US)
192.241.218.67	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=67,US)
192.241.218.70	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=70,US)
192.241.218.84	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=84,US)
192.241.218.98	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=98,US)
192.241.219.121	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=121,US)
192.241.219.143	32	RW	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	Unauthorized Scanning (IP=143,US)
192.241.219.147	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=147,US)
192.241.219.165	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=165,US)
192.241.219.171	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=171,US)
192.241.219.203	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=203,US)
192.241.219.204	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=204,US)
192.241.219.236	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=236,US)
192.241.219.25	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=25,US)
192.241.219.42	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=42,US)
192.241.220.151	32	RW	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=151,US)
192.241.220.173	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=173,US)
192.241.220.192	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=192,US)
192.241.220.202	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=202,US)
192.241.220.215	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=215,US)
192.241.220.219	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=219,US)
192.241.220.35	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=35,US)
192.241.220.57	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=57,US)
192.241.220.83	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=83,US)
192.241.221.120	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=120,US)
192.241.221.126	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=126,US)
192.241.221.166	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=166,US)
192.241.221.185	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=185,US)
192.241.221.208	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=208,US)
192.241.221.238	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=238,US)
192.241.221.30	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=30,US)
192.241.221.42	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=42,US)
192.241.221.77	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=77,US)
192.241.221.83	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=83,US)
192.241.221.89	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=89,US)
192.241.222.112	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=112,US)
192.241.222.114	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=114,US)
192.241.222.128	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=128,US)
192.241.222.142	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=142,US)
192.241.222.158	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=158,US)
192.241.222.244	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=244,US)
192.241.222.43	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=43,US)
192.241.222.59	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=59,US)
192.241.222.69	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=69,US)
192.241.222.84	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=84,US)
192.241.223.141	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=141,US)
192.241.223.175	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=175,US)
192.241.223.185	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=185,US)
192.241.223.187	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=187,US)
192.241.223.212	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=212,US)
192.241.223.237	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=237,US)
192.241.223.238	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=238,US)
192.241.223.96	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=96,US)
192.241.224.10	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=10,US)
192.241.224.123	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=123,US)
192.241.224.141	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=141,US)
192.241.224.158	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=158,US)
192.241.224.186	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=186,US)
192.241.224.189	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=189,US)
192.241.224.206	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=206,US)
192.241.224.234	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=234,US)
192.241.224.245	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=245,US)
192.241.224.33	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=33,US)
192.241.224.81	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=81,US)
192.241.224.99	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=99,US)
192.241.225.100	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=100,US)
192.241.225.120	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=120,US)
192.241.225.133	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=133,US)
192.241.225.141	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=141,US)
192.241.225.157	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=157,US)
192.241.225.162	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=162,US)
192.241.225.207	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=207,US)
192.241.225.221	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=221,US)
192.241.225.237	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=237,US)
192.241.225.31	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=31,US)
192.241.225.48	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=48,US)
192.241.225.9	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=9,US)
192.241.226.105	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=105,US)
192.241.226.154	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=154,US)
192.241.226.27	32	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	TCP: SYN Host Sweep (IP=27,US)
192.241.226.66	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=66,US)
192.241.226.8	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=8,US)
192.241.227.131	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=131,US)
192.241.227.160	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=160,US)
192.241.227.177	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=177,US)
192.241.227.178	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=178,US)
192.241.227.213	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=213,US)
192.241.227.28	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=28,US)
192.241.227.56	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=56,US)
192.241.227.72	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=72,US)
192.241.227.88	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=88,US)
192.241.228.131	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=131,US)
192.241.228.153	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=153,US)
192.241.228.178	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=178,US)
192.241.228.204	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=204,US)
192.241.228.216	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=216,US)
192.241.228.237	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=237,US)
192.241.228.51	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=51,US)
192.241.228.58	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=58,US)
192.241.228.9	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=9,US)
192.241.228.94	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=94,US)
192.241.229.119	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=119,US)
192.241.229.148	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=148,US)
192.241.229.150	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=150,US)
192.241.229.232	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=232,US)
192.241.229.239	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=239,US)
192.241.229.242	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=242,US)
192.241.229.25	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=25,US)
192.241.229.251	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=251,US)
192.241.229.42	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=42,US)
192.241.229.63	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=63,US)
192.241.230.116	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=116,US)
192.241.230.146	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=146,US)
192.241.230.172	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=172,US)
192.241.230.216	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=216,US)
192.241.230.223	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=223,US)
192.241.230.41	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=41,US)
192.241.230.49	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=49,US)
192.241.230.58	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=58,US)
192.241.230.7	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=7,US)
192.241.230.76	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=76,US)
192.241.230.96	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=96,US)
192.241.231.130	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=130,US)
192.241.231.154	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=154,US)
192.241.231.242	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=242,US)
192.241.231.243	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=243,US)
192.241.231.48	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=48,US)
192.241.231.49	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=49,US)
192.241.231.51	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=51,US)
192.241.231.79	32	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=79,US)
192.241.231.98	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=98,US)
192.241.232.136	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=136,US)
192.241.232.150	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=150,US)
192.241.232.227	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=227,US)
192.241.232.35	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=35,US)
192.241.232.70	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=70,US)
192.241.232.81	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=81,US)
192.241.232.99	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=99,US)
192.241.233.117	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=117,US)
192.241.233.163	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=163,US)
192.241.233.168	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=168,US)
192.241.233.169	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=169,US)
192.241.233.240	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=240,US)
192.241.233.246	32	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=246,US)
192.241.233.247	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=247,US)
192.241.233.25	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=25,US)
192.241.233.251	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=251,US)
192.241.233.56	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=56,US)
192.241.233.88	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=88,US)
192.241.234.106	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=106,US)
192.241.234.109	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=109,US)
192.241.234.121	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=121,US)
192.241.234.143	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=143,US)
192.241.234.17	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=17,US)
192.241.234.173	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=173,US)
192.241.234.193	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=193,US)
192.241.234.200	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=200,US)
192.241.234.218	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=218,US)
192.241.234.241	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=241,US)
192.241.234.246	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=246,US)
192.241.234.4	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=4,US)
192.241.234.99	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=99,US)
192.241.235.159	32	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	TCP: SYN Host Sweep (IP=159,US)
192.241.235.172	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=172,US)
192.241.235.179	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=179,US)
192.241.235.197	32	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	TCP: SYN Host Sweep (IP=197,US)
192.241.235.199	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=199,US)
192.241.235.214	32	RB	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	TCP: SYN Host Sweep (IP=214,US)
192.241.235.22	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=22,US)
192.241.235.220	32	RR	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=220,US)
192.241.235.228	32	RW	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=228,US)
192.241.235.230	32	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=230,US)
192.241.235.236	32	RB	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=236,US)
192.241.235.39	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=39,US)
192.241.235.46	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=46,US)
192.241.235.5	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=5,US)
192.241.235.57	32	RW	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=57,US)
192.241.235.63	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=63,US)
192.241.235.69	32	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=69,US)
192.241.235.7	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=7,US)
192.241.235.74	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=74,US)
192.241.235.76	32	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=76,US)
192.241.235.79	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=79,US)
192.241.235.87	32	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=87,US)
192.241.236.106	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=106,US)
192.241.236.131	32	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=131,US)
192.241.236.161	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=161,US)
192.241.236.189	32	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	Unauthorized Scanning - ARCSight Sauron (IP=189,US)
192.241.236.248	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=248,US)
192.241.236.41	32	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	Unauthorized Scanning- ARCSight Sauron (IP=41,US)
192.241.236.64	32	KF	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	Unauthorized Access-Probe/UDP Host Sweep - TT# 20C01653 (IP=64,US)
192.241.237.100	32	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	Unauthorized Scanning (IP=100,US)
192.241.237.102	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=102,US)
192.241.237.105	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=105,US)
192.241.237.107	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=107,US)
192.241.237.108	32	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=108,US)
192.241.237.111	32	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=111,US)
192.241.237.121	32	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	Unauthorized Scanning- ARCSight Sauron (IP=121,US)
192.241.237.127	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	Unauthorized Scanning (IP=127,US)
192.241.237.128	32	RB	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=128,US)
192.241.237.130	32	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=130,US)
192.241.237.131	32	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=131,US)
192.241.237.136	32	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=136,US)
192.241.237.137	32	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=137,US)
192.241.237.141	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=141,US)
192.241.237.148	32	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=148,US)
192.241.237.155	32	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=155,US)
192.241.237.157	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=157,US)
192.241.237.166	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=166,US)
192.241.237.170	32	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	TCP: SYN Host Sweep (IP=170,US)
192.241.237.175	32	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=175,US)
192.241.237.187	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=187,US)
192.241.237.188	32	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=188,US)
192.241.237.192	32	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	TCP: SYN Host Sweep (IP=192,US)
192.241.237.193	32	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=193,US)
192.241.237.194	32	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=194,US)
192.241.237.195	32	KF	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	TCP: SYN Host Sweep (IP=195,US)
192.241.237.202	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=202,US)
192.241.237.204	32	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=204,US)
192.241.237.209	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=209,US)
192.241.237.210	32	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=210,US)
192.241.237.214	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=214,US)
192.241.237.216	32	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	Unauthorized Scanning - ARCSight Sauron (IP=216,US)
192.241.237.224	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=224,US)
192.241.237.227	32	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	TCP: SYN Host Sweep (IP=227,US)
192.241.237.229	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=229,US)
192.241.237.238	32	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	Unauthorized Scanning- ARCSight Sauron (IP=238,US)
192.241.237.250	32	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=250,US)
192.241.237.251	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=251,US)
192.241.237.30	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=30,US)
192.241.237.35	32	RR	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=35,US)
192.241.237.44	32	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=44,US)
192.241.237.51	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=51,US)
192.241.237.52	32	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	Unauthorized Scanning (IP=52,US)
192.241.237.53	32	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=53,US)
192.241.237.68	32	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=68,US)
192.241.237.69	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	Unauthorized Scanning (IP=69,US)
192.241.237.71	32	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=71,US)
192.241.237.74	32	KF	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	Unauthorized Scanning (IP=74,US)
192.241.237.77	32	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	Unauthorized Scanning (IP=77,US)
192.241.237.8	32	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	Unauthorized Scanning (IP=8,US)
192.241.237.80	32	RB	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep_Sauron Report (IP=80,US)
192.241.237.84	32	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	Unauthorized Scanning- ARCSight Sauron (IP=84,US)
192.241.237.88	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	Unauthorized Scanning (IP=88,US)
192.241.237.93	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	Unauthorized Scanning (IP=93,US)
192.241.238.100	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	Unauthorized Scanning (IP=100,US)
192.241.238.102	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=102,US)
192.241.238.103	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=103,US)
192.241.238.106	32	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=106,US)
192.241.238.109	32	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=109,US)
192.241.238.110	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=110,US)
192.241.238.112	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	Unauthorized Scanning (IP=112,US)
192.241.238.118	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=118,US)
192.241.238.119	32	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	TCP: SYN Host Sweep (IP=119,US)
192.241.238.124	32	ABC	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=124,US)
192.241.238.125	32	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=125,US)
192.241.238.126	32	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=126,US)
192.241.238.129	32	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=129,US)
192.241.238.130	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=130,US)
192.241.238.131	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=131,US)
192.241.238.132	32	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	TCP: SYN Host Sweep (IP=132,US)
192.241.238.137	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=137,US)
192.241.238.14	32	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=14,US)
192.241.238.141	32	RB	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep_Sauron Report (IP=141,US)
192.241.238.142	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=142,US)
192.241.238.143	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=143,US)
192.241.238.144	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=144,US)
192.241.238.147	32	RW	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=147,US)
192.241.238.152	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=152,US)
192.241.238.153	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=153,US)
192.241.238.154	32	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=154,US)
192.241.238.155	32	GLM	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	Unauthorized Scanning (IP=155,US)
192.241.238.164	32	KF	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	Unauthorized Scanning (IP=164,US)
192.241.238.166	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=166,US)
192.241.238.169	32	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=169,US)
192.241.238.17	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=17,US)
192.241.238.170	32	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=170,US)
192.241.238.171	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=171,US)
192.241.238.174	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=174,US)
192.241.238.175	32	RB	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep_Sauron Report (IP=175,US)
192.241.238.18	32	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=18,US)
192.241.238.183	32	RW	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	Unauthorized Scanning (IP=183,US)
192.241.238.187	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=187,US)
192.241.238.193	32	RR	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=193,US)
192.241.238.196	32	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=196,US)
192.241.238.20	32	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	TCP: SYN Host Sweep (IP=20,US)
192.241.238.201	32	RR	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	TCP: SYN Host Sweep (IP=201,US)
192.241.238.205	32	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=205,US)
192.241.238.206	32	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	TCP: SYN Host Sweep (IP=206,US)
192.241.238.207	32	RW	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	Unauthorized Scanning (IP=207,US)
192.241.238.208	32	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=208,US)
192.241.238.209	32	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=209,US)
192.241.238.210	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=210,US)
192.241.238.216	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=216,US)
192.241.238.217	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=217,US)
192.241.238.218	32	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	Unauthorized Scanning- ARCSight Sauron (IP=218,US)
192.241.238.220	32	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=220,US)
192.241.238.222	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=222,US)
192.241.238.224	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=224,US)
192.241.238.229	32	RW	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=229,US)
192.241.238.235	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=235,US)
192.241.238.238	32	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=238,US)
192.241.238.239	32	ABC	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=239,US)
192.241.238.24	32	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=24,US)
192.241.238.241	32	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=241,US)
192.241.238.242	32	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=242,US)
192.241.238.248	32	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	Unauthorized Scanning - ARCSight Sauron (IP=248,US)
192.241.238.252	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=252,US)
192.241.238.26	32	RB	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	Unauthorized Scanning_Sauron Report (IP=26,US)
192.241.238.27	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=27,US)
192.241.238.37	32	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=37,US)
192.241.238.4	32	KF	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	TCP: SYN Host Sweep (IP=4,US)
192.241.238.5	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=5,US)
192.241.238.51	32	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=51,US)
192.241.238.57	32	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=57,US)
192.241.238.60	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=60,US)
192.241.238.67	32	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	Unauthorized Scanning (IP=67,US)
192.241.238.70	32	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=70,US)
192.241.238.9	32	RB	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep (IP=9,US)
192.241.238.90	32	GLM	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=90,US)
192.241.238.92	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=92,US)
192.241.238.94	32	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=94,US)
192.241.238.97	32	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=97,US)
192.241.238.98	32	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=98,US)
192.241.239.0	24	tjh	None	2014-11-14 06:00:00	2020-04-19 00:00:00	None	US TO-S-2015-0085 | updated by ABC with reason Generic ArcSight scan attempt (IP=177 US) | 2018-08-10 | 2015-11-14 | updated
192.241.241.206	32	RW	None	2019-12-12 00:00:00	2020-03-12 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - Sourcefire (IP=206,US)
192.241.249.19	32	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logon (IP=19,US)
192.241.254.131	32	CR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=131,US)
192.249.115.213	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
192.249.120.151	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=151,US)
192.249.127.18	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
192.250.236.129	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Web Application Activity
192.252.213.15	32	RW	None	2020-04-16 00:00:00	2020-05-16 00:00:00	None	Self-Report / IP block request - TT# 20C02528 (IP=15,CA)
192.252.213.158	32	GM	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	Self-Report / IP block - TT# 20C02483 (IP=158,US)
192.254.123.167	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=167,US)
192.254.142.168	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
192.254.184.52	32	wmp	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HIVE Case #3445 COLS-NA-TIP-20-0243 (IP=52,US)
192.254.185.135	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
192.254.185.66	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
192.254.186.121	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
192.254.186.193	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malicious Email Activity
192.254.188.65	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
192.254.189.45	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
192.254.212.185	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	US TO-S-2019-0608 Malicious Email Activity
192.254.232.166	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=166, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
192.254.233.1	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
192.254.233.171	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
192.254.233.203	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
192.254.233.63	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
192.254.235.137	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=137,US)
192.254.235.166	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=166,US)
192.254.236.152	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
192.254.236.173	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
192.254.236.196	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=196, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
192.254.250.243	32	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Malicious file - Suspendedpage.cgi - HIVE Case (IP=243,US)
192.254.75.230	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NL TO-S-2020-0006 Malicious Email Activity
192.3.130.156	32	RW	None	2019-12-12 00:00:00	2020-01-12 00:00:00	None	Known Attack Tool User Agent / 20086: HTTP: Muieblackcat Security Scanner - TT# 20C01155 (IP=156,US)
192.3.135.107	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
192.3.136.106	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	US TO-S-2020-0109.01 Malicious Email Activity
192.3.139.28	32	RB	None	2020-05-29 00:00:00	2020-08-27 00:00:00	None	Possible SQLi attempt - TT# 20C02989 (IP=28,US)
192.3.198.9	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=9, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
192.3.201.85	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
192.3.247.182	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=182,US)
192.3.45.185	32	GM	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent - TT# 020420-00046 (IP=185,US)
192.3.47.242	32	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Illegal user - 6hr Logons (IP=242,US)
192.3.48.125	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
192.3.6.195	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malicious Email Activity
192.3.70.136	32	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=136,US)
192.30.252.154	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Web Application Activity
192.31.231.240	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	NL TO-S-2019-0952 Malicious Email Activity
192.34.57.157	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Unauthorized Scanning (IP=157,US)
192.34.61.230	32	RR	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	TCP: SYN Host Sweep (IP=230,US)
192.34.61.247	32	wmp	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	HIVE Case #3554 COLS-NA-TIP-20-0257 (IP=247,US)
192.40.240.14	24	BMP	None	2020-06-20 00:00:00	2020-09-18 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=14,CA)
192.40.59.228	32	RR	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=228,US)
192.41.40.20	32	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=20,US)
192.42.116.16	32	tpr	None	2015-03-17 05:00:00	2020-12-23 00:00:00	None	corpslocks/TOR (ip=16, NL) | updated by dbc Block was inactive. Reactivated on 20191223 with reason NL TO-S-2020-0206 Malicious Web Application Activity
192.42.116.16	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malicious Web Application Activity
192.48.88.212	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malware Activity
192.51.188.228	24	CW	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_web attacks (IP=28,JP)
192.59.136.228	32	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity
192.64.112.32	32	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=32,US)
192.64.113.120	32	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	Unauthorized Scanning (IP=120,US)
192.64.117.198	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
192.64.117.83	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
192.64.119.157	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
192.64.119.195	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
192.64.119.232	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
192.64.119.50	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=50,US)
192.64.86.92	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=92,US)
192.68.11.219	32	GM	None	2019-10-29 00:00:00	2020-12-26 00:00:00	None	Possible Cyber Attack - 20C00710 (IP=219,US) | updated by dbc Block was inactive. Reactivated on 20191223 with reason DE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Mal
192.71.244.77	24	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) - SourceFire (IP=77,SI)
192.71.249.51	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	BE TO-S-2019-0800 Malicious Email Activity
192.71.249.70	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	BE TO-S-2020-0088 Malware Activity
192.74.244.129	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=129,US)
192.81.128.7	32	BMP	None	2020-04-21 00:00:00	2020-07-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=7,US)
192.81.134.202	32	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=202,US)
192.81.218.27	32	KF	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Potential Muieblackcat - TT# 20C02526 (IP=27,US)
192.95.29.194	24	MLJ	None	2016-11-07 06:00:00	2020-09-13 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (IP=194,CA) | updated by dbc with reason CA TO-S-2019-0985 Malicious Email Activity
192.95.30.65	24	RW	None	2020-09-08 00:00:00	2020-12-08 00:00:00	None	SERVER-WEBAPP elFinder PHP connector arbitrary PHP file upload attempt - Sourcefire (IP=65,CA)
192.95.35.66	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	CA TO-S-2019-1002 Malicious Email Activity
192.95.57.234	24	KF	None	2018-08-23 05:00:00	2020-02-22 00:00:00	None	Illegal user (IP=234,CA) | updated by dbc with reason CA TO-S-2019-0431 Malicious Email Activity
192.96.201.24	24	wmp	None	2015-06-02 05:00:00	2020-03-29 00:00:00	None	Malware Callback (IP=24,US) | updated by sjl with reason ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=142 US)
192.99.0.107	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	CA TO-S-2019-0658 Malware Activity
192.99.1.38	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CA TO-S-2019-0952 Malware Activity
192.99.10.122	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=122,FR)
192.99.12.24	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=24,CA)
192.99.147.71	24	dbc	None	2015-03-25 05:00:00	2020-04-26 00:00:00	None	TCP Host Sweeps (IP=71, CA) | updated by RR with reason ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=137,CA)
192.99.15.60	24	RR	None	2018-01-17 06:00:00	2020-09-02 00:00:00	None	Illegal user (IP=60,CA) | updated by RR with reason Illegal user (IP=44,CA) | updated by RB with reason HTTP: Joomla HTTP | updated by dbc with reason CA TO-S-2019-0952 Malware Activity
192.99.152.101	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=101,CA)
192.99.156.108	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	CA TO-S-2019-0571 Malicious Email Activity
192.99.169.110	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=110,FR)
192.99.172.136	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=136,CA)
192.99.175.113	24	EDBT	None	2016-11-18 06:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP test.php access (1:2152) (IP=113,CA) | updated by dbc with reason CA TO-S-2019-0409 Malware Activity
192.99.179.81	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	CA TO-S-2019-0604 Malicious Email Activity
192.99.181.74	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	CA TO-S-2019-0571 Malicious Email Activity
192.99.2.101	24	KF	None	2019-12-10 00:00:00	2020-06-24 00:00:00	None	INDICATOR-COMPROMISE Suspicious .ml dns query (1:39866:4) (IP=101,CA) | updated by DT Block was inactive. Reactivated on 20200326 with reason PROTOCOL-SNMP Cisco IOS SNMP ciscoFlashFileEntry OID denial of service attempt - SourceFire (IP=101,CA)
192.99.2.101	24	DT	None	2020-03-26 00:00:00	2020-06-24 00:00:00	None	SMBv1 opord 2016-191F9 sid:1000011 - SourceFire (IP=101,CA)
192.99.207.169	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
192.99.210.162	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	CA TO-S-2019-0831 Malicious Email Activity
192.99.210.163	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	CA TO-S-2019-0769 Malicious Email Activity
192.99.223.115	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	CA TO-S-2020-0031 Malware Activity
192.99.24.62	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=62,CA)
192.99.247.62	24	tpr	None	2014-09-25 05:00:00	2020-02-18 00:00:00	None	UPnP probes (ip=62, CA) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=232,CA)
192.99.28.247	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=247,CA)
192.99.35.103	24	SYM	None	2016-06-21 05:00:00	2020-09-02 00:00:00	None	(MAID = 8469) (ip=103,CA) | updated by MLJ with reason ET SCAN Potential SSH Scan (IP=148,CA) | updated by RR with reason SE | updated by dbc with reason CA TO-S-2019-0658 Malware Activity | updated by dbc with reason CA TO-S-2019-0952 Malware Acti
192.99.36.76	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=76,CA)
192.99.37.108	24	MLJ	None	2017-10-10 05:00:00	2020-03-11 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=108,CA) | updated by dbc with reason CA TO-S-2019-0468 Maliciou
192.99.46.192	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CA TO-S-2019-0952 Malicious Email Activity
192.99.5.145	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	CA TO-S-2019-0972 Malicious Email Activity
192.99.62.47	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	CA TO-S-2020-0047 Malicious Email Activity
192.99.62.51	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	CA TO-S-2019-0488 Malicious Email Activity
192.99.62.61	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	CA TO-S-2019-0926 Malicious Email Activity
192.99.7.71	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0212.01 Malicious Web Application Activity
192.99.7.71	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity
192.99.76.30	24	BMP	None	2020-04-14 00:00:00	2020-07-15 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6hr Web Attacks (IP=30,CA) | updated by GM Block expiration extended with reason HTTP: SQL Injection - Exploit II - Web Attacks (IP=30,CA)
193.10.255.99	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=99,NO)
193.104.215.67	24	YM	None	2018-05-15 05:00:00	2020-01-26 00:00:00	None	INFORMATIONAL : CIRT : Possible Cosmic Duke Dropper (IP=67,IR) | updated by RWB Block was inactive. Reactivated on 20191028 with reason Unknown Traffic - INFORMATIONAL : CIRT : Possible Cosmic Duke APT - sourcefire (IP=67,IE)
193.105.53.0	24	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
193.106.162.134	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=134,UK)
193.106.174.4	24	GM	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=4,RU)
193.106.200.104	24	RR	None	2017-07-29 05:00:00	2020-08-06 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=104,UA ) | updated by dbc with reason UA TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason UA TO-S-2019-0864 Malware Activity
193.110.157.151	24	RR	None	2020-07-18 00:00:00	2020-10-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=151,NL)
193.111.152.13	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	NL TO-S-2019-0890.01 Malicious Email Activity
193.111.155.108	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	NL TO-S-2019-0488 Malicious Email Activity
193.111.155.121	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	NL TO-S-2019-0488 Malicious Email Activity
193.111.155.126	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	NL TO-S-2019-0488 Malicious Email Activity
193.111.155.127	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	NL TO-S-2019-0488 Malicious Email Activity
193.112.0.0	18	dcg	None	2018-10-02 05:00:00	2020-04-18 00:00:00	None	CN TO-S-2018-1197 Indicator associated with malicious web activity | updated by RB with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_Sourcefire (IP=164,CN) | 2020-01-03 | 2019-10-02 | updated by KF with reason HTTP
193.112.108.135	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=135,CN)
193.112.121.63	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=63,GB)
193.112.127.192	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Invalid user - Failed Logon (IP=192,GB)
193.112.129.60	24	wmp	None	2018-11-20 06:00:00	2020-02-15 00:00:00	None	authentication bypass vulnerability (IP=60,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=199,CN) | 2020-02-15 | 2019-02-20
193.112.135.73	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
193.112.139.88	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=88,CN)
193.112.140.184	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=184,CN)
193.112.141.202	24	RR	None	2019-03-17 00:00:00	2020-01-23 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=202,GB) | updated by RW Block was inactive. Reactivated on 20191023 with reason HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=202,CN)
193.112.143.141	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=141,CN)
193.112.151.196	24	RR	None	2018-12-08 06:00:00	2020-01-17 00:00:00	None	Failed password (IP=196,GB) | updated by RB with reason HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=3,CN) | 2020-01-17 | 2019-03-08
193.112.152.93	24	RW	None	2020-05-14 00:00:00	2020-08-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=93,CN)
193.112.160.70	24	CR	None	2018-11-16 06:00:00	2020-01-09 00:00:00	None	Hello Peppa Scan (IP=70,CN) | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=70,GB)
193.112.172.246	24	BMP	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=CN,246)
193.112.174.6	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Invalid user - Failed Logons (IP=6,GB)
193.112.185.115	24	RB	None	2019-01-13 06:00:00	2020-01-28 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=115,CN) | updated by RW Block was inactive. Reactivated on 20191028 with reason INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=115,CN)
193.112.186.124	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Command Injection Attempt (IP=124,CN)
193.112.193.220	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=220,CN)
193.112.193.220	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=220,CN)
193.112.193.220	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=220,CN)
193.112.197.180	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=180,CN)
193.112.203.71	24	RB	None	2019-06-23 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=71 CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=71,CN) | 2020-01-03 | 2019-09-
193.112.204.128	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Command Injection Attempt (IP=128,CN)
193.112.206.73	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=73,CN)
193.112.212.88	24	RB	None	2018-05-20 05:00:00	2020-01-03 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=88,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=143,CN) | 2020-01-03 | 2018-08-18
193.112.218.159	24	GM	None	2020-09-22 00:00:00	2020-12-22 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=159,CN)
193.112.218.159	24	GM	None	2020-09-22 00:00:00	2020-12-22 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=159,CN)
193.112.219.176	24	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Failed password - Failed Logons (IP=176,CN)
193.112.224.171	24	GM	None	2019-06-19 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=171,CN) | updated by CW Block was inactive. Reactivated on 20200105 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attemp
193.112.248.200	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=200,CN)
193.112.3.72	24	DT	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=72,CN)
193.112.3.72	24	GM	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=72,CN)
193.112.40.110	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=110,GB)
193.112.42.243	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=243,CN)
193.112.43.143	24	FT	None	2020-09-12 00:00:00	2020-12-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=143,CN)
193.112.44.102	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=102,CN)
193.112.47.76	24	RB	None	2020-06-04 00:00:00	2020-09-02 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=76,CN)
193.112.70.123	24	GM	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	ABC Command Injection Attempt (IP=123,CN)
193.112.72.187	24	wmp	None	2018-11-20 06:00:00	2020-03-05 00:00:00	None	authentication bypass vulnerability (IP=187,CN) | updated by RR with reason Invalid user - Failed Logons (IP=18,GB)
193.112.87.66	24	GLM	None	2018-12-14 06:00:00	2020-01-16 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=66,CN) | updated by RB with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=66 CN) | 2020-01-16 | 2019-03-14
193.112.9.107	24	RB	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=107,CN)
193.112.91.183	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=183,CN)
193.112.93.129	24	CR	None	2018-12-20 06:00:00	2020-01-06 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=129,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=173,CN)
193.112.95.222	24	RR	None	2020-01-15 00:00:00	2020-10-12 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=222,GB) | updated by RW Block expiration extended with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=222,CN) | updated by GM Block was inactive. React
193.112.97.157	24	RR	None	2018-12-21 06:00:00	2020-03-05 00:00:00	None	Illegal user (IP=157,GB) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=32,GB)
193.112.99.48	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=48,CN)
193.118.53.202	24	RW	None	2020-05-14 00:00:00	2020-08-14 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - Sourcefire (IP=202,TR)
193.121.40.222	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=222,BE)
193.124.142.37	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=37,DE)
193.124.176.0	20	jky	None	2017-06-27 05:00:00	2020-01-30 00:00:00	None	RU TO-S-2017-1208 Phishing activity | updated by RR with reason Failed password - Failed Logons (IP=239,)
193.128.114.44	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity
193.138.63.55	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	CN TO-S-2020-0065 Malicious Email Activity
193.140.187.31	24	dbc	None	2014-04-17 05:00:00	2020-01-13 00:00:00	None	Possible https Local File Inclusion Attempt (ip=31,TR) | updated by ABC with reason SSH Brute Force Login Attempt (IP=42,TR)
193.141.3.65	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	DE TO-S-2019-0640.01 Malicious Email Activity
193.141.3.67	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	DE TO-S-2019-0723 Malicious Email Activity
193.141.3.68	32	dbc	None	2019-06-07 00:00:00	2020-06-18 00:00:00	None	DE TO-S-2019-0723 Malicious Email Activity | updated by dbc with reason DE TO-S-2019-0734.01 Malicious Email Activity
193.141.3.72	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	DE TO-S-2019-0723 Malicious Email Activity
193.142.146.53	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=53,NL)
193.142.42.244	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	DE TO-S-2019-0613 Malware Activity
193.142.59.90	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=90,XX)
193.150.83.43	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=43,RU)
193.153.186.97	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Authentication Failed_Failed Logon (IP=97,ES)
193.158.48.45	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=45,DE)
193.16.101.10	32	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Possible SQLi attempt/HTTP: Blind SQL Injection - Timing - TT# 20C00798 (IP=10,UA)
193.160.214.127	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	TR TO-S-2019-0577 Malicious Email Activity
193.160.96.186	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=186,XX)
193.164.16.37	24	RW	None	2020-05-14 00:00:00	2020-08-14 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=37,RU)
193.164.254.18	32	BMP	None	2020-06-20 00:00:00	2020-09-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03233 (IP=18,PL)
193.169.253.86	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=86,PL)
193.169.254.28	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	HTTP: SQL Injection - Exploit II_Web Attacks (IP=28,PL)
193.169.255.102	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	PL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason PL TO-S-2020-0212.01 Malicious Web Application Activity
193.169.255.250	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	PL TO-S-2019-0769 Malicious Email Activity
193.169.39.254	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=254,RU)
193.174.193.77	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3430 COLS-NA-TIP-20-0237 (IP=77,DE)
193.176.251.229	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user - Failed Logons (IP=229,UA )
193.183.244.214	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Web Attacks (IP=214,SE)
193.187.118.15	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=15,HK)
193.187.173.38	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=38,RU)
193.188.22.188	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password (IP=188,)
193.188.22.4	24	GLM	None	2019-01-30 00:00:00	2020-02-20 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP bypass attempt (IP=4,RU) | updated by dbc with reason US TO-S-2019-0420 Malw
193.189.139.95	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	NL TO-S-2019-0577 Malicious Email Activity
193.189.74.38	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	GB TO-S-2019-0551.02 Malicious Email Activity
193.189.74.53	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	GB TO-S-2019-0577 Malicious Email Activity
193.189.74.68	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	GB TO-S-2019-0551.02 Malicious Email Activity
193.19.118.121	24	ged	None	2014-10-06 05:00:00	2020-02-21 00:00:00	None	TCP HOST SWEEPS (IP=121, UA) | updated by jkc with reason ET SCAN Potential SSH Scan (IP=8 , RU) | updated by dbc with reaso
193.194.69.155	24	MLJ	None	2018-01-15 06:00:00	2020-02-13 00:00:00	None	ET SCAN Potential SSH Scan (IP=155,DZ) | updated by RR with reason Invalid user - Failed Logons (IP=99,DZ)
193.194.69.99	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=99,DZ)
193.200.209.0	24	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	LT TO-S-2019-0409 Malware Activity
193.202.110.19	24	RR	None	2017-10-19 05:00:00	2020-02-10 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=19,DK) | updated by RR with reason SQL use of sleep function with and - likely | updated by GM with reason ABC Generic ArcSight scan attempt (IP=20,DK)
193.202.44.194	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=194,US)
193.202.45.202	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=202,US)
193.203.10.227	24	jkc	None	2020-07-01 00:00:00	2020-10-01 00:00:00	None	HIVE Case #3146 CTO-20-172 (IP=227,RU)
193.203.14.130	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=130,XX)
193.203.214.250	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=250,HK)
193.203.214.52	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=52,HK)
193.203.215.125	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=125,HK)
193.203.48.0	22	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	UA TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason UA TO-S-2020-0212.01 Malware Activity
193.218.118.130	24	GM	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=130,UA)
193.218.39.88	24	KF	None	2020-04-23 00:00:00	2020-07-22 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=88,HK)
193.22.96.0	22	dbc	None	2019-03-21 00:00:00	2020-05-01 00:00:00	None	UA TO-S-2019-0515 Malware Activity | updated by dbc with reason UA TO-S-2019-0634 Malware Activity
193.222.135.140	32	dbc	None	2020-06-30 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=140,PL) | updated by wmp Block expiration extended with reason HIVE Case #3708 TO-S-2020-0766 (IP=140,PL)
193.222.135.142	32	dbc	None	2020-06-30 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=142,PL) | updated by wmp Block expiration extended with reason HIVE Case #3708 TO-S-2020-0766 (IP=142,PL)
193.222.135.145	32	dbc	None	2020-06-30 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=145,PL) | updated by wmp Block expiration extended with reason HIVE Case #3708 TO-S-2020-0766 (IP=145,PL)
193.222.135.148	32	dbc	None	2020-06-30 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=148,PL) | updated by wmp Block expiration extended with reason HIVE Case #3708 TO-S-2020-0766 (IP=148,PL)
193.222.135.158	32	dbc	None	2020-06-30 00:00:00	2020-09-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=158,PL)
193.222.135.175	32	dbc	None	2020-06-30 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=175,PL) | updated by wmp Block expiration extended with reason HIVE Case #3708 TO-S-2020-0766 (IP=175,PL)
193.226.185.66	24	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	TCP: SYN Host Sweep (IP=66,Czech Republic)
193.23.181.101	24	djs	None	2014-10-11 05:00:00	2020-09-02 00:00:00	None	DNS Scans (ip=101,UA 53 | updated by YM with reason UDP: Host Sweep (IP=246,UA) | updated by dbc with reason UA TO-S-2019-0952 Malware Activity
193.230.156.92	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	RO TO-S-2019-0382 Malicious Email Activity
193.234.0.0	15	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	SE TO-S-2019-1036 Malicious Web Application Activity
193.234.30.54	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	SE TO-S-2019-0631 Malicious Email Activity
193.238.47.89	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Generic ArcSight scan attempt (IP=89,NL)
193.239.136.130	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	PL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason PL TO-S-2020-0212.01 Malicious Web Application Activity
193.239.44.212	24	GM	None	2018-07-11 05:00:00	2020-01-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=212,PL) | updated by kmw with reason PL TO-S-2019-0358 Malicious Email Activity
193.243.196.133	24	RB	None	2018-05-13 05:00:00	2020-03-15 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=133,TR) | updated by BP Block was inactive. Reactivated on 20191203 with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=133,TR)
193.254.245.178	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	UDP: Host Sweep (IP=178,RS)
193.254.252.28	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	TR TO-S-2019-0382 Malicious Email Activity
193.254.252.9	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	TR TO-S-2019-0382 Malicious Email Activity
193.26.21.5	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	UDP: Host Sweep (IP=5,FR)
193.29.13.0	24	dcg	None	2018-07-12 05:00:00	2020-01-17 00:00:00	None	RO TO-S-2018-0927 associated with malicious web application and malware activity | updated by RR with reason Generic ArcSight scan attempt (IP=20,RO)
193.29.15.169	24	RB	None	2019-11-28 00:00:00	2020-05-04 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt_Sourcefire (IP=169,RO) | updated by BP Block expiration extended with reason PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=169,RO) | updated by RW Block expiration extended with reason PROTOC
193.29.187.173	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	FR TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason FR TO-S-2020-0212.01 Malicious Email Activity
193.29.47.98	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=98,ES)
193.30.35.55	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	GB TO-S-2019-0382 Malicious Email Activity
193.31.40.36	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=36,GB)
193.32.127.153	24	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt - Sourcefire (IP=153,CH))
193.32.161.0	24	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	RU TO-S-2019-0604 Malware Activity
193.32.163.0	24	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	RU TO-S-2019-0604 Malware Activity
193.32.21.65	24	GM	None	2020-01-08 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=65,UA)
193.32.249.135	24	RW	None	2020-08-09 00:00:00	2020-11-09 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=135,NL)
193.33.128.155	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	CH TO-S-2019-0631 Malicious Email Activity
193.34.144.142	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=142,DE)
193.34.145.120	24	RR	None	2018-12-20 06:00:00	2020-01-04 00:00:00	None	Failed password for invalid user (IP=120,DE) | updated by ABC with reason Generic ArcSight scan attempt (IP=42,DE) | 2020-01-04 | 2019-03-20
193.34.161.83	24	ABC	None	2019-09-30 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=83,RU) | updated by KF Block expiration extended with reason SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Web Attacks (IP=83,RU)
193.35.51.10	24	RWB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	Hive Case 1360 - kites multiple Phish.URL - FE (IP=10,RU)
193.37.213.152	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	BG TO-S-2019-0613 Malicious Email Activity
193.37.213.223	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	BG TO-S-2019-0658 Malware Activity
193.37.213.4	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	BG TO-S-2019-0400 Malware Activity
193.37.213.61	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	BG TO-S-2019-0626.01 Malware Activity
193.37.252.76	32	None	None	None	2020-04-17 00:00:00	None	| updated by dbc with reason GB TO-S-2019-0604 Malware Activity
193.37.255.114	24	RW	None	2019-12-19 00:00:00	2020-03-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=114,SK)
193.38.51.210	32	wmp	None	2020-07-02 00:00:00	2020-10-02 00:00:00	None	HIVE Case #3212 CTO-20-182 (IP=210,RU)
193.41.65.110	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	BG TO-S-2019-0420 Malware Activity
193.42.99.162	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=162,XX)
193.47.148.0	24	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
193.56.151.11	24	GM	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=11,UA)
193.56.28.120	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=120,GB)
193.56.28.132	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	GB TO-S-2019-0658 Malware Activity
193.56.28.254	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0212.01 Malicious Web Application Activity
193.56.28.254	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity
193.56.36.5	32	dbc	None	2019-01-15 06:00:00	2020-01-15 06:00:00	None	FR TO-S-2019-0321 Malware Activity
193.56.37.9	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	FR TO-S-2019-0351 Malware Activity
193.57.40.38	32	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	Immediate Network Block TT# 20C01525 (IP=38,SE)
193.57.40.38	24	RB	None	2020-01-24 00:00:00	2020-05-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=38 UA) | updated by KF Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability (IP=38,)
193.70.0.42	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
193.70.112.161	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=161,FR)
193.70.13.22	24	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - 6 hr Web Attacks (IP=22,FR)
193.70.33.75	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Invalid user - Failed Logons (IP=75,FR)
193.70.36.65	24	RR	None	2017-11-04 05:00:00	2020-01-29 00:00:00	None	Illegal user (IP=65,IT) | updated by alj with reason 2RCC Immediate Inbound Network Block - TT# 19C00455 (ip=40,fr) | updated by GM with reason Authentication Failed - Failed Logons (IP=161,FR)
193.70.37.140	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user (IP=140,FR)
193.70.38.187	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
193.70.39.84	24	RR	None	2018-12-18 06:00:00	2020-01-31 00:00:00	None	Failed password for invalid user (IP=84,IT) | updated by RR with reason Failed password - Failed Logons (IP=175,FR)
193.70.45.38	24	RR	None	2017-02-06 06:00:00	2020-02-22 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=38,IT) | updated by dbc with reason FR TO-S-2019-0431 Malicious
193.70.8.163	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password - Failed Logon (IP=163,FR)
193.70.80.214	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	FR TO-S-2020-0187 Malicious Email Activity
193.70.81.201	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	Failed password_Failed Logon (IP=1,FR)
193.70.85.206	24	GLM	None	2018-12-16 06:00:00	2020-01-27 00:00:00	None	Failed password (IP=206,FR) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=206,FR)
193.70.86.97	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
193.70.91.107	24	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=107,FR)
193.77.155.50	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=50,SI)
193.77.158.112	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=112,SI)
193.77.216.143	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=143,SI)
193.8.80.197	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=197,PL)
193.8.82.35	24	CR	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_Web Attack (IP=35,HK)
193.8.82.60	32	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	Immediate Inbound Network Block - TT# 20C00139 (IP=60,US)
193.8.83.171	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=171,PL)
193.80.105.222	24	FT	None	2020-09-12 00:00:00	2020-12-12 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=222,AT)
193.86.97.36	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (1:52277:1) (IP=36,CZ)
193.87.99.184	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password_6 hr Failed Logons (IP=184,SK)
193.9.114.54	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	BE TO-S-2019-0952 Malicious Email Activity
193.9.115.23	32	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	BG TO-S-2019-0515 Malware Activity
193.9.17.2	24	BMP	None	2020-05-01 00:00:00	2020-07-30 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=2,RU)
193.9.60.0	22	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	RU TO-S-2019-0658 Malware Activity
193.90.12.119	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NO TO-S-2020-0212.01 Malicious Web Application Activity
193.90.12.119	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NO TO-S-2020-0206 Malicious Web Application Activity
193.91.98.188	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=188,BE)
193.92.82.35	24	GM	None	2019-10-18 00:00:00	2020-01-18 00:00:00	None	Illegal user - Failed Logons (IP=35,GR)
194.0.11.102	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	DE TO-S-2019-0617 Malware Activity
194.0.38.1	24	ALJ	None	2018-07-19 05:00:00	2020-02-21 00:00:00	None	INDICATOR-COMPROMISE Suspicious .tk dns query (1:39867:4) (IP=1,TK) | updated by BP Block was inactive. Reactivated on 20191121 with reason INDICATOR-COMPROMISE Suspicious .tk dns query (IP=1,TK)
194.0.39.1	24	jkc	None	2016-09-06 05:00:00	2020-02-21 00:00:00	None	INDICATOR-COMPROMISE Suspicious .tk dns query (IP=1,NL) | updated by BP Block was inactive. Reactivated on 20191121 with reason INDICATOR-COMPROMISE Suspicious .tk dns query (IP=1,TK)
194.0.4.10	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	GR TO-S-2019-0617 Malware Activity
194.0.40.1	24	alj	None	2018-11-26 06:00:00	2020-02-21 00:00:00	None	INDICATOR-COMPROMISE Suspicious .tk | updated by BP Block was inactive. Reactivated on 20191121 with reason INDICATOR-COMPROMISE Suspicious .tk dns query (IP=1,TK)
194.0.41.1	24	alj	None	2018-11-26 06:00:00	2020-02-21 00:00:00	None	INDICATOR-COMPROMISE Suspicious .tk | updated by BP Block was inactive. Reactivated on 20191121 with reason INDICATOR-COMPROMISE Suspicious .tk dns query (IP=1,TK)
194.102.35.244	24	BP	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Failed password for invalid user - 6hr Logons (IP=244,RO)
194.103.134.11	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=11,SE)
194.105.205.42	24	MLJ	None	2017-11-23 06:00:00	2020-01-21 00:00:00	None	Authentication Failed (IP=42,RU) | updated by RB with reason Authentication Failed (IP=42,RU) 2018-02-23 2019-05-05 | updated by Illegal with reason user - Failed Logons (IP=4,RU)
194.109.193.79	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	NL TO-S-2019-0852 Malicious Email Activity
194.110.84.206	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	DE TO-S-2019-0723 Malicious Email Activity
194.113.34.25	32	dbc	None	2020-08-04 00:00:00	2020-08-04 00:00:00	None	HIVE Case #3470 CTO-20-210 EUCOM JCC SR 100-20 (IP=25,PL)
194.116.202.214	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=214,FR)
194.127.179.33	24	DT	None	2020-07-28 00:00:00	2020-10-26 00:00:00	None	SQL url ending in comment characters - possible sql injection attempt - SourceFire (IP=33,NL)
194.132.232.0	21	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	SE TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason SE TO-S-2020-0212.01 Malicious Web Application Activity
194.135.130.110	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0212.01 Malicious Web Application Activity
194.135.130.110	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	DE TO-S-2020-0206 Malicious Web Application Activity
194.135.145.130	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=130,RU)
194.135.39.84	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=84,UA) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=84,UA)
194.135.80.0	20	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	LT TO-S-2019-0577 Malicious Email Activity
194.135.87.67	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=67,LT)
194.141.40.20	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	BG TO-S-2019-0551.02 Malicious Email Activity
194.143.137.70	24	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=70,UA)
194.145.138.202	24	KF	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C01924 (IP=202,TR)
194.146.239.28	24	RR	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=28,AE)
194.147.115.47	24	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SQL injection - 6hr web attacks (IP=47,NL)
194.15.116.0	22	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
194.15.36.40	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	UDP: Host Sweep (IP=40,DE)
194.150.15.192	24	ged	None	2015-11-22 06:00:00	2020-01-15 00:00:00	None	ET SCAN Potential SSH Scan (IP=192, GB) | updated by GM with reason Illegal user - Failed Logons (IP=70,GB)
194.152.206.216	24	ged	None	2014-11-27 06:00:00	2020-03-10 00:00:00	None	ET SCAN Potential SSH Scan (IP=216, HR) | updated by RR with reason Illegal user (IP=93,HR) | updated by GM with reason Invalid user - Failed Logons (IP=93,HR)
194.156.126.44	24	CR	None	2019-04-09 00:00:00	2020-04-17 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (IP=44,RU) | updated by dbc with reason DE
194.160.0.0	16	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	SK TO-S-2020-0012 Malware Activity
194.166.140.127	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt - Web Attacks (IP=127,AT )
194.169.221.233	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=233,GB)
194.171.23.4	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=4,NL)
194.180.224.150	32	KF	None	2020-03-09 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent/BOT: Potential Muieblackcat Scanner - TT# 20C02079 (IP=150,US)
194.180.224.249	24	RR	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=249,US)
194.182.73.88	24	RR	None	2018-08-14 05:00:00	2020-02-08 00:00:00	None	Illegal user (IP=88,DK) | updated by GM with reason Invalid user - Failed Logons (IP=80,CZ)
194.182.88.185	24	KF	None	2019-05-13 00:00:00	2020-02-10 00:00:00	None	Illegal user_6 Hour Failed Logons (IP=185,DK) | updated by GM with reason ABC Generic ArcSight scan attempt (IP=132,CZ)
194.183.98.190	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	GB TO-S-2020-0006 Malicious Email Activity
194.184.31.194	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - Web Attacks (IP=194,IT)
194.186.85.102	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	Possible SQLi attempt/HTTP: Blind SQL Injection Timing - TT# 20C01884 (IP=102,RU)
194.187.249.34	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent / 20451: HTTP: OpenVAS Vulnerability Scanner - TT# 20C00130 (IP=34,FR)
194.187.251.0	24	GLM	None	2016-11-20 06:00:00	2020-02-15 00:00:00	None	POLICY-OTHER script tag in URI - likely cross-site scripting attempt (IP=5,BE) | updated by jky with reason BE TO-S-2017-0842
194.190.49.175	24	BMP	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - 6hr Web Attacks (IP=175,RU)
194.193.166.9	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=9,GB)
194.219.29.87	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	Authentication Failed_Failed Logon (IP=87,GR)
194.228.111.169	24	RR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	Illegal user - Failed Logons (IP=169,CZ)
194.228.3.191	24	RR	None	2018-12-08 06:00:00	2020-02-10 00:00:00	None	Failed password for invalid user (IP=191,CZ) | updated by CW Block was inactive. Reactivated on 20191112 with reason Failed password for invalid user_Failed Logon (IP=91,CZ)
194.236.0.0	16	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	SE TO-S-2020-0006 Malicious Email Activity
194.237.215.184	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=184,SE)
194.243.255.230	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - Web Attacks (IP=230,IT)
194.243.5.17	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt_Web attacks (IP=17,IT)
194.243.6.150	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=150,IT)
194.245.103.15	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	DE TO-S-2019-0409 Malicious Email Activity
194.25.134.21	32	jky	None	2018-01-30 06:00:00	2020-12-13 00:00:00	None	DE TO-S-2018-0415 Recon activity | updated by wmp Block was inactive. Reactivated on 20200914 with reason HIVE Case #3853 COLS-NA-TIP-20-0291 (IP=21,DE)
194.25.134.82	32	dcg	None	2018-06-11 05:00:00	2020-10-15 00:00:00	None	DE TO-S-2018-0831 associated with malware activity | updated by wmp Block was inactive. Reactivated on 20200715 with reason HIVE Case #3341 COLS-NA-TIP-20-0219 (IP=82,DE)
194.25.14.24	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	DE TO-S-2019-1036 Malicious Email Activity
194.26.29.129	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=129,RU)
194.26.69.106	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=106,RU)
194.28.132.56	24	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr web attacks (IP=56,UK)
194.31.236.136	32	BMP	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C02863 (IP=136,US)
194.31.237.11	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=11,XX)
194.31.244.22	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=22,UA)
194.32.76.124	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	FR TO-S-2019-0723 Malicious Email Activity
194.33.45.180	32	DT	None	2020-06-14 00:00:00	2020-09-14 00:00:00	None	4654 HTTP PHP Code Injection - TT# 20C03158 (IP=180,NL)
194.36.101.186	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=186,US)
194.36.173.105	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
194.36.189.106	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	NL TO-S-2019-0613 Malware Activity
194.36.189.84	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malware Activity
194.36.190.106	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	NL TO-S-2020-0031 Malicious Email Activity
194.39.131.66	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	DE TO-S-2020-0065 Malicious Web Application Activity
194.44.111.130	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=130,UK)
194.44.111.130	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=130,UK)
194.45.8.41	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	NL TO-S-2019-0468 Malware Activity
194.5.178.92	32	FT	None	2020-09-28 00:00:00	2020-12-28 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C04000 (IP=92,IR)
194.5.97.10	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=10,NL)
194.5.97.13	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=13,NL)
194.53.155.163	24	RR	None	2020-01-18 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=163,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=163,)
194.55.132.250	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=250,US)
194.58.56.0	24	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	RU TO-S-2019-0351 Malicious Web Application Activity
194.58.88.3	24	tpr	None	2014-03-12 05:00:00	2020-02-04 00:00:00	None	ssh scans (ip=3, RU) | updated by kmw with reason RU TO-S-2019-0382 Malicious Email Activity
194.59.164.21	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	SG TO-S-2019-0769 Malicious Email Activity
194.59.251.136	24	RR	None	2018-09-02 05:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP Apache Struts remote code execution attempt (IP=136,DE) | updated by dbc with reason DE TO-S-2019-0617 Malware
194.59.251.38	32	RR	None	2020-08-16 00:00:00	2020-11-14 00:00:00	None	Possible SQLi attempt - TT# 20C03724 (IP=38,US)
194.61.24.253	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malicious Web Application Activity
194.61.24.253	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity
194.61.24.57	32	RB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Known Attack Tool User Agent/HTTP: SqlMap SQL Injection - Scanning I - TT# 20C01188 (IP=57,NL)
194.61.24.7	24	RR	None	2018-11-13 06:00:00	2020-04-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=7,GB) | updated by CW with reason OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt_SourceFire (IP=26,NL) | 2020-04-04 | 2019-02-11
194.61.27.240	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=240,LU)
194.62.55.25	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=25,TR)
194.63.249.231	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	NO TO-S-2019-0938 Malicious Email Activity
194.67.192.0	19	jky	None	2017-10-27 05:00:00	2020-01-21 00:00:00	None	RU TO-S-2018-0096 Malware activity | updated by GM with reason Illegal user - Failed Logons (IP=146,RU)
194.71.130.113	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=113,HU)
194.71.130.115	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=115,HU)
194.71.130.119	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=119,HU)
194.76.224.12	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	DE TO-S-2019-0626.01 Malicious Email Activity
194.76.224.149	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=149,SE)
194.76.225.28	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	NL TO-S-2019-0800 Malicious Email Activity
194.79.60.175	24	BMP	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	Authentication Failed - 6hr Logon (IP=175,UA)
194.87.138.172	24	BMP	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=175,RU)
194.87.144.0	22	jky	None	2017-04-19 05:00:00	2020-02-10 00:00:00	None	RU TO-S-2017-0879 Malicious activity | updated by GM with reason ABC Generic ArcSight scan attempt (IP=5,RU)
194.87.236.92	24	GM	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	ABC Generic ArcSight scan attempt (IP=92,RU)
194.9.177.15	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malware Activity
194.9.178.10	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malware Activity
194.9.179.23	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malware Activity
194.9.179.3	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
194.90.217.12	24	RB	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_6 hr web attacks (IP=12,IL)
194.99.104.26	32	RW	None	2020-01-22 00:00:00	2020-02-22 00:00:00	None	Known Attack Tool User Agent - TT# 20C01512 (IP=26,ES)
194.99.104.26	32	RW	None	2020-01-22 00:00:00	2020-02-22 00:00:00	None	Known Attack Tool User Agent - TT# 20C01512 (IP=26,ES)
194.99.104.26	32	RW	None	2020-01-24 00:00:00	2020-02-24 00:00:00	None	Known Attack Tool User Agent - TT# 20C01512 (IP=26,ES)
195.103.119.26	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=26,IT)
195.103.133.46	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=46,IT)
195.12.113.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	KZ TO-S-2019-0626.01 Malware Activity
195.122.11.96	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=96,LV)
195.122.177.151	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	DE TO-S-2019-0626.01 Malware Activity
195.122.177.157	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	DE TO-S-2019-0626.01 Malware Activity
195.122.177.177	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	DE TO-S-2019-0626.01 Malware Activity
195.123.227.13	32	BMP	None	2020-03-15 00:00:00	2020-06-13 00:00:00	None	Possible SQLi attempt / HTTP: SqlMap SQL Injection - Scanning I - TT# 20C02142 (IP=13,BG)
195.123.237.194	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=194,SG)
195.128.120.143	24	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=143,RU)
195.128.124.168	24	MLJ	None	2018-01-25 06:00:00	2020-04-17 00:00:00	None	ET SCAN Potential VNC Scan 5900-5920 (IP=168,RU) | updated by dbc with reason RU TO-S-2019-0604 Malware Activity
195.128.126.35	24	dbc	None	2014-04-18 05:00:00	2020-04-17 00:00:00	None	Potential SSH Scan (ip=35,RU) | updated by dbc with reason RU TO-S-2019-0604 Malware Activity
195.133.2.202	24	RW	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=202,RU)
195.136.145.102	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	PL TO-S-2020-0056 Malicious Email Activity
195.138.242.12	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	DE TO-S-2019-0952 Malware Activity
195.140.214.111	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	GB TO-S-2019-0608 Malware Activity
195.142.63.148	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=148,TR)
195.146.10.254	24	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=254,CZ)
195.146.81.145	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=145,RU)
195.154.0.0	16	tjh	None	2014-10-29 05:00:00	2020-04-15 00:00:00	None	FR TO-S-2015-0065 | updated by dbc with reason Potential SSH Scan (IP=123, FR) | updated by klb with reason ET SCAN Potentia | updated by with reason | updated by RB with reason Unauthorized Access-Probe - TT# 19C02769 (IP=114,FR) | updated by RR
195.154.102.191	24	GM	None	2020-01-15 00:00:00	2020-04-15 00:00:00	None	FIREEYE Web: Infection Match - Case # 1876 (IP=191 FR) | 2019-11-09 | 2020-04-15
195.154.105.167	24	RW	None	2020-09-08 00:00:00	2020-12-08 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=167,FR)
195.154.118.76	24	DT	None	2020-06-17 00:00:00	2020-09-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=76,FR)
195.154.164.44	32	KF	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Immediate Inbound Network Block - TT# 20C00909 (IP=44,US)
195.154.179.14	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_6 Hr Failed Logons (IP=14,FR)
195.158.29.222	24	RR	None	2017-11-10 06:00:00	2020-05-04 00:00:00	None	Illegal user (IP=222,UZ) | updated by RW Block was inactive. Reactivated on 20200204 with reason Authentication Failed - 6hr Failed Logon(IP=222,UZ)
195.158.30.34	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=34,UZ)
195.158.8.206	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=206,UZ)
195.158.92.108	24	GM	None	2020-01-16 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=108,MT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=108,MT)
195.16.41.171	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password for invalid user - Failed Logons (IP=171,RU)
195.160.180.2	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	PL TO-S-2019-0972 Malicious Web Application Activity
195.165.0.0	16	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	RU TO-S-2019-0351 Malware Activity
195.167.27.132	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	GR TO-S-2020-0187 Malicious Email Activity
195.168.117.203	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	SK TO-S-2020-0212.01 Malicious Web Application Activity
195.168.117.203	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	SK TO-S-2020-0206 Malicious Web Application Activity
195.168.34.219	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Failed password - Failed Logons (IP=219,SK)
195.174.0.76	24	RB	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Sourcefire (IP=76,TR)
195.178.192.0	19	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
195.181.161.226	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	CZ TO-S-2019-0972 Malware Activity
195.181.167.149	24	KF	None	2020-05-24 00:00:00	2020-08-22 00:00:00	None	Possible SQLi attempt - TT# 20C02902 (IP=149,ES)
195.181.169.175	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
195.181.172.137	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	NL TO-S-2019-0952 Malware Activity
195.181.172.139	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	NL TO-S-2019-0952 Malware Activity
195.181.172.68	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity
195.181.221.151	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity
195.182.34.75	24	RW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=75,PL)
195.189.226.0	23	dbc	None	2019-03-21 00:00:00	2020-04-04 00:00:00	None	UA TO-S-2019-0515 Malware Activity | updated by dbc with reason UA TO-S-2019-0571 Malware Activity
195.191.186.0	23	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	AM TO-S-2020-0012 Malware Activity
195.191.3.118	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password for invalid user - Failed Logons (IP=118,DE)
195.2.92.143	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=143,RU)
195.20.128.0	24	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	RU TO-S-2020-0006 Malicious Email Activity
195.20.40.0	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	NL TO-S-2019-0852 Malicious Email Activity
195.20.40.1	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	NL TO-S-2019-0351 Malicious Email Activity
195.20.40.90	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	NL TO-S-2019-0926 Malicious Web Application Activity
195.20.41.88	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	NL TO-S-2019-0409 Malicious Email Activity
195.20.42.12	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	NL TO-S-2019-0409 Malicious Email Activity
195.20.42.232	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	NL TO-S-2019-0400 Malicious Email Activity
195.20.43.128	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	NL TO-S-2019-0769 Malicious Email Activity
195.20.43.50	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	NL TO-S-2019-0468 Malicious Email Activity
195.20.44.195	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	NL TO-S-2019-0488 Malicious Email Activity
195.20.45.127	24	wmp	None	2018-10-25 05:00:00	2020-07-12 00:00:00	None	COLS-NA TIP 18-0374 (IP=127,NL) | updated by kmw with reason NL TO-S-2019-0382 Malicious Email Activity | updated by dbc wit | updated by dbc with reason NL TO-S-2019-0816 Malicious Email Activity
195.20.46.18	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	NL TO-S-2019-0409 Malicious Email Activity
195.20.47.118	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	NL TO-S-2019-0382 Malicious Email Activity
195.20.48.164	24	sjl	None	2015-09-11 05:00:00	2020-07-29 00:00:00	None	Malicious.URL (IP=164 NL) | updated by kmw with reason NL TO-S-2019-0152 Malicious Email Activity | updated by kmw with reas | updated by dbc with reason NL TO-S-2019-0852 Malicious Web Application Activity
195.20.49.104	24	jky	None	2017-04-11 05:00:00	2020-07-29 00:00:00	None	NE TO-S-2017-0852 Malicious activity | updated by kmw with reason NL TO-S-2019-0382 Malicious Email Activity | updated by db | updated by dbc with reason NL TO-S-2019-0852 Malicious Web Application Activity
195.20.50.153	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	NL TO-S-2019-0400 Malicious Email Activity
195.20.50.192	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	NL TO-S-2019-0816 Malicious Email Activity
195.20.50.247	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	NL TO-S-2019-1036 Malicious Web Application Activity
195.20.50.50	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	NL TO-S-2019-0546 Malicious Email Activity
195.20.50.57	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	NL TO-S-2019-0351 Malicious Email Activity
195.20.50.95	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	NL TO-S-2019-0852 Malicious Web Application Activity
195.20.51.102	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	NL TO-S-2019-0382 Malicious Email Activity
195.20.52.172	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	NL TO-S-2019-0777 Malicious Email Activity
195.20.52.186	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	NL TO-S-2019-0351 Malicious Email Activity
195.20.52.196	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	NL TO-S-2019-0852 Malicious Web Application Activity
195.20.53.155	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	NL TO-S-2019-0400 Malicious Email Activity
195.20.53.48	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	NL TO-S-2019-0351 Malicious Email Activity
195.20.54.193	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	NL TO-S-2019-0816 Malicious Email Activity
195.20.55.113	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	NL TO-S-2019-0816 Malicious Email Activity
195.20.55.141	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	NL TO-S-2019-0382 Malicious Email Activity
195.20.55.171	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	NL TO-S-2019-0816 Malicious Email Activity
195.20.55.194	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	NL TO-S-2020-0088 Malicious Email Activity
195.20.55.207	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NL TO-S-2019-0626.01 Malicious Email Activity
195.20.55.245	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	NL TO-S-2019-0400 Malicious Email Activity
195.20.9.82	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	NL TO-S-2019-0926 Malicious Web Application Activity
195.201.0.0	16	dcg	None	2018-07-31 05:00:00	2020-01-29 00:00:00	None	RU TO-S-2018-0988 associated with malicious web application and malware activity | updated by GM with reason ABC Generic ArcSight scan attempt (IP=43,DE)
195.201.138.238	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Attempted Administrator Privilege Gain - FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode - SourceFire (IP=238,DE)
195.201.57.18	32	GM	None	2020-04-15 00:00:00	2020-07-15 00:00:00	None	Known Attack Tool User Agent V2/UDS-WhatWeb_RC8766 - TT# 20C02520 (IP=18,DE)
195.206.105.211	24	GM	None	2019-03-14 00:00:00	2020-01-20 00:00:00	None	Phish.URL (IP=211,CH) | updated by RB with reason Possible SQLi attempt / HTTP: Blind SQL Injection - Timing - TT# 20C00548 (IP=217,CH)
195.206.105.42	24	jkc	None	2020-07-01 00:00:00	2020-10-01 00:00:00	None	HIVE Case #3146 CTO-20-172 (IP=42,CH)
195.206.252.0	24	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	RU TO-S-2019-0400 Malicious Reconnaissance Activity
195.208.1.107	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=107,RU)
195.208.1.142	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=142,RU)
195.210.160.0	19	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	RU TO-S-2019-0409 Malicious Email Activity
195.210.28.164	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=164,SK)
195.210.46.196	24	jkc	None	2015-11-25 06:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt (IP=196 , KZ) | updated by djs with reason WEBAPP RevSlider information
195.210.46.57	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=57,KZ)
195.211.72.35	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	NL TO-S-2019-0658 Malware Activity
195.22.225.19	24	RB	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=19,MD)
195.22.26.0	24	tjh	None	2014-11-14 06:00:00	2020-02-24 00:00:00	None	PT TO-S-2015-0085 | updated by djs with reason Threat.Malicious.Web.RealTime botnet (ip=248,PT) | updated by jky with reason | updated by RWB with reason Trojan.Malware.Sinkhole Case 955 - FE (IP=248,PT)
195.223.171.66	24	KF	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02219 (IP=66,IT)
195.223.173.102	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt_Web attacks (IP=2,IT)
195.223.211.242	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password_6 hr Failed Logons_CPC (IP=242 IT) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
195.225.229.214	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=214,UA )
195.225.49.136	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=136,UK)
195.228.22.54	24	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Invalid user - Failed Logons (IP=54,HU)
195.228.231.34	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=34,HU)
195.228.75.160	24	GM	None	2020-06-18 00:00:00	2020-08-18 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=160,HU)
195.231.0.186	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=186,no ISC data)
195.231.1.162	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=162,no ISC data)
195.231.11.173	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=173,no ISC data)
195.231.2.225	24	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	Authentication Failed - 6hr Logons (IP=225,IT)
195.231.3.68	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=68,IT)
195.231.68.177	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=177,IT)
195.231.69.122	24	RR	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	Authentication Failed - Failed Logons (IP=122,DK)
195.234.190.100	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	DE TO-S-2020-0006 Malicious Email Activity
195.234.4.0	23	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	UA TO-S-2019-0604 Malicious Email Activity
195.234.6.0	23	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	UA TO-S-2019-0409 Malicious Email Activity
195.238.172.15	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	GB TO-S-2019-0577 Malicious Email Activity
195.239.156.34	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=34,RU)
195.248.241.35	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	DE TO-S-2020-0047 Malicious Email Activity
195.248.242.10	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	DE TO-S-2020-0047 Malicious Email Activity
195.248.242.224	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	DE TO-S-2019-0634 Malware Activity
195.248.243.241	24	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=241,DE)
195.26.36.23	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity
195.29.150.135	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	HR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason HR TO-S-2020-0212.01 Malicious Web Application Activity
195.29.90.142	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	HR TO-S-2020-0212.01 Malicious Web Application Activity
195.29.90.142	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	HR TO-S-2020-0206 Malicious Web Application Activity
195.3.96.115	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=115,AT)
195.30.84.210	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=210,DE)
195.31.160.73	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=73,IT)
195.36.14.18	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=18,IT)
195.37.190.89	24	RB	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	MALWARE-TOOLS TLS-Attacker tool connection attempt - known SSL client random - 6 hr web attacks (IP=89,DE)
195.46.253.67	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	LU TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason LU TO-S-2020-0212.01 Malicious Web Application Activity
195.5.246.162	24	GM	None	2020-08-30 00:00:00	2020-11-30 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=162,FR)
195.54.160.121	32	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02634 (IP=121,RU)
195.54.160.121	24	BMP	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=121,RU) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6 hr web attacks (IP=121,RU)
195.54.160.21	32	GM	None	2020-08-14 00:00:00	2020-11-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT # 20C03705 (IP=21,RU)
195.54.160.212	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=212,XX)
195.54.161.159	24	FT	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	Possible SQLi attempt TT#20C03779 (IP=159,RU)
195.54.214.20	24	DT	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	APP-DETECT SSH server detected on non-standard port - Sourcefire (IP=20,RU)
195.55.253.1	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02797 (IP=1,ES)
195.56.253.49	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=49,HU)
195.58.123.109	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	Invalid user - Failed Logons (IP=109,SE)
195.60.190.152	24	RR	None	2017-11-17 06:00:00	2020-04-15 00:00:00	None	Illegal user (IP=152,IT) | updated by RR with reason Illegal user (IP=152,IT) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=155,IT)
195.60.190.155	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=155,IT)
195.60.214.186	24	GM	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=186,NL)
195.60.232.0	22	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
195.62.32.149	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	UDP: Host Sweep - ARCSight Sauron (IP=149,DE)
195.62.63.195	24	KF	None	2020-06-10 00:00:00	2020-09-08 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03122 (IP=195,RU)
195.68.98.200	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password - Failed Logons (IP=200,GB)
195.69.221.76	24	RR	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=76,UA)
195.72.159.121	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=121,UA)
195.74.36.0	22	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	SE TO-S-2019-0852 Malicious Email Activity
195.8.197.108	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	GB TO-S-2019-0551.02 Malicious Email Activity
195.83.17.97	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=97,FR)
195.88.204.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	SA TO-S-2019-0626.01 Malware Activity
195.88.220.41	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode_Sourcefire (IP=41,RU)
195.9.0.0	16	dcg	None	2018-07-05 05:00:00	2020-01-10 00:00:00	None	RU TO-S-2018-0908 associated with Malicious Web Application Activity | updated by GM with reason Illegal user - Failed Logons (IP=58,RU)
196.0.5.0	24	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	UG TO-S-2019-0926 Malicious Reconnaissance Activity
196.10.216.69	24	BP	None	2019-11-21 00:00:00	2020-06-24 00:00:00	None	INDICATOR-COMPROMISE Suspicious .ml dns query (IP=69,ZA) | updated by DT Block was inactive. Reactivated on 20200326 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=69,ML)
196.11.231.220	24	RR	None	2018-12-08 06:00:00	2020-01-27 00:00:00	None	Failed password for invalid user (IP=220,NG) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=220,NG)
196.124.127.118	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - Failed Logons (IP=118,MA)
196.13.207.52	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	Failed password_6 hr Failed Logons (IP=52,BF)
196.14.22.34	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3604 COLS-NA-TIP-20-0262 (IP=34,ZA)
196.15.211.91	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Invalid user - Failed Logon (IP=91,ZA)
196.153.223.80	24	KF	None	2020-05-31 00:00:00	2020-08-29 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - SourceFire (IP=80,EG)
196.159.128.164	24	BMP	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	Authentication Failed - 6hr Logon (IP=164,EG)
196.159.154.207	32	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	UDS-WhatWeb_RC8766 - 20C01706 (IP=207,US)
196.159.160.234	32	RB	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Known Attack Tool User Agent / UDS-WhatWeb_RC8766 - TT# 20C01714 (IP=234,EG)
196.176.0.0	14	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	TN TO-S-2019-0985 Application Vulnerability Exploit
196.180.0.0	14	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CI TO-S-2019-0952 Malware Activity
196.188.13.25	24	RW	None	2019-12-19 00:00:00	2020-03-19 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=25,ET)
196.188.240.13	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=13,ET)
196.188.42.130	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=130,ET)
196.188.72.79	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=79,ET)
196.189.56.127	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=127,ET)
196.189.88.22	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=22,ET)
196.190.28.52	24	RB	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed_6 hr Failed Logons_CPC (IP=52,ET)
196.191.191.166	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=166,ET)
196.191.255.133	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=133,ET)
196.192.110.64	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=64,MU)
196.195.158.116	32	RB	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - TT# 20C00455 (IP=116,IN)
196.196.150.106	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	ES TO-S-2020-0187 Malware Activity
196.203.31.154	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	Illegal user - Web Attacks (IP=154,TN)
196.208.0.0	13	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	ZA TO-S-2019-0508 Malware Activity
196.216.206.2	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP=2,EG)
196.216.8.0	21	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	MW TO-S-2019-1036 Malicious Email Activity
196.216.8.2	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=2,MW)
196.218.238.198	24	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=198,EG)
196.220.190.181	24	RR	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=181,ZA)
196.220.38.76	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	ZA TO-S-2019-0400 Malicious Email Activity
196.221.0.0	16	dcg	None	2018-06-11 05:00:00	2020-04-19 00:00:00	None	EG TO-S-2018-0831 associated with malicious web application and malware activity | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=121,EG)
196.223.152.54	24	GM	None	2020-08-17 00:00:00	2020-11-17 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=54,SD)
196.229.237.151	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=151,TN)
196.234.170.95	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=95,TU)
196.235.115.187	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=187,TU)
196.235.119.205	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=205,TU)
196.235.44.119	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=119,TN)
196.24.44.34	24	RR	None	2019-01-19 00:00:00	2020-01-29 00:00:00	None	Failed password for invalid user (IP=34,ZA) | updated by RB with reason Failed password_6 hr Failed Logons (IP=6 ZA) | 2020-01-29 | 2019-04-19
196.244.191.2	24	RW	None	2020-03-09 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent / UDS-OpenVAS_RC8766 - TT# 20C02092(IP=2,FL)
196.244.191.42	32	CR	None	2020-01-13 00:00:00	2020-02-13 00:00:00	None	Known Attack Tool User Agent/UDS-OpenVAS_RC8766 - TT# 20C01430 (IP=42,US)
196.246.210.253	24	RW	None	2019-12-12 00:00:00	2020-03-12 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=253,PK)
196.247.56.20	24	ABC	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	Generic ArcSight scan attempt (IP=20,SE)
196.249.193.50	24	RR	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=50,AO)
196.27.115.50	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Illegal user - 6hr Logons (IP=50,ZW)
196.37.159.18	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=18,ZA)
196.43.165.48	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password (IP=48,UG)
196.43.196.108	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Failed password for invalid user - Failed Logons (IP=108,GH)
196.44.177.78	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	ZW TO-S-2019-0577 Malicious Email Activity
196.44.32.226	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=226,ZA)
196.45.48.223	24	RR	None	2016-11-25 06:00:00	2020-02-18 00:00:00	None	Failed password (IP=,NG) | updated by jkc with reason Illegal user (IP=223, NG) | updated by jkc with reason Illegal user ( | updated by RR with reason Failed password for invalid user - Failed Logons (IP=59,NG)
196.46.192.134	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=134,ZM)
196.50.5.0	24	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	NG TO-S-2019-0839 Malicious Email Activity
196.52.10.11	32	RB	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	Known Attack Tool User Agent / UDS-OpenVAS_RC8766 - TT# 20C01678 (IP=11,ZA)
196.6.112.0	21	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	ZA TO-S-2019-1036 Malicious Email Activity
196.62.223.135	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=135,PK)
196.64.153.99	24	RR	None	2020-07-09 00:00:00	2020-10-07 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attack (IP=99,MA)
196.64.19.20	24	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=20,MA)
196.70.199.216	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=216,MO)
196.70.248.0	21	dcg	None	2018-10-02 05:00:00	2020-03-08 00:00:00	None	MA TO-S-2018-1197 Indicator associated with malicious web activity | updated by RR with reason SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=24,MA) | updated by RR with reason INDICATOR-SCAN PHP bac
196.74.22.209	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=209,MA)
196.74.45.76	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=76,MA)
196.89.217.95	24	BMP	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - 6hr Web Attacks (IP=196,MA)
196.89.218.20	24	GM	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - Sourcefire (IP=218,MA)
196.89.224.98	24	DT	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=98,MA)
196.89.225.247	24	FT	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=247,MA)
197.1.79.77	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=77,TU)
197.155.158.21	24	DT	None	2020-03-26 00:00:00	2020-06-24 00:00:00	None	PROTOCOL-SNMP Cisco IOS SNMP ciscoFlashFileEntry OID denial of service attempt - SourceFire (IP=21,ML)
197.155.158.21	24	DT	None	2020-03-26 00:00:00	2020-06-24 00:00:00	None	SERVER-WEBAPP Tomato router web interface bruteforce scan attempt - SourceFire (IP=21,ML)
197.155.158.21	24	DT	None	2020-03-26 00:00:00	2020-06-24 00:00:00	None	SMBv1 opord 2016-191F9 sid:1000011 - SourceFire (IP=21,ML)
197.155.76.166	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=166,MU)
197.155.96.0	19	dlb	None	2018-08-31 05:00:00	2020-01-25 00:00:00	None	ZA TO-S-2018-1080 malware activity | updated by RR with reason Authentication Failed - Failed Logons (IP=142,ZA)
197.156.64.0	18	jky	None	2016-11-18 06:00:00	2020-04-06 00:00:00	None	ET TO-S-2017-0188 CNE actor activity | updated by RR with reason Illegal user (IP=234,ET) | updated by KF with reason Failed | updated by RR with reason HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - 6hr Web Attacks
197.156.67.251	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=251,ET)
197.156.72.154	24	CR	None	2019-12-04 00:00:00	2020-03-04 00:00:00	None	Invalid user - 6 hr failed logon (IP=154,ET)
197.156.90.249	24	BMP	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=249,ET)
197.156.90.249	24	BMP	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=249,ET)
197.159.0.0	22	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	CM TO-S-2019-0831 Malicious Email Activity
197.2.143.137	24	RR	None	None	2020-07-07 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - Web Attacks (IP=137,TN)
197.200.160.76	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=76,DZ)
197.202.5.154	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=154 DZ)
197.202.72.167	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=167,DZ)
197.204.17.184	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=184,DZ)
197.210.53.247	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Authentication Failed (IP=247,NG)
197.210.8.30	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed_Failed Logon (IP=30,NG)
197.211.212.75	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=75,ZW)
197.211.34.0	24	kmw	None	2019-02-04 00:00:00	2020-02-14 00:00:00	None	NG TO-S-2019-0382 Malicious Email Activity | updated by dbc with reason NG TO-S-2019-0400 Malicious Email Activity
197.211.61.114	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Authentication Failed - Failed Logons (IP=114,NG)
197.219.248.178	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=178,MZ)
197.231.70.60	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - Failed Logons (IP=60,GA)
197.234.132.115	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=115,ZA)
197.242.144.61	24	GM	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=61,ZA)
197.242.144.61	24	KF	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=61,ZA)
197.242.145.38	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=38,ZA)
197.242.148.137	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=137,ZA)
197.242.150.195	24	RR	None	2020-08-13 00:00:00	2020-11-11 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=195,ZA)
197.242.155.165	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=165,ZA)
197.246.248.154	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=154,EG)
197.248.16.118	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user_Failed Logon (IP=18,KE)
197.248.205.53	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password_6 hr Failed Logons (IP=53,KE)
197.248.8.112	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	KE TO-S-2019-0420 Malicious Email Activity
197.251.185.149	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=149,GH) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
197.251.193.181	24	RW	None	2020-04-19 00:00:00	2020-07-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - web attacks (IP=181,GH)
197.251.69.4	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
197.253.14.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NG TO-S-2019-0626.01 Malware Activity
197.253.6.249	24	RR	None	2019-01-19 00:00:00	2020-02-19 00:00:00	None	Failed password for invalid user (IP=249,NG) | updated by KF Block was inactive. Reactivated on 20191121 with reason Failed password (IP=249,NG)
197.255.147.146	32	dbc	None	2019-01-30 00:00:00	2020-01-30 00:00:00	None	ZA TO-S-2019-0370 Malicious Email Activity
197.255.252.0	22	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	NG TO-S-2020-0187 Malicious Email Activity
197.32.147.83	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=83,EG)
197.32.189.101	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=101,EG)
197.32.26.145	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=145,EG)
197.32.26.145	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=145,EG)
197.32.66.159	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=159,EG)
197.32.66.159	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=159,EG)
197.33.107.104	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=104,EG)
197.33.123.10	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=10,EG)
197.33.196.97	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_SourceFire (IP=97,EG)
197.33.90.196	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=196,EG)
197.34.186.205	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=205,EG)
197.34.36.168	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_SourceFire (IP=68,EG)
197.35.215.93	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=93,EG)
197.35.216.2	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=2,EG)
197.35.29.171	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=171,EG)
197.36.103.189	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=189,EG)
197.36.117.125	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=125,EG)
197.36.123.164	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=164,EG)
197.36.124.155	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=155,EG)
197.36.150.227	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=227,EG)
197.36.182.134	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_Web Attacks (IP=34,EG)
197.36.21.184	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=184,EG)
197.36.229.8	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=8,EG)
197.36.231.26	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=26,EG)
197.36.78.134	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=134,EG)
197.36.89.222	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_Web attacks (IP=22,EG)
197.36.92.84	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=84,EG)
197.37.173.58	32	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=58,US)
197.38.0.0	16	jky	None	2017-01-24 06:00:00	2020-03-24 00:00:00	None	TO-S-2017-0452 Malicious domains and IPs related to malware activity | updated by GLM with reason SERVER-WEBAPP D-Link DSL-275 | updated by CW with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_SourceFire (IP=15,EG)
197.38.189.189	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=189,EG)
197.38.224.100	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=100,EG)
197.39.131.230	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=230,EG)
197.39.55.181	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_SourceFire (IP=81,EG)
197.39.85.98	24	RR	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt - ArcSight (IP=98,EG)
197.40.108.17	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=17,EG)
197.40.116.210	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=210,EG)
197.40.164.247	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=247,EG)
197.40.196.172	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=172,EG)
197.40.210.190	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=190,EG)
197.40.223.229	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=229,EG)
197.40.227.99	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=99,EG)
197.40.230.87	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=87,EG)
197.40.3.64	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=64,EG)
197.41.129.78	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=78,EG)
197.41.135.248	24	GLM	None	2018-08-07 05:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=248,EG) | updated by CW with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_SourceFire (IP=17,EG)
197.41.148.185	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=185,EG)
197.41.156.241	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=241,EG)
197.41.30.50	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr Web Attacks (IP=50,EG)
197.41.59.15	24	GLM	None	2018-07-23 05:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=15,EG) | updated by CW with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt _SourceFire (IP=9,EG)
197.41.64.251	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=251,EG)
197.41.68.230	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=230,EG)
197.41.77.68	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=68,EG)
197.42.126.109	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=,EG)
197.42.16.79	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=79,EG)
197.42.205.41	24	CW	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_SourceFire (IP=41,EG)
197.43.114.177	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=177,EG)
197.43.192.149	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=149,EG)
197.44.138.98	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=98,EG)
197.44.186.42	24	GLM	None	2018-08-13 05:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=42,EG) | updated by RR with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=55,EG)
197.44.214.189	24	RR	None	2017-01-30 06:00:00	2020-03-25 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=189,EG) | updated by RR with reason SERVER-WEBAPP D-Link DSL-2750B router | updated by CW with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_SourceFire (IP=96,EG)
197.44.89.251	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=251,EG)
197.45.155.12	24	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=12,EG)
197.45.213.114	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=114,EG)
197.46.19.132	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=132,EG)
197.46.238.15	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=15,EG)
197.46.31.20	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=20,EG)
197.46.37.132	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=132,EG)
197.46.94.111	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=111,EG)
197.47.126.65	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_Web attacks (IP=65,EG)
197.48.106.5	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=5,EG)
197.50.149.115	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_SourceFire (IP=15,EG)
197.50.215.155	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=155,EG)
197.50.24.187	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) (IP=187,EG)
197.50.75.164	24	RR	None	2018-08-06 05:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=164,EG) | updated by CW with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_SourceFire (IP=48,EG)
197.51.129.231	24	GLM	None	2018-07-24 05:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=231,EG) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=9,EG)
197.52.120.153	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=153,EG)
197.52.150.101	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=101,EG)
197.52.150.101	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=101,EG)
197.52.81.106	24	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=106,EG)
197.53.134.50	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=50,EG)
197.53.244.158	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=158,EG)
197.53.62.244	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=244,EG)
197.53.62.244	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=244,EG)
197.53.62.244	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=244,EG)
197.54.202.98	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=98,EG)
197.54.27.1	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=1,EG)
197.54.68.158	24	GLM	None	2018-07-24 05:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=158,EG) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=128,EG)
197.55.132.168	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=168,EG)
197.55.170.182	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=,MX)
197.55.181.181	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=181,EG)
197.55.235.202	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=202,EG)
197.55.44.115	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=115,EG)
197.55.77.240	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=240,EG)
197.56.1.75	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=75,EG)
197.56.160.164	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=164,EG)
197.57.143.102	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=102,EG)
197.57.151.11	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=11,EG)
197.57.226.138	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=138,EG)
197.57.47.40	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=40,EG)
197.57.5.163	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=163,EG)
197.57.65.189	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=189,EG)
197.57.75.62	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_SourceFire (IP=62,EG)
197.58.124.52	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt _SourceFire (IP=52,EG)
197.58.214.247	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=247,EG)
197.59.16.251	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_Web attacks (IP=51,EG)
197.59.203.232	24	KF	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=232,EG)
197.60.119.194	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=194,EG)
197.60.128.227	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=227,EG)
197.60.161.21	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt _SourceFire (IP=21,EG)
197.60.20.206	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=206,EG)
197.60.36.155	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=155,EG)
197.60.62.15	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt _SourceFire (IP=15,EG)
197.61.103.16	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=16,EG)
197.61.131.85	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=85,EG)
197.61.214.118	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=,EG)
197.61.238.13	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=13,EG)
197.61.37.224	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=224,EG)
197.61.42.124	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=124,EG)
197.61.91.78	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=78,EG)
197.63.138.24	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Failed Logon (IP=,EG)
197.83.207.96	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=96,ZA)
197.86.198.213	24	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=213,ZA)
197.87.158.190	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=190,ZF)
197.89.4.69	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=69,ZA)
197.89.63.135	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=135,ZA)
197.89.76.28	24	RR	None	2020-01-17 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=28,CN) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=28,ZA)
197.89.99.10	24	RW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=10,ZA)
197.97.230.163	24	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Failed password - Failed Logons (IP=163,ZA)
198.1.110.218	32	GM	None	2019-12-16 00:00:00	2020-03-16 00:00:00	None	SQL HTTP URI blind injection attempt attempt - Sourcefire (IP=218,US)
198.1.121.168	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malicious Email Activity
198.1.82.247	32	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Invalid user_Faield Logon (IP=47,US)
198.1.90.138	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
198.100.145.105	24	KF	None	2020-03-21 00:00:00	2020-06-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=105,CA)
198.100.149.227	24	KF	None	2020-07-01 00:00:00	2020-09-29 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (1:13990:26) - SourceFire (IP=227,CA)
198.105.222.194	32	CR	None	2019-01-09 06:00:00	2020-01-15 06:00:00	None	TO-S-2019-0315 - TT# 19C00836 (IP=194,US) | updated by dbc with reason CA TO-S-2019-0321 Malware Activity
198.108.67.48	32	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=48,US)
198.11.177.169	32	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00773 (IP=169,US)
198.11.205.4	32	BMP	None	2020-08-28 00:00:00	2020-11-26 00:00:00	None	Case 3709 - Riskware (IP=4,US)
198.12.112.129	32	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - Web Attacks (IP=129,US)
198.12.116.235	32	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Illegal user - 6hr Logon (IP=235,US)
198.12.125.170	24	GLM	None	2017-05-12 05:00:00	2020-03-26 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=170,PK) | updated by dbc with reason US TO-S-2019-0532 Malicious Email Activ
198.12.153.152	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
198.12.97.201	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=201, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
198.13.36.223	24	RB	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - 6hr failed logon (IP=223,JP)
198.134.117.154	32	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	US TO-S-2019-0593 Malicious Email Activity
198.136.48.0	20	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	BR TO-S-2019-0634 Malicious Email Activity
198.143.128.16	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
198.143.149.147	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
198.143.158.178	32	RB	None	2017-12-30 06:00:00	2020-10-10 00:00:00	None	ET SCAN Potential SSH Scan (IP=178,US) | updated by RW Block was inactive. Reactivated on 20191205 with reason SERVER-IIS Microsoft IIS Range header integer overflow attempt - Sourcefire (IP=178,US) | updated by GM Block was inactive. Reactivated on 2
198.143.170.10	32	RR	None	2020-05-09 00:00:00	2020-08-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=10,US)
198.143.179.155	32	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Failed password_Failed Logon (IP=55,US)
198.143.182.22	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malware Activity
198.143.186.134	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=134,US)
198.144.184.43	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
198.15.128.0	17	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	CN TO-S-2019-0831 Malicious Email Activity
198.15.89.218	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
198.154.99.149	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
198.154.99.2	32	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=2,US)
198.16.100.154	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=154,US)
198.16.59.82	32	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=82,US)
198.177.57.18	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=18 CN)
198.178.126.43	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
198.179.75.110	32	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=110,US)
198.181.34.39	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
198.187.28.16	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	US TO-S-2019-0613 Malicious Email Activity
198.187.29.237	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
198.187.29.36	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=36,US)
198.187.29.41	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
198.187.29.62	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=62,US)
198.187.29.65	32	wmp	None	2020-06-22 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3071 COLS-NA-TIP-20-0188 (IP=65,US) | updated by wmp Block expiration extended with reason HIVE Case #3708 TO-S-2020-0766 (IP=65,US)
198.187.31.220	32	GM	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Sourcefire (IP=31,US)
198.199.101.103	32	RB	None	2019-06-15 00:00:00	2020-06-02 00:00:00	None	SQL use of sleep function with and - likely SQL injection_Sourcefire (IP=103,US) | updated by RR Block was inactive. Reactivated on 20200304 with reason Unauthorized Scanning (IP=103,US)
198.199.101.235	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=235,US)
198.199.103.37	24	JKC	None	2016-10-08 05:00:00	2020-03-11 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=37, US) | updated by dbc with reason US TO-S-2019-0468 Malware Activity
198.199.105.134	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=134,US)
198.199.105.154	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=154,US)
198.199.105.213	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=213,US)
198.199.106.218	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=218,US)
198.199.107.239	32	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=239,US)
198.199.107.41	32	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Illegal user_Failed Logon (IP=41,US)
198.199.109.16	32	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=16,US)
198.199.109.76	32	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=76,US)
198.199.113.198	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=198,US)
198.199.115.203	32	RR	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	Unauthorized Scanning - ARCSight Sauron (IP=203,US)
198.199.115.51	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
198.199.116.96	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=96,US)
198.199.117.143	32	RWB	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user - Failed Logon (IP=,US) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=143,US)
198.199.117.93	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=93,US)
198.199.119.146	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=146,US)
198.199.124.109	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=109,NL)
198.199.60.226	32	BMP	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6hr Web Attacks (IP=226,US)
198.199.60.236	32	RR	None	2020-04-29 00:00:00	2020-07-28 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=236,US)
198.199.82.4	32	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Failed password - Failed Logons (IP=4,US)
198.199.83.59	32	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=59,US)
198.199.88.162	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
198.199.92.69	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=69,US)
198.199.93.122	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=122,US)
198.199.94.210	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=210,US)
198.199.96.238	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=238,US)
198.20.103.178	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - Sourcefire (IP=178,NL)
198.20.253.35	32	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=35,US)
198.20.81.59	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malware Activity
198.204.231.25	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
198.204.231.250	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
198.204.239.67	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
198.204.249.90	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
198.204.253.58	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
198.210.34.44	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
198.211.114.208	32	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP= 208 , US )
198.211.118.157	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	Failed password (IP=157,NL)
198.211.119.40	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	NL TO-S-2019-0358 Malicious Web Application Activity
198.211.120.189	24	djs	None	2016-03-02 06:00:00	2020-04-26 00:00:00	None	FBI M-000069-BT: Brobot/Kamikaze/Toxin Botnet (ip=189,NL) | updated by dbc with reason NL TO-S-2019-0626.01 Malware Activity
198.211.123.183	24	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - Failed Logons (IP=183,NL)
198.211.15.61	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=61,US)
198.228.145.150	32	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=150,US)
198.23.158.61	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
198.23.159.88	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=88,US)
198.23.164.220	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malware Activity
198.23.194.183	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=183,US)
198.23.212.18	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
198.23.214.114	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	US TO-S-2019-0634 Malicious Email Activity
198.23.214.34	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
198.23.214.60	32	KF	None	2020-03-26 00:00:00	2020-06-25 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=60,US) | updated by RR Block expiration extended with reason SQL Injection (IP=60,US)
198.23.223.139	32	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=139,US)
198.24.134.8	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	US TO-S-2019-0608 Malicious Email Activity
198.245.50.81	24	RR	None	2018-12-31 06:00:00	2020-02-28 00:00:00	None	Illegal user (IP=81,CA) | updated by RWB Block was inactive. Reactivated on 20191130 with reason Invalid user - Failed Logon (IP=81,CA)
198.245.62.64	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=64,FR)
198.245.63.94	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
198.251.72.58	32	RWB	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Web Application Attack - SQL HTTP URI blind injection attempt - SourceFire (IP=58,US) | updated by RW Block expiration extended with reason SQL HTTP URI blind injection attempt - Sourcefire (IP=58,US)
198.251.81.225	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
198.251.83.105	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=105,US)
198.251.83.27	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Web Application Activity
198.251.83.75	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=75,XX)
198.251.89.176	24	RR	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=176,MA)
198.252.102.238	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
198.252.104.167	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	CA TO-S-2019-0610 Malicious Email Activity
198.252.105.135	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=135,US)
198.252.105.89	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	GR TO-S-2020-0031 Malicious Email Activity
198.255.66.27	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=27,US)
198.27.69.191	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CA TO-S-2019-0952 Malware Activity
198.27.70.0	24	GLM	None	2016-09-05 05:00:00	2020-09-02 00:00:00	None	Sipvicious User-Agent Detected (IP=78,CA) | updated by GLM with reason Sipvicious User-Agent Detected (IP=78,CA) | updated by RW with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 19C02492 (IP=61,CA)Â  | updated by dbc
198.27.81.161	24	RR	None	2016-10-14 05:00:00	2020-04-21 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=161,CA) | updated by RR with reason ET SCAN Sipvicious User-Age | updated by KF with reason Immediate Inbound Network Block - TT# 20C01287 (IP=94,US) | updated by RWB with reason SERVER-
198.27.90.106	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password (IP=106,CA)
198.33.89.206	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	CA TO-S-2019-0972 Malicious Reconnaissance Activity
198.37.112.57	32	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	HTTP: Blind SQL Injection - Timing - TT# 20C01534 (IP=57,US)
198.38.77.140	32	EDBT	None	2017-09-17 05:00:00	2020-02-21 00:00:00	None	APP-DETECT failed FTP login attempt (IP=140,US) | updated by dbc with reason US TO-S-2019-0430 Malicious Email Activity
198.38.80.0	20	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	VN TO-S-2019-0409 Malicious Email Activity
198.38.94.45	32	RR	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03384 (IP=45,US)
198.41.222.173	32	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	INDICATOR-COMPROMISE Suspicious .ml dns query (IP=173,US)
198.44.188.135	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00131 (IP=135,CN)
198.44.188.191	32	CW	None	2019-10-25 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=91,US) | updated by RW Block expiration extended with reason HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=191,US)
198.44.191.53	32	DT	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=53,US)
198.44.66.42	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0610 Malware Activity
198.45.133.10	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
198.46.134.245	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
198.46.141.66	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=66,US)
198.46.205.78	32	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	Known Attack Tool User Agent / 20086 HTTP Muieblackcat SecurityScanner - TT# 20C02368 (IP=78,US)
198.46.241.120	32	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt (IP=120,US)
198.46.81.182	24	wmp	None	2015-07-13 05:00:00	2020-09-02 00:00:00	None	Malware Callback (IP=182,US) | updated by RR with reason APP-DETECT failed FTP login attempt (IP=31,US) | updated by dbc with reason US TO-S-2019-0952 Malware Activity
198.46.83.158	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
198.46.93.170	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
198.46.93.91	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0610 Malicious Email Activity
198.47.99.99	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=99,US)
198.48.51.66	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532.01 Malicious Email Activity
198.49.23.145	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=145,US)
198.49.66.130	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=130, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
198.49.66.39	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
198.50.131.21	24	KF	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=21,FR)
198.50.154.214	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	DE TO-S-2019-0734.01 Malicious Email Activity
198.50.159.204	24	YM	None	2017-09-27 05:00:00	2020-04-10 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt (IP=204,CA) | updated by GM with reason Illegal user - Web Attacks (IP=33,CA)
198.50.182.64	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=64,CA)
198.50.183.1	24	RW	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	Illegal user - 6hr Failed Logon (IP=1,CA)
198.50.234.1	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	CA TO-S-2020-0056 Malicious Email Activity
198.50.250.183	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=183,FR)
198.52.101.109	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malware Activity
198.54.114.168	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malicious Email Activity
198.54.114.213	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malicious Email Activity
198.54.115.111	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=111,US)
198.54.115.191	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
198.54.115.37	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
198.54.116.114	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
198.54.116.204	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
198.54.116.37	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
198.54.117.197	32	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	US TO-S-2020-0077 Malicious Email Activity
198.54.117.198	32	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	US TO-S-2020-0077 Malicious Email Activity
198.54.117.199	32	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	US TO-S-2020-0077 Malicious Email Activity
198.54.117.210	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
198.54.117.244	32	dbc	None	2019-03-13 00:00:00	2020-03-13 00:00:00	None	US TO-S-2019-0492 Malware Activity
198.54.119.55	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
198.54.120.132	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
198.54.125.179	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
198.54.125.57	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
198.54.126.124	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=124,US)
198.54.126.142	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
198.54.126.162	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
198.55.103.115	24	jkc	None	2016-12-03 06:00:00	2020-10-25 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=115, US) | updated by jkc with reason ET POLICY Suspicious inbound to mySQ | updated by dbc with reason US TO-S-2020-0065 Malicious Web Application Activity
198.55.107.154	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malicious Email Activity
198.55.121.100	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
198.55.96.0	19	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	CN TO-S-2020-0065 Malicious Email Activity
198.57.150.112	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malicious Email Activity
198.57.170.180	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=180,US)
198.57.194.247	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3269 COLS-NA-TIP-20-0206 (IP=247,US)
198.57.211.48	32	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	SQL use of sleep function with and - likely SQL injection - SourceFire (IP=48,US)
198.57.235.128	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
198.58.100.134	32	RR	None	2019-04-07 00:00:00	2020-01-23 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (1:49040:4) (IP=134,US) | updated by RR with reason OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=134,US)
198.58.100.7	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
198.58.102.182	32	RR	None	2020-04-29 00:00:00	2020-07-28 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=182,US)
198.58.116.181	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0363.01 Malicious Email Activity
198.7.58.147	32	RW	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SQL injection - 6hr web attacks (IP=147,US)
198.71.224.91	32	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=91,US)
198.71.225.149	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=149,US)
198.71.226.19	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=19,US)
198.71.227.12	32	RB	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=12,US)
198.71.228.25	32	RW	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=25,US)
198.71.228.30	32	BMP	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=30,US)
198.71.228.34	32	RB	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=34,US)
198.71.228.5	32	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=5,US)
198.71.228.74	32	BMP	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=74,US)
198.71.230.50	32	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=50,US)
198.71.230.70	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=70,US)
198.71.231.11	32	RR	None	2018-01-13 06:00:00	2020-08-15 00:00:00	None	Authentication Failed (IP=11,US) | updated by RW Block was inactive. Reactivated on 20200515 with reason SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=11,US)
198.71.231.35	32	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=35,US)
198.71.231.79	32	RW	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=79,US)
198.71.232.10	32	dbc	None	2019-10-25 00:00:00	2020-12-15 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity | updated by wmp Block expiration extended with reason HIVE Case #3904 COLS-NA-TIP-20-0292 (IP=10,US)
198.71.232.3	32	dbc	None	2018-12-10 06:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0206 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0351 Malicious Web Application Activity
198.71.233.44	32	dbc	None	2019-07-18 00:00:00	2020-04-07 00:00:00	None	US TO-S-2019-0831 Malicious Email Activity | unblocked:TO-S-2020-0419 Lift block since TO-S-2019-0831 generated mitigations that are no longer required
198.71.233.7	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
198.71.235.76	32	RW	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=76,US)
198.71.236.11	32	RW	None	2020-05-24 00:00:00	2020-08-24 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=11,US)
198.71.236.26	32	RW	None	2020-04-24 00:00:00	2020-07-24 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=26,US)
198.71.237.27	32	RB	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=27,US)
198.71.239.28	32	RB	None	2018-06-09 05:00:00	2020-09-10 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=28,US) | updated by dbc with reason US TO-S-2019-0972 Malware Activity
198.71.240.25	32	RB	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=25,US)
198.71.240.27	32	FT	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Web Attacks (IP=27,US)
198.71.240.31	32	BMP	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=31,US)
198.71.240.42	32	KF	None	2020-02-02 00:00:00	2020-11-08 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=42,US) | updated by RW Block was inactive. Reactivated on 20200808 with reason SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=42,US)
198.71.241.15	32	BMP	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL HTTP URI blind injection attempt - SourceFire (IP=15,US)
198.71.241.37	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Immediate Inbound Network Block - TT# 20C00500 (IP=37,US)
198.71.53.123	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=123,DE)
198.71.62.122	32	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=122,US)
198.71.62.150	32	RWB	None	2020-01-16 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=150,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Sourcefire (IP=150,US)
198.71.62.157	32	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=157,US)
198.71.62.193	32	BMP	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr Web Attacks (IP=193,US)
198.71.62.20	32	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=20,US)
198.71.62.209	32	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=209,US)
198.71.62.219	32	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=219,US)
198.71.62.38	32	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=38,US)
198.74.104.75	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	US TO-S-2019-0926 Malware Activity
198.74.50.152	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=152,US)
198.74.62.28	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
198.8.80.18	32	RW	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	TCP: SYN Host Sweep (IP=18,US)
198.84.192.178	24	ABC	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	Generic ArcSight scan attempt (IP=178,CA)
198.98.114.211	32	RW	None	2020-05-15 00:00:00	2020-08-13 00:00:00	None	TCP: SYN Host Sweep - ABC report (IP=211,US)
198.98.208.24	32	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=24,US)
198.98.48.109	32	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Illegal user - WebAttacks (IP=109,US)
198.98.51.138	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=138,US)
198.98.52.100	32	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Misc Activity - INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=100,US)
198.98.52.141	32	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=141,US)
198.98.52.229	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
198.98.53.133	32	BMP	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	Illegal user - 6hr Logons (IP=133, US)
198.98.53.61	24	RR	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=61,CN)
198.98.54.28	32	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Illegal user - tor exit - WebAttacks (IP=28,US)
198.98.56.112	32	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	Illegal User - 6hr Logons (IP=112, US)
198.98.56.123	32	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=123,US)
198.98.58.248	32	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	UDP: Host Sweep (IP=248,US)
198.98.59.29	32	BMP	None	2020-01-13 00:00:00	2020-04-26 00:00:00	None	Illegal user - 6hr Logons (IP=29,US) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=29,US) | updated by GM Block expiration extended with reason Illegal user - Failed Logons (IP=29,US)
198.98.60.164	32	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=164,US)
198.98.61.24	32	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=24,US)
199.10.64.13	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=13,US)
199.115.99.122	32	GM	None	2019-12-18 00:00:00	2020-01-18 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - 20C01183 (IP=122,US)
199.116.124.35	32	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=35,US)
199.116.77.19	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
199.116.78.164	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
199.116.78.85	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
199.119.102.202	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
199.122.125.225	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=225,US)
199.123.76.250	32	dbc	None	2019-10-11 00:00:00	2020-10-11 00:00:00	None	KR TO-S-2020-0027 Burnished Pyrite IOCs Malware Activity
199.123.87.188	32	BMP	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt - SourceFire (IP=188,US)
199.123.88.16	32	RWB	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt - SourceFire (IP=16,US)
199.123.88.26	32	RWB	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt - sourcefire (IP=26,US)
199.123.88.43	32	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt - sourcefire (IP=43,US)
199.127.56.118	32	KF	None	2020-06-10 00:00:00	2020-09-08 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C03118 (IP=118,US)
199.127.61.237	32	GLM	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=237,US)
199.15.215.8	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
199.167.42.225	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	US TO-S-2019-0634 Malicious Email Activity
199.168.240.15	32	GLM	None	2017-02-27 06:00:00	2020-02-11 00:00:00	None	APP-DETECT failed FTP login attempt (IP=15,US) | updated by GLM with reason SERVER-WEBAPP D-Link getcfg.php credential disclo | updated by RWB Block was inactive. Reactivated on 20191113 with reason Attempted User Privilege Gain - FTPP_FTP_RESPONSE_LEN
199.182.184.129	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
199.184.144.27	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
199.188.101.190	32	GM	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	Possible SQLi attempt / HTTP: Blind SQL Injection - Timing - TT# 20C02979 (IP=190,US)
199.188.2.91	32	RWB	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Misc Activity - FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - sourcefire (IP=91,US)
199.188.200.213	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
199.188.200.58	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
199.188.200.90	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Web Application Activity
199.188.203.168	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
199.188.204.148	32	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	US TO-S-2019-0593 Malicious Email Activity
199.19.225.130	32	FT	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	Unauthorized Access-Probe - TT# 20C03826 (IP=130,US)
199.19.225.71	32	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	UDP: Host Sweep (IP=71,US)
199.19.72.186	32	DT	None	2020-06-14 00:00:00	2020-09-14 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03159 (IP=186,US)
199.191.58.202	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0363.01 Malicious Email Activity
199.192.16.139	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
199.192.17.99	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
199.192.21.136	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	US TO-S-2019-0926 Malicious Email Activity
199.192.21.163	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	US TO-S-2019-0926 Malicious Email Activity
199.192.27.132	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
199.195.250.203	32	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	UDP: Host Sweep (IP=203,US)
199.201.121.162	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	CA TO-S-2019-0577 Malicious Email Activity
199.204.248.136	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
199.21.143.138	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malware Activity
199.227.116.34	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0734.01 Malicious Email Activity
199.227.24.243	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Web Application Activity
199.229.249.139	24	ALJ	None	2018-09-02 05:00:00	2020-06-18 00:00:00	None	SERVER-WEBAPP Apache Struts remote code execution attempt (ip=139,US) | updated by GM with reason Known Attack Tool User Agent | updated by CR with reason UDS-OpenVAS_RC8766 - TT# 19C02077 (IP=174,US) | updated by dbc with reason CA TO-S-2019-0747 M
199.229.249.144	32	RB	None	2020-06-22 00:00:00	2020-09-20 00:00:00	None	Possible SQLi attempt/HTTP: Blind SQL Injection - Timing - TT# 20C03250 (IP=144,CA)
199.229.250.0	24	KF	None	2018-10-04 05:00:00	2020-02-12 00:00:00	None	Possible SQLi attempt (IP=0,) | updated by RB with reason Possible SQLi attempt - TT# 19C02002 (IP=139,US) | updated by RR with reason Generic ArcSight scan attempt (IP=143,US)
199.229.250.143	32	RWB	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Attempted Information Leak - SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=143,US)
199.231.189.251	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	US TO-S-2019-0831 Malicious Email Activity
199.241.186.0	24	tjh	None	2014-02-28 06:00:00	2020-04-19 00:00:00	None	CN TO-S-2014-0485 | updated by dbc with reason US TO-S-2019-0608 Malicious Email Activity
199.247.0.56	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	DE TO-S-2019-0926 Malicious Email Activity
199.247.10.217	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	FR TO-S-2020-0109.01 Malicious Web Application Activity
199.247.17.221	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	DE TO-S-2019-0626.01 Malware Activity
199.247.21.152	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	DE TO-S-2019-0508 Malware Activity
199.247.24.243	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	NL TO-S-2020-0065 Malicious Web Application Activity
199.247.28.235	24	MLJ	None	2018-03-14 05:00:00	2020-07-12 00:00:00	None	ET SCAN Potential SSH Scan (IP=235,CA) | updated by dbc with reason NL TO-S-2019-0816 Malicious Email Activity
199.247.3.191	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	DE TO-S-2019-0358 Malicious Web Application Activity
199.247.71.243	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	US TO-S-2020-0109.01 Malicious Web Application Activity
199.247.9.252	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	FR TO-S-2020-0190 Malware Activity
199.247.9.65	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	FR TO-S-2019-0634 Malicious Web Application Activity
199.249.230.140	32	DT	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=140,US)
199.249.230.180	32	DT	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=180,US)
199.249.230.185	32	BMP	None	2020-07-15 00:00:00	2020-10-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=185,US)
199.249.230.189	32	DT	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=189,US)
199.250.206.128	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
199.250.207.77	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
199.250.212.185	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malware Activity
199.250.215.11	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
199.250.217.133	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
199.30.235.223	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3904 COLS-NA-TIP-20-0292 (IP=223,US)
199.30.240.226	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
199.34.228.67	24	alj	None	2018-11-20 06:00:00	2020-05-10 00:00:00	None	SMTP_RESPONSE_OVERFLOW (124:3:2) | updated by dbc with reason US TO-S-2019-0468 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0658 Malware Activity
199.34.228.78	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=78,US)
199.46.199.220	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=220,US)
199.59.247.110	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	CA TO-S-2020-0047 Malicious Email Activity
199.79.62.107	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
199.79.63.28	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=28,US)
199.79.63.56	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
199.91.228.170	32	RW	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HTTP: Adobe Acrobat JavaScript getIcon Method Buffer Overflow - TT# 20C03763 (IP=170,US)
2.0.0.12	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	FR TO-S-2020-0190 Malicious Email Activity
2.108.27.6	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=6,DN)
2.110.41.186	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=186,DK)
2.112.35.46	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt_Web attacks (IP=46,IT)
2.113.121.141	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - Web Attacks (IP=141,IT)
2.114.42.109	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - Web Attacks (IP=109,IT)
2.118.114.142	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - Web Attacks (IP=142,IT)
2.123.72.228	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=228,GB)
2.13.166.149	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	FR TO-S-2019-0972 Malware Activity
2.132.168.60	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=60,KZ) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
2.132.172.251	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=51,KZ)
2.132.6.128	24	wmp	None	2018-08-24 05:00:00	2020-04-16 00:00:00	None	command injection attempt (IP=128,KZ) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=51,KZ)
2.133.117.153	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=153,KZ)
2.133.173.254	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=254,KZ)
2.133.81.180	24	RR	None	2020-02-04 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=180,KZ) | updated by RR Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=180,KZ)
2.133.82.2	24	RR	None	2020-02-04 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=2,KZ) | updated by RR Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=2,KZ)
2.134.106.73	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=73,KZ)
2.134.12.124	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=124,KZ) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
2.134.137.201	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=201,KZ)
2.134.137.201	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=201,KZ)
2.134.137.201	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=201,KZ)
2.134.162.105	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=105 KZ)
2.134.179.46	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=46,KZ)
2.134.187.125	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=125,KZ)
2.134.189.37	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=37,KZ)
2.134.242.89	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=89,KZ)
2.135.8.205	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=205,KZ)
2.136.131.36	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Invalid user -Failed Logons (IP=36,ES)
2.139.176.35	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user - Failed Logons (IP=35,ES)
2.15.80.254	24	GM	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=254,FR)
2.17.0.227	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	GB TO-S-2019-0400 Malicious Email Activity
2.178.32.187	24	RWB	None	2019-11-06 00:00:00	2020-02-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=187,IR) | updated by RWB Block expiration extended with reason Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution att
2.186.112.47	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=47,IR)
2.187.118.149	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=149,IR)
2.196.132.19	24	FT	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt - Sourcefire (IP=19,IT)
2.205.60.246	24	20200120	None	None	2020-01-20 00:00:00	None	Authentication Failed - Fail Logins (IP=246,DE) | updated by RWB Block was inactive. Reactivated on 20191022 with reason Authentication Failed - Fail Logins (IP=246,DE)
2.206.53.143	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password_6 hr Failed Logons (IP=143,DE)
2.218.90.105	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
2.226.203.120	24	RR	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=120,IT) | updated by RW Block expiration extended with reason SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Sourcefire (IP=146,IN)
2.230.161.156	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=156,IT)
2.233.119.49	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=49,IT)
2.234.210.58	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=58,IT)
2.237.163.161	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=161,IT)
2.237.19.162	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=162,IT)
2.237.2.161	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=161,IT)
2.238.158.13	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
2.238.193.59	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Invalid user_Failed Logon (IP=59,IT)
2.239.184.166	24	RR	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=166,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=166,IT)
2.239.23.47	24	GM	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=47,IT)
2.24.215.136	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=136,UK)
2.24.33.65	24	CR	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=65,GB)
2.244.88.119	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=119,DE)
2.25.181.0	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=0,GB)
2.26.83.9	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=9,GB)
2.27.141.92	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=92,GB)
2.27.227.108	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
2.28.245.249	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=249,GB)
2.29.109.144	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=144,GB)
2.30.7.194	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt_Sourcefire (IP=194 GB)
2.32.49.227	24	RR	None	2020-01-17 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=227,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=227,IT) | updated by KF with reason SERVER-WEBAPP MVPower
2.34.1.72	24	KF	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=72,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=72,IT)
2.35.170.157	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=157,IT)
2.36.250.66	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=66,IT)
2.37.96.47	24	RW	None	2020-09-01 00:00:00	2020-12-01 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=47,IT)
2.38.186.191	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=191,IT)
2.38.237.118	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Authentication Failed_Failed Logon (IP=18,IT)
2.38.48.5	24	RR	None	2020-01-18 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=5,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=5,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR
2.38.99.79	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	IT TO-S-2020-0190 Malicious Email Activity
2.39.133.28	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=28,IT)
2.39.144.45	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=45,IT)
2.39.173.31	24	RR	None	None	2020-07-09 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=31,IT)
2.39.174.23	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=23,IT)
2.4.144.2	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed - 6hr Logon (IP=2,FR)
2.42.14.41	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=41,IT)
2.45.249.200	24	RR	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	Authentication Failed - Failed Logons (IP=200,IT)
2.50.0.0	17	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	AE TO-S-2019-0608 Malware Activity
2.50.128.0	17	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	AE TO-S-2019-0508 Malware Activity
2.56.213.35	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	NL TO-S-2020-0031 Malicious Email Activity
2.56.214.182	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NL TO-S-2020-0006 Malicious Email Activity
2.56.214.214	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malware Activity
2.56.215.66	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	FR TO-S-2020-0047 Malicious Email Activity
2.57.122.190	24	RB	None	2020-09-17 00:00:00	2020-12-16 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=190,RO)
2.57.184.84	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=84,XX)
2.57.89.107	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	NL TO-S-2019-0926 Malicious Email Activity
2.57.89.20	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
2.57.89.29	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=29,NL)
2.58.229.13	24	RB	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Sourcefire (IP=13,HK)
2.59.101.18	24	ABC	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	Command Injection Attempt (IP=18,HK)
2.59.118.83	24	KF	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (1:13990:26) - SourceFire (IP=83,TU)
2.59.153.91	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Command Injection Attempt (IP=91,KR)
2.59.154.241	24	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=241,JP)
2.59.40.0	22	dbc	None	2019-12-19 00:00:00	2020-12-26 00:00:00	None	RU TO-S-2020-0190 Malicious Email Activity | updated by dbc Block expiration extended with reason LT TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason LT TO-S-2020-0212.01 Malware Activity
2.59.42.41	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	GB TO-S-2019-0658 Malware Activity
2.82.192.12	24	GM	None	2020-01-10 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - Web Attacks (IP=12,PT)
2.83.247.162	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	PT TO-S-2019-0631 Malicious Email Activity
2.83.39.190	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6hr web attacks (IP=190,IT)
2.83.75.97	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user - Failed Logons (IP=97,PT)
2.84.157.74	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=74,GR)
2.88.129.91	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=91,SA)
2.89.138.191	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=191,SA)
2.89.163.247	24	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - 6hr Web Attacks (IP=247,SA)
2.89.205.163	24	RB	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	Command Injection - ABC Report (IP=163,SA)
2.92.0.0	14	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
2.96.90.179	24	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=179,UK)
20.134.193.228	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malicious Email Activity
20.150.35.16	32	wmp	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	HIVE Case #3483 COLS-NA-TIP-20-0248 (IP=16,US)
20.150.90.68	32	wmp	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3506 COLS-NA-TIP-20-0252 (IP=68,US)
20.151.19.163	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=163,US)
20.185.39.51	32	DT	None	2020-09-15 00:00:00	2020-12-15 00:00:00	None	SERVER-WEBAPP elFinder PHP connector arbitrary PHP file upload attempt - Web Attacks (IP=51,US)
20.188.42.179	32	KF	None	2020-06-10 00:00:00	2020-09-08 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C03120 (IP=179,US)
20.36.36.218	32	BMP	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C02825 (IP=218,US)
20.37.111.213	24	DT	None	2020-05-04 00:00:00	2020-08-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=213,JP)
20.40.146.61	32	RB	None	2020-03-23 00:00:00	2020-06-23 00:00:00	None	5058 HTTP Cross Site Scripting (Form-Data) - 20C02205 (IP=61,US)
20.42.89.168	32	RW	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=168,US)
20.42.89.182	32	BMP	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=182,US)
20.42.90.54	32	RW	None	2020-09-04 00:00:00	2020-12-04 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=54,US)
20.43.10.153	32	GM	None	2020-05-25 00:00:00	2020-06-25 00:00:00	None	Unauthorized Access-Probe - TT# 20C02906 (IP=153,US)
20.43.35.210	24	GM	None	2020-08-30 00:00:00	2020-11-30 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=210,FR)
20.43.58.36	24	RR	None	2020-09-19 00:00:00	2020-12-18 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=36,FR)
20.44.132.36	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=36,US)
20.51.208.199	32	DT	None	2020-09-12 00:00:00	2020-12-12 00:00:00	None	SERVER-WEBAPP elFinder PHP connector arbitrary PHP file upload attempt - Sourcefire (IP=211,US)
200.0.236.210	24	RWB	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Invalid user - Failed Logon (IP=,BR) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=210,AR)
200.105.156.10	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Illegal user_Failed Logon (IP=10,BO)
200.105.200.98	24	RR	None	2019-03-31 00:00:00	2020-03-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=98,BO) | updated by RR with reason HTTP: SQL Injection Attempt Detected - Wen Attacks (IP=98,BO)
200.105.234.131	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed - 6hr Logon (IP=131,EC)
200.107.154.168	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password - Failed Logons (IP=168,PE)
200.107.202.7	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=7,AR)
200.107.236.162	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=162,HN)
200.109.39.73	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=73,VE)
200.109.51.140	24	RR	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=140,VZ)
200.11.150.2	24	EDBT	None	2017-12-18 06:00:00	2020-01-14 00:00:00	None	ET SCAN Potential SSH Scan (IP=2,VE) | updated by RR with reason Illegal user (IP=238,KY) | updated by CR with reason Illegal user_6 hr Failed Logon (IP=238,KY)
200.110.132.131	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	AR TO-S-2019-0610 Malicious Email Activity
200.110.174.137	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password - Failed Logons (IP=137,CO)
200.114.145.213	24	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=213,AR)
200.116.105.213	24	RR	None	2018-12-15 06:00:00	2020-02-19 00:00:00	None	Failed password for invalid user (IP=213,CO) | updated by BP Block was inactive. Reactivated on 20191119 with reason Authentication Failed - 6hr Failed Logon (IP=213,CO)
200.117.180.226	16	None	None	None	2020-04-18 00:00:00	None	| updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=72,AR)
200.12.11.33	24	GM	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=33,BR)
200.122.224.200	32	wmp	None	2020-09-22 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3825 CTR-20-1142 Suspicious Scan Activity
200.122.249.203	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password_6 hr Failed Logons (IP=203 CO)
200.123.200.238	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=238,IT)
200.123.6.163	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password - 6hr Logon (IP=163,PE)
200.124.137.236	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=236,CW)
200.124.42.167	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=167,CL)
200.125.164.46	24	RB	None	2020-04-02 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_Sourcefire (IP=46,TT) | updated by BMP Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=46,TT)
200.125.25.150	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	Unauthorized Scanning (IP=150,UY)
200.146.232.97	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 Hr Failed Logons (IP=97,BR)
200.146.91.222	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Invalid user_6 hr Failed Logons (IP=222,BR)
200.147.32.41	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=41,BR)
200.147.32.46	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=46,BR)
200.147.33.239	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=239,BR)
200.147.34.36	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=36,BR)
200.147.35.75	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=75,BR)
200.147.35.78	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=78,BR)
200.150.74.114	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=114,BR)
200.152.183.95	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=95,BR)
200.152.80.164	24	DT	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=81,BR)
200.155.8.34	24	RR	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=34,BR)
200.16.132.202	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logon (IP=202,AR)
200.162.160.0	20	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BR TO-S-2019-0409 Malicious Email Activity
200.163.0.0	16	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BR TO-S-2019-0409 Malicious Email Activity
200.164.227.186	24	GM	None	2020-06-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=186,BR)
200.165.99.148	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=148,BR)
200.166.197.34	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Failed password_6 hr Failed Logons (IP=34 BR)
200.169.223.98	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=98,BR)
200.169.96.0	22	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	BR TO-S-2019-0382 Malicious Email Activity
200.170.171.133	24	GLM	None	2018-07-24 05:00:00	2020-05-08 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=133,BR) | updated by RW Block was inactive. Reactivated on 20200201 with reason HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=133,BR) | updated by GM Block expiration extended with reason HTTP:
200.171.234.178	24	BMP	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - 6hr Web Attacks (IP=178,BR)
200.188.129.178	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP=178,MX)
200.188.153.18	24	RB	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_6 hr web attacks (IP=18,MX)
200.192.245.66	24	RR	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=66,BR)
200.194.28.116	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Authentication Failed_Failed Logon (IP=16,BR)
200.195.172.114	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=114,BR)
200.196.253.251	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password_6 hr Failed Logons (IP=251,BR)
200.199.185.220	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=220,BR)
200.2.125.182	24	GM	None	2020-06-10 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=182,AR)
200.2.129.27	32	KF	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	Known Attack Tool User / BOT: Mirai Echobot Activity Detected - TT# 010420-00019 (IP=27,HT)
200.2.142.51	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=51,HT)
200.2.202.10	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=10,CL)
200.201.217.104	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=104,BR)
200.202.128.0	18	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	BR TO-S-2019-1036 Malware Activity
200.205.202.35	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user - Failed Logons (IP=35 ,BR)
200.209.174.92	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user - Failed Logons (IP=92,BR)
200.21.0.0	16	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	CO TO-S-2019-1036 Malicious Email Activity
200.217.57.203	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=203,BR)
200.233.3.32	24	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=32,BR)
200.236.232.202	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=202,BR)
200.237.115.5	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=5,BR)
200.248.115.131	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=131,BR)
200.252.132.22	24	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=22,BR)
200.26.189.203	24	BMP	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=203,AR)
200.29.105.237	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password (IP=237,CO)
200.29.19.51	24	ABC	None	2018-03-10 06:00:00	2020-01-27 00:00:00	None	Generic ArcSight scan attempt (IP=51,CL) | updated by KF with reason Generic ArcSight scan attempt (IP=51,CL)
200.3.218.52	24	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	TCP: SYN Host Sweep (IP=52,AR)
200.30.128.160	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3604 COLS-NA-TIP-20-0262 (IP=160,GT)
200.32.54.125	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=125,AR)
200.33.162.11	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	MX TO-S-2019-0864 Malicious Web Application Activity
200.33.162.13	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	MX TO-S-2019-0626.01 Malware Activity
200.34.88.37	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Failed password for invalid user - Failed Logons (IP=37,MX)
200.39.23.2	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	MX TO-S-2019-0409 Malicious Email Activity
200.39.231.55	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=55,MX) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=55,MX)
200.41.190.170	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=170,AR)
200.41.76.132	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=132,CO)
200.44.165.226	24	RR	None	2018-11-25 06:00:00	2020-02-01 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=226,VE) | updated by RB with reason HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability_12 hr web attacks (IP=226,VE) | 2020-02-01 | 2019-02-2
200.44.50.155	24	RR	None	2019-01-22 00:00:00	2020-04-27 00:00:00	None	Illegal user (IP=155,VE) | updated by GM Block was inactive. Reactivated on 20200127 with reason Failed password - Failed Logons (IP=155,VE)
200.46.196.146	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=146,PA)
200.46.45.114	24	RW	None	2020-05-31 00:00:00	2020-08-31 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - 6hr web attacks (IP=208,TR)
200.5.196.218	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=218,AR)
200.50.175.0	24	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	AR TO-S-2019-0468 Malicious Email Activity
200.50.67.10	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=10,BB)
200.50.67.105	24	RR	None	2018-12-22 06:00:00	2020-03-05 00:00:00	None	Illegal user (IP=105,BB) | updated by RW Block was inactive. Reactivated on 20191205 with reason Authentication Failed - 6hr Failed Logon(IP=105,BB)
200.52.80.34	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=34,MX)
200.54.0.0	16	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	CL TO-S-2019-0734.01 Malicious Email Activity
200.54.184.178	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=178,CL)
200.54.52.179	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=179,CL)
200.54.72.203	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=203,CL)
200.55.25.58	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Web attacks (IP=58,AR)
200.56.57.226	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=226,MX)
200.57.117.156	24	BMP	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=156,MX)
200.58.121.119	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=119,AR)
200.58.131.234	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=234,UY)
200.58.160.0	19	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	BO TO-S-2019-1036 Malicious Email Activity
200.6.188.242	24	CR	None	2018-08-28 05:00:00	2020-01-21 00:00:00	None	Illegal user (IP=242,CO) | updated by GM with reason Illegal user - Failed Logons (IP=38,CO)
200.6.188.38	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Illegal user - 6hr Logons (IP=38,CO)
200.6.233.196	24	RB	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6hr failed logon (IP=196,GT)
200.60.117.210	24	EDBT	None	2017-10-29 05:00:00	2020-04-04 00:00:00	None	Illegal user (IP=210,PE) | updated by CW with reason Illegal user_Failed Logons (IP=10,PE) | 2020-04-04 | 2018-01-27
200.60.91.42	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=42,PE)
200.61.136.133	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	AR TO-S-2019-0604 Malicious Email Activity
200.61.243.25	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=25,AR)
200.62.105.89	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=89,NI)
200.63.192.9	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=9,EC)
200.66.112.179	24	RB	None	2020-05-20 00:00:00	2020-08-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attack (IP=179,BR)
200.68.0.0	18	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	CL TO-S-2019-0577 Malicious Email Activity
200.68.104.0	22	jky	None	2016-12-07 06:00:00	2020-03-26 00:00:00	None	AR TO-S-2017-0271 Country block | updated by dbc with reason AR TO-S-2019-0532 Malicious Email Activity
200.68.45.178	24	wmp	None	2019-01-09 06:00:00	2020-02-15 00:00:00	None	authentication bypass vulnerability (IP=178,CL) | updated by dbc with reason CL TO-S-2019-0409 Malicious Email Activity
200.68.80.0	22	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,AR)
200.68.80.173	32	dbc	None	2020-06-30 00:00:00	2020-09-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=173,AR)
200.69.224.73	24	CR	None	2020-04-30 00:00:00	2020-07-30 00:00:00	None	associated with known threat actors (IP=73,AR)
200.69.236.112	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=112,AR)
200.69.250.253	24	RR	None	2017-11-23 06:00:00	2020-01-15 00:00:00	None	Illegal user (IP=253,AR) | updated by RR with reason Illegal user (IP=253,AR) | 2019-03-06 | 2018-02-21 | updated by RR with reason Illegal user - Failed Logons (IP=253,AR)
200.7.113.45	32	KF	None	2020-03-08 00:00:00	2020-06-06 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02054 (IP=45,US)
200.7.124.58	32	KF	None	2020-03-08 00:00:00	2020-06-06 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02057 (IP=58,US)
200.7.124.58	24	RR	None	2020-03-05 00:00:00	2020-06-03 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=58,BR)
200.7.124.63	32	KF	None	2020-03-08 00:00:00	2020-06-06 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02062 (IP=63,US)
200.7.125.45	24	RR	None	2020-03-05 00:00:00	2020-06-03 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=45,BR)
200.7.127.1	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=1,BR)
200.7.216.214	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=214,EC)
200.70.56.204	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=204,AR)
200.72.14.0	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=0,CL)
200.73.116.8	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=8,CL)
200.73.129.103	32	BMP	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	Illegal user - 6hr Logons (IP=103,US)
200.74.112.143	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=143,)
200.75.105.205	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=205,VE)
200.8.127.78	24	RW	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=78,VE)
200.80.192.0	19	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AR TO-S-2019-1036 Malicious Email Activity
200.80.43.110	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=110,AR)
200.83.155.60	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=60,CL)
200.83.9.163	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
200.85.104.60	24	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=60,AR)
200.85.160.0	20	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	NI TO-S-2019-1036 Malicious Email Activity
200.85.42.66	24	RW	None	2019-12-12 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=66,PY)
200.85.60.250	24	RR	None	2020-07-28 00:00:00	2020-10-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=250,PY)
200.86.33.140	24	GM	None	2019-11-12 00:00:00	2020-02-12 00:00:00	None	Failed Password - Failed Logons (IP=140,CL)
200.86.67.207	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=207,CL)
200.87.110.162	24	CR	None	2018-12-13 06:00:00	2020-01-18 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=162,BO) | updated by KF Block was inactive. Reactivated on 20191020 with reason Command Injection Attempt (IP=162,Bolivia)
200.87.140.17	32	RW	None	2020-07-19 00:00:00	2020-08-19 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability
200.87.9.183	24	RR	None	2020-04-29 00:00:00	2020-07-28 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=183,BO)
200.89.174.235	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password_Faield Logon (IP=35,AR)
200.89.178.214	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=214,AR)
200.90.72.175	24	BMP	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=175,VE)
200.91.163.181	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=181,CR)
200.93.148.19	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password_6 hr Failed Logons (IP=19,CO)
200.93.79.40	24	BMP	None	2020-05-02 00:00:00	2020-07-31 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - 6hr Web Attacks (IP=40,VE)
200.94.125.243	24	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=243,MX)
200.94.52.243	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2/BOT: Mirai Echobot Activity Detected - TT# 20C02419 (IP=243,MX)
200.96.149.194	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=194,BR)
200.98.245.112	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=112,BR)
201.103.134.106	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=106,MX)
201.103.168.88	24	RB	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt_6 hr web attacks (IP=88,MX)
201.103.198.140	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=140,MX)
201.106.37.239	32	RW	None	2020-03-16 00:00:00	2020-04-16 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02158 (IP=239,US)
201.110.121.236	32	RB	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02204 (IP=236,MX)
201.114.252.23	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Failed password - Failed Logons (IP=23,MX)
201.116.12.215	24	GLM	None	2018-07-16 05:00:00	2020-02-07 00:00:00	None	Illegal user (IP=215,MX) | updated by RB with reason Failed password for invalid user_6 hr Failed Logons (IP=217,MX) | 2020-02-07 | 2018-10-16
201.116.194.210	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	Failed password_6 hr Failed Logons (IP=210,MX)
201.116.46.11	24	RB	None	2020-01-07 00:00:00	2020-04-06 00:00:00	None	Illegal user_6 hr Failed Logons (IP=11 MX)
201.130.132.170	24	GM	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=170,MX)
201.130.137.117	24	KF	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=117,MX)
201.130.154.2	24	DT	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=2,MX)
201.130.158.9	24	GM	None	2020-07-04 00:00:00	2020-10-04 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=9,MX)
201.130.47.232	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	MX TO-S-2019-0626.01 Malicious Reconnaissance Activity
201.131.236.122	24	RB	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_Sourcefire (IP=122,MX)
201.132.92.135	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	UDP: Host Sweep (IP=135,MX)
201.14.174.187	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=187,BR)
201.140.220.0	20	dbc	None	2020-03-04 00:00:00	2020-05-01 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity | unblocked: TO-S-2020-0331.01 Lift block to correct error on range from TO-S-2020-0331
201.142.182.98	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=98,FR)
201.143.253.208	24	RW	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Generic ArcSight scan attempt (IP=208,MX)
201.144.198.60	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=60,MX)
201.148.160.237	24	KF	None	2020-03-01 00:00:00	2020-06-07 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=237,BR) | updated by KF Block expiration extended with reason Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02080 (IP=237,BR)
201.148.162.166	32	RW	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent - TT# 20C01855(IP=166,BR)
201.148.186.241	24	KF	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	Known Attack Tool User Agent/HTTP: Wget Command Injection - TT# 20C01849 (IP=241,ME)
201.148.23.166	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	MX TO-S-2019-0952 Malware Activity
201.148.244.0	22	dbc	None	2019-12-17 00:00:00	2020-12-26 00:00:00	None	BR TO-S-2020-0187 Malicious Email Activity | updated by dbc Block expiration extended with reason BR TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason BR TO-S-2020-0212.01 Malicious Email Activity
201.149.22.37	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	Failed password_6 hr Failed Logons (IP=37,MX)
201.149.32.214	24	GLM	None	2018-07-25 05:00:00	2020-02-20 00:00:00	None	Illegal user (IP=214,MX) | updated by RR with reason Invalid user - Failed Logons (IP=219,MX)
201.149.82.181	24	GM	None	2019-06-29 00:00:00	2020-01-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=181,MX) | updated by RB with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00774 (IP=181,MX)
201.150.35.113	24	wmp	None	2018-08-13 05:00:00	2020-06-12 00:00:00	None	Possible SQL injection attempt (IP=113,MX) | updated by RW Block was inactive. Reactivated on 20200312 with reason HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=113,MX)
201.150.42.77	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	MX TO-S-2019-0409 Malicious Email Activity
201.152.161.234	24	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=234,MX)
201.158.104.107	24	RB	None	2019-11-21 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt_Sourcefire (IP=107,MX) | updated by KF Block expiration extended with reason SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=107,MX)
201.158.20.152	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=152,BR)
201.16.197.149	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=149,BR)
201.162.102.48	24	RW	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Sourcefire (IP=48,BR)
201.162.103.159	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt_Sourcefire (IP=159,BR)
201.162.105.153	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	BR TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason BR TO-S-2020-0212.01 Malicious Email Activity
201.162.105.153	24	RWB	None	2019-12-13 00:00:00	2020-12-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=153,BR) | updated by GL with reason Malicious Scan HIVE CASE 1608 (IP=153,BR)
201.162.110.16	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability_Web attacks (IP=16,BR)
201.162.70.102	32	CR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	Known Attack Tool User Agent _ TT# 20C01498 (IP=102,US)
201.162.70.53	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Sourcefire (IP=53,BR)
201.163.111.18	24	GM	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=18,MX)
201.163.180.183	24	RR	None	2018-12-08 06:00:00	2020-01-30 00:00:00	None	Failed password for invalid user (IP=183,MX) | updated by RR with reason Failed password - Failed Logons (IP=183,)
201.168.160.146	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=146,MX)
201.170.232.247	24	RR	None	2020-07-07 00:00:00	2020-10-05 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=247,MX)
201.170.72.140	24	RR	None	2020-07-28 00:00:00	2020-10-26 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=140,MX)
201.171.11.42	24	DT	None	2020-07-23 00:00:00	2020-10-23 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=42,MX)
201.171.239.147	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=147,MX)
201.171.44.46	24	RB	None	2020-08-01 00:00:00	2020-10-30 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability - 6hr web attacks (IP=46,MX)
201.171.74.232	24	GM	None	2020-08-14 00:00:00	2020-11-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=232,MX)
201.172.221.23	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=23,MX)
201.174.185.234	24	RB	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_Sourcefire (IP=234,MX)
201.182.223.59	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=59,BR)
201.182.241.216	24	RB	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt_6 hr web attacks (IP=216,EC)
201.184.225.146	24	RR	None	None	2020-07-07 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=146,CO)
201.184.252.146	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=146,CO) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=146,CO)
201.184.40.163	24	djs	None	2014-03-17 05:00:00	2020-04-21 00:00:00	None	Telnet Scans (ip=163,CO) | updated by CR with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attemp | updated by RWB with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=
201.190.176.19	24	KF	None	2020-02-03 00:00:00	2020-05-06 00:00:00	None	Failed password (IP=19,AR) | updated by RB Block expiration extended with reason Illegal user_6 hr Failed Logons_CPC (IP=19,AR)
201.192.158.71	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=71,CR) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=71,CR)
201.20.96.0	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=0,BR)
201.200.3.241	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=241,CR)
201.203.233.162	24	RR	None	None	2020-07-09 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=162,CR)
201.205.242.4	24	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=4,CR)
201.206.91.151	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=151,CR)
201.207.51.153	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=153,CR)
201.209.230.13	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	Known Attack Tool User Agent - TT# 20C01887 (IP=13,VE)
201.212.0.0	17	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AR TO-S-2019-1036 Malicious Email Activity
201.213.32.59	24	CR	None	2020-04-30 00:00:00	2020-07-30 00:00:00	None	Case # 1927 - IOC_ Emotet (IP=59,AR)
201.216.238.243	24	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=243,AR)
201.217.38.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	PY TO-S-2020-0109.01 Malicious Email Activity
201.218.102.106	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=106,PA)
201.218.64.38	24	BMP	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - 6hr Web Attacks (IP=38,PA)
201.219.160.0	19	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AR TO-S-2019-1036 Malicious Email Activity
201.221.224.66	24	RR	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=66,PA)
201.222.73.68	24	RR	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Illegal user - Failed Logopns (IP=68,BO)
201.230.120.5	24	RW	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=5,PE)
201.231.135.40	24	CR	None	2020-01-06 00:00:00	2020-04-06 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=40,AR)
201.234.77.162	24	GM	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=162,CO)
201.235.17.110	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logon (IP=110,AR)
201.235.19.122	24	RR	None	2019-01-19 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=122,AR) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=122,AR)
201.235.45.75	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=75,AR)
201.236.158.202	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	Illegal user_Failed Logon (IP=2,CL)
201.237.73.104	24	KF	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr Web Attacks (IP=104,CR)
201.238.155.122	32	FT	None	2020-09-20 00:00:00	2020-12-19 00:00:00	None	SERVER-WEBAPP Tomato router web interface bruteforce scan attempt (1:52827:1) - SourceFire (IP=122,EC)
201.238.155.122	32	FT	None	2020-09-20 00:00:00	2020-12-19 00:00:00	None	SERVER-WEBAPP Tomato router web interface bruteforce scan attempt (1:52827:1) - SourceFire (IP=122,EC)
201.238.155.122	24	RR	None	2020-09-20 00:00:00	2020-12-19 00:00:00	None	SERVER-WEBAPP Tomato router web interface bruteforce scan attempt - SourceFire (IP=122,EC)
201.238.239.151	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=151,CL)
201.239.145.221	32	BMP	None	2020-03-17 00:00:00	2020-06-16 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02170 (IP=221,CL)
201.24.126.158	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=158,BR)
201.24.69.202	24	BMP	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=202,BR)
201.24.70.160	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=160,BR)
201.244.0.0	16	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CO TO-S-2019-0952 Malware Activity
201.245.168.163	24	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	TCP: SYN Host Sweep (IP=163,CO)
201.247.111.162	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=162,SV)
201.249.110.89	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=89,VE)
201.249.12.126	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=126,VE)
201.249.196.74	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=74,Venezuela)
201.249.89.102	24	RR	None	2018-12-20 06:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=102,VE) | updated by RR with reason Invalid user - Failed Logons (IP=1,VE)
201.250.0.0	17	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AR TO-S-2019-1036 Malicious Email Activity
201.254.0.25	24	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=25,AR)
201.254.3.132	24	CR	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	HTTP: test-cgi Directory Listing - 6 hr Web Attacks (IP=132,AR) | updated by KF Block expiration extended with reason Web (HTTP) Attacks (IP=132,AR)
201.32.178.190	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password - Failed Logons (IP=190,BR)
201.34.149.108	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=8,BR)
201.38.172.76	24	RB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=76,BR)
201.39.70.18	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Failed password - Failed Logons (IP=18,BR)
201.44.5.167	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	BR TO-S-2020-0187 Malicious Email Activity
201.47.158.130	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=130,BR)
201.48.4.15	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=15,BR)
201.48.49.145	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=145,BR)
201.48.65.147	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
201.49.127.212	24	GLM	None	2018-12-20 06:00:00	2020-03-08 00:00:00	None	Illegal user (IP=212,BR) | updated by RR with reason Invalid user - Failed Logons (IP=212,BR)
201.55.126.57	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password for invalid user - Failed Logons (IP=57,BR)
201.59.128.0	18	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	BR TO-S-2020-0012 Malware Activity
201.66.197.230	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=230,BR)
201.72.179.51	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=51,BR)
201.72.238.179	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Invalid user - Failed Logons (IP=179,BR)
201.73.1.54	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password for invalid user - Failed Logons (IP=54,BR)
201.76.0.19	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=19,BR)
201.76.109.0	24	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	BR TO-S-2019-1002 Malware Activity
201.76.49.113	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=113,BR)
201.76.49.122	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=122,BR)
201.76.49.140	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=140,BR)
201.76.49.147	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=147,BR)
201.76.49.191	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=191,BR)
201.76.49.242	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=242,BR)
201.76.49.60	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=60,BR)
201.76.49.65	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=65,BR)
201.76.49.66	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=66,BR)
201.76.49.80	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=80,BR)
201.77.116.44	24	GM	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Illegal user - Failed Logons (IP=44,BR)
201.83.230.73	32	KF	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	Known Attack Tool User - TT# 010420-00023 (IP=73,BR)
201.93.85.190	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Invalid user -Failed Logons (IP=190,BR)
2019-ncov-2020.com.preview.services	---	jkc	None	2020-07-20 00:00:00	2020-10-21 00:00:00	2023-01-19 22:42:03	hive case # 3387 CTO 20-199 Malicious Domain
202.0.103.66	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	IN TO-S-2019-0400 Malicious Email Activity
202.1.207.53	24	GM	None	2020-06-18 00:00:00	2020-08-18 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=53,MV)
202.100.206.2	24	RR	None	2020-04-19 00:00:00	2020-07-18 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=2,CN)
202.100.78.118	24	sym	None	2014-08-15 05:00:00	2020-01-22 00:00:00	None	Suspicious inbound to mySQL port 3306 (ip=118,CN) | updated by RB with reason Generic ArcSight scan attempt (IP=110,CN) | 2020-01-22 | 2014-11-15
202.101.58.90	24	CR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	Illegal user - 6 hr Failed Logon (IP=90,CN)
202.102.233.85	24	20200120	None	None	2020-01-20 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - WebAttacks (IP=85,CN) | updated by RWB Block was inactive. Reactivated on 20191022 with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - WebAttacks (IP=8
202.102.67.183	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt (IP=183,CN)
202.102.95.149	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=149,CN)
202.105.136.1	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=1,CN)
202.105.136.106	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=106,CN)
202.106.149.130	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Illegal user - 6hr Logon (IP=130,CN)
202.106.93.46	24	RR	None	2019-01-19 00:00:00	2020-02-23 00:00:00	None	Failed password for invalid user (IP=46,CN) | updated by RW Block was inactive. Reactivated on 20191123 with reason Authentication Failed - 6hr Failed Logon(IP=46,CN)
202.107.128.0	17	jky	None	2017-09-08 05:00:00	2020-02-12 00:00:00	None	CN TO-S-2017-1490 Malicious activity | updated by RR with reason Illegal user (IP=91,CN) | updated by RR with reason Generic ArcSight scan attempt (IP=3,CN)
202.107.148.117	24	RB	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=117 CN)
202.107.188.11	24	RR	None	2020-04-18 00:00:00	2020-07-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=11,CN)
202.107.238.94	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=94,CN)
202.108.199.62	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Command Injection Attempt (IP=62,CN)
202.108.31.90	24	RB	None	2017-11-04 05:00:00	2020-02-01 00:00:00	None	Illegal user (IP=90,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=160,CN) | 2020-02-01 | 2018-02-02
202.110.64.103	24	ABC	None	2016-02-01 06:00:00	2020-09-02 00:00:00	None	Bro-observed Port Scanning (IP=103,CN) | updated by djs with reason SSH Scans (ip=103,CN) | updated by dbc with reason CN TO-S-2019-0952 Malware Activity
202.114.113.218	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=218,CN)
202.114.121.195	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=195,CN)
202.119.112.143	24	RR	None	2020-07-26 00:00:00	2020-10-24 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=143,CN)
202.123.176.0	21	jky	None	2017-03-29 05:00:00	2020-02-20 00:00:00	None	LA TO-S-2017-0783 Malicious activity | updated by BP with reason Authentication Failed (IP=18,LA)
202.124.129.68	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=68,PH) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
202.124.139.226	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	PH TO-S-2019-0351 Malicious Email Activity
202.125.23.83	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	UDP: Host Sweep (IP=83,AU)
202.125.95.52	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password - Failed Logons (IP=52,ID)
202.126.208.122	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=122,HK)
202.129.16.124	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=124,TH)
202.129.204.0	22	dcg	None	2018-05-14 05:00:00	2020-02-02 00:00:00	None	TH TO-S-2018-0746 web application and malware activity | updated by KF with reason HTTP: SQL Injection Attempt Detected_Web Attacks (IP=186,TH)
202.129.210.59	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Failed password for invalid user -Failed Logons (IP=59,IN)
202.130.46.31	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	AU TO-S-2020-0006 Malicious Email Activity
202.131.152.2	24	RR	None	2018-12-13 06:00:00	2020-02-07 00:00:00	None	Failed password for invalid user (IP=2,IN) | updated by KF with reason Failed password (IP=2,IN)
202.131.227.60	24	RB	None	2019-01-06 06:00:00	2020-01-29 00:00:00	None	Illegal user (IP=60,MN) | updated by GM with reason Failed password - Failed Logons (IP=60,MN)
202.131.231.210	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=210,MN)
202.134.62.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	HK TO-S-2019-0626.01 Malware Activity
202.136.212.0	22	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	CN TO-S-2019-0468 Malicious Web Application Activity
202.136.57.2	24	ABC	None	2016-05-05 05:00:00	2020-07-19 00:00:00	None	Generic ArcSight scan attempt (IP=2,CN) | updated by klb with reason ET POLICY Suspicious inbound to MSSQL port 1433 (IP=2 CN) | updated by DT Block was inactive. Reactivated on 20200420 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerabili
202.137.141.240	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=240,LA)
202.137.5.245	24	RB	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	Failed password_6 hr Failed Logons (IP=245,ID)
202.14.123.21	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
202.142.112.108	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=108,IN)
202.142.147.83	32	wmp	None	2020-08-24 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3614 COLS-NA-TIP-20-0265 (IP=83,PK)
202.142.57.179	24	GM	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=179,AU)
202.142.67.244	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
202.142.81.228	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=228,IN)
202.143.108.0	22	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	VN TO-S-2020-0190 Malicious Email Activity
202.143.111.156	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=156,VN)
202.143.99.106	24	djs	None	2016-09-08 05:00:00	2020-08-15 00:00:00	None	USAA phishing email domain URL IP (IP=106,IN | updated by dbc with reason ID TO-S-2019-0890.01 Malicious Email Activity
202.146.216.10	24	RB	None	2019-05-05 00:00:00	2020-01-18 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt_12 hr web attacks (IP=10,HK) | updated by RB with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00490 (IP=30,HK) | 2020-01-18 | 2019-08-03
202.146.216.35	24	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=35,HK)
202.146.217.192	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=192,HK)
202.146.219.236	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=236,HK)
202.151.30.145	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Invalid user_6 hr Failed Logons (IP=145,FJ)
202.152.135.2	32	RB	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03534 (IP=2,ID)
202.152.135.2	24	RW	None	2020-02-01 00:00:00	2020-06-09 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=2,ID) | updated by RW Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=2,ID)
202.152.28.117	32	GM	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03469 (IP=117,ID)
202.154.180.51	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed (IP=51,ID)
202.154.184.0	22	dcg	None	2018-08-07 05:00:00	2020-03-28 00:00:00	None	ID TO-S-2018-1009 associated with malicious web application and malware activity | updated by KF with reason Authentication Failed (IP=234,ID)
202.157.143.205	24	BMP	None	2020-05-02 00:00:00	2020-07-31 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=205,SG)
202.158.44.202	32	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01694(IP=202,ID)
202.158.89.198	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	ID TO-S-2019-0409 Malicious Email Activity
202.159.62.99	24	RB	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt-Sourcefire (IP=99,ID)
202.161.176.28	24	KF	None	2020-02-03 00:00:00	2020-05-04 00:00:00	None	Illegal user (IP=28,BD) | updated by RB Block expiration extended with reason Illegal user_6 hr Failed Logons_CPC (IP=28,BD)
202.162.19.114	32	RW	None	2020-02-03 00:00:00	2020-03-03 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01589 (IP=114,MY)
202.162.194.154	24	JC	None	2015-03-14 05:00:00	2020-02-15 00:00:00	None	ET SCAN Potential VNC Scan 5900-5920 (IP=154 , ID) | updated by dbc with reason ID TO-S-2019-0409 Malicious Email Activity
202.162.194.44	24	CR	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=44,ID)
202.162.246.184	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=184,IN)
202.163.126.134	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=202,PK)
202.164.27.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	HK TO-S-2019-0626.01 Malware Activity
202.164.48.202	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
202.168.64.24	32	RR	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	Known Attack Tool User Agent/ HTTP: Masscan Scanner Traffic Detected - TT# 20C01993 (IP=24,MY)
202.169.47.51	24	RW	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=51,ID)
202.169.56.98	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Illegal user_6 hr Failed Logons (IP=98,ID)
202.170.120.0	23	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	TH TO-S-2019-0577 Malicious Email Activity
202.170.126.166	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	TH TO-S-2019-0551.02 Malicious Email Activity
202.170.143.19	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password - Failed Logons (IP=19,CN)
202.171.208.0	21	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	HK TO-S-2020-0006 Malware Activity
202.172.28.17	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=17,JP)
202.173.28.250	32	JKC	None	2020-03-16 00:00:00	2020-06-14 00:00:00	None	Malicious callout activity Hive Case 2109 (IP=250, IN)
202.179.27.27	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - Failed Logons (IP=27,MN)
202.181.24.204	32	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01934 (IP=204,HK)
202.181.24.204	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=204,HK)
202.181.97.57	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	JP TO-S-2019-0723 Malicious Web Application Activity
202.181.97.61	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	JP TO-S-2019-0640.01 Malicious Email Activity
202.181.97.88	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	JP TO-S-2019-0640.01 Malicious Email Activity
202.181.99.59	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	JP TO-S-2019-0640.01 Malicious Email Activity
202.182.108.174	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	JP TO-S-2019-0577 Malware Activity
202.182.114.79	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	JP TO-S-2019-0577 Malware Activity
202.182.96.87	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	JP TO-S-2020-0065 Malicious Web Application Activity
202.182.97.227	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason JP TO-S-2020-0212.01 Malware Activity
202.182.99.135	24	ABC	None	2018-06-19 05:00:00	2020-04-08 00:00:00	None	Generic ArcSight scan attempt (IP=135,AU) | updated by dbc with reason JP TO-S-2019-0577 Malware Activity
202.183.235.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	TH TO-S-2019-0626.01 Malware Activity
202.184.112.35	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=35,MY)
202.184.218.226	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=226,MY)
202.186.0.0	15	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	MY TO-S-2020-0088 Malicious Email Activity
202.188.124.50	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=50,MY)
202.191.56.246	24	alj	None	2018-11-06 06:00:00	2020-02-11 00:00:00	None	Illegal user (ip=246,vn) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=69,VN)
202.200.126.253	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password_6 hr Failed Logons (IP=253,CN)
202.201.163.21	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=21,CN)
202.207.193.2	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Command Injection Attempt (IP=2,CN)
202.21.114.58	24	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - Failed Logons (IP=58,MN)
202.218.32.162	24	SYM	None	2014-11-01 05:00:00	2020-03-03 00:00:00	None	Detect PHP-CGI Remote code Execution vulnerability (ip=162,JP) | updated by RR with reason SQL 1 = 1 - possible sql injection attempt (1:19439:10) -SoureFire (IP=180,JP)
202.218.32.180	24	KF	None	2019-12-03 00:00:00	2020-03-10 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=180,JP) | updated by KF Block expiration extended with reason HTTP: SQL Injection - Exploit II (IP=180,JP)
202.229.120.142	24	sjl	None	2015-06-13 05:00:00	2020-02-16 00:00:00	None	ET SCAN Potential SSH Scan (IP=142 JP) | updated by sjl with reason ET SCAN Potential SSH Scan (IP=142 JP) | updated by ged | updated by RR with reason Failed password - Failed Logons (IP=90,JP)
202.254.234.16	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=16,JP)
202.255.199.46	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Illegal user - Failed Logons (IP=46,JP)
202.29.16.235	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=235 TH)
202.29.220.186	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=186,TH)
202.29.233.65	24	RR	None	2017-11-17 06:00:00	2020-02-26 00:00:00	None	Illegal user (IP=65,TH) | updated by RR with reason Illegal user (IP=50,TH) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_6 hr web attacks (IP=172,TH) | 2020-02-26 | 2018-08-21
202.29.6.21	24	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=21,TH)
202.29.6.21	24	GM	None	2020-04-15 00:00:00	2020-07-15 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=21,TH)
202.29.70.42	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=42,TH)
202.30.38.46	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	KR TO-S-2019-0634 Malware Activity
202.39.244.137	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=137,TW)
202.40.183.250	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BD TO-S-2019-0409 Malicious Email Activity
202.40.191.115	24	RR	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=115,BD)
202.43.110.25	24	wla	None	2014-05-20 05:00:00	2020-03-11 00:00:00	None	ET SCAN Potential SSH Scan (IP=25, VN) | updated by dbc with reason VN TO-S-2019-0468 Malicious Email Activity
202.43.148.172	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750Brouters login.cgi command injection attempt (IP=172,CN)
202.43.91.114	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=114,no ISC data)
202.45.147.125	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=125,NP)
202.5.205.84	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Illegal user_Failed Logon (IP=84,MN)
202.51.74.55	24	EDBT	None	2017-10-29 05:00:00	2020-08-06 00:00:00	None	Illegal user (IP=55,NP) | updated by RR with reason Illegal user (IP=78,NP) | updated by dbc with reason NP TO-S-2019-0864 Malicious Email Activity
202.52.146.28	24	ALJ	None	2018-08-01 05:00:00	2020-02-14 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=28,ID) | updated by dbc with reason ID TO-S-2019-0400 Malicious Email Activity
202.53.137.207	24	CR	None	2019-12-21 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=207,HK) | updated by KF with reason Immediate Inbound Network Block - TT# 20C01288 (IP=66,US)
202.53.138.100	24	RWB	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Attempted User Privilege Gain - SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - sourcefire (IP=100,HK)
202.53.138.100	32	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Immediate Inbound Network Block - TT# 20C00815 (IP=100,US)
202.53.139.58	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=58,HK)
202.53.87.122	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
202.54.157.6	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password (IP=6,IN)
202.55.68.22	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	SG TO-S-2019-0952 Malicious Email Activity
202.55.86.11	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	SG TO-S-2019-0952 Malicious Email Activity
202.56.171.0	24	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	ID TO-S-2019-0508 Malicious Email Activity
202.57.40.228	24	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=228,PH)
202.60.132.10	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=10,CN)
202.60.133.0	24	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	CN TO-S-2020-0077 Malicious Web Application
202.60.133.114	24	RW	None	2019-10-25 00:00:00	2020-01-25 00:00:00	None	APP-DETECT failed FTP login attempt - 6hr Failed Logon(IP=114,CN)
202.60.245.164	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=164,XX)
202.60.251.143	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - Web Attacks (IP=143,HK)
202.62.51.114	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed_Failed Logon (IP=14,KH)
202.63.242.0	23	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	NP TO-S-2019-0734.01 Malicious Email Activity
202.65.125.204	24	wmp	None	2019-01-04 06:00:00	2020-08-22 00:00:00	None	authentication bypass attempt (IP=204,ID) | updated by dbc with reason ID TO-S-2019-0926 Malicious Reconnaissance Activity
202.65.144.46	24	CR	None	2019-07-22 00:00:00	2020-09-02 00:00:00	None	Authentication Failed_6 hr Failed Logon (IP=46,IN) | updated by dbc with reason IN TO-S-2019-0952 Malware Activity
202.65.155.52	24	KF	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=52,IN)
202.65.155.52	24	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=52,IN)
202.66.173.131	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	IN TO-S-2019-0658 Malware Activity
202.66.173.30	24	GM	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=30,GB)
202.66.174.0	24	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	IN TO-S-2019-0604 Malware Activity
202.67.13.86	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=86,ID)
202.69.171.52	24	RB	None	2020-08-22 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=52,PH)
202.69.8.0	21	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	PK TO-S-2020-0109.01 Malicious Email Activity
202.70.34.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	MN TO-S-2019-0626.01 Malware Activity
202.70.65.229	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password (IP=229,NP)
202.71.131.0	24	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	IN TO-S-2019-0864 Malicious Email Activity
202.73.9.76	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=76,MY)
202.74.0.0	24	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	HK TO-S-2019-0546 Malicious Email Activity
202.74.238.221	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=221,ID)
202.75.32.73	24	bob	None	2016-10-14 05:00:00	2020-03-11 00:00:00	None	MY TO-S-2017-0045 Malaysia IP address associated with phishing activities | updated by dbc with reason MY TO-S-2019-0468 Malic
202.77.105.54	24	RB	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep_Sauron Report (IP=54,ID)
202.77.7.70	24	RR	None	2020-01-18 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=70,HK) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=70,HK) | updated by KF Block expiration extended with reaso
202.79.169.54	24	DT	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=54,HK)
202.79.172.149	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password - Failed Logons (IP=149,AU )
202.79.174.55	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=55,HK)
202.79.175.102	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=102,HK)
202.80.46.138	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	VU TO-S-2019-0546 Malicious Email Activity
202.83.17.223	24	RR	None	2019-01-30 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=223,IN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=223,IN)
202.83.37.12	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=12,IN)
202.83.42.80	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=80,IN)
202.84.44.77	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=77,BD)
202.85.218.62	24	BMP	None	2020-03-17 00:00:00	2020-06-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=62,CN)
202.86.128.0	18	jky	None	2017-08-23 05:00:00	2020-02-20 00:00:00	None	MO TO-S-2017-1427 Phishing activity | updated by RR with reason Failed password - Failed Logons (IP=59,MO)
202.87.138.21	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=21,NC)
202.88.234.1	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Failed password - Failed Logons (IP=1,IN)
202.88.241.58	24	RR	None	2018-05-10 05:00:00	2020-01-15 00:00:00	None	Illegal user (IP=58,IN) | updated by GM with reason Illegal user - Failed Logons (IP=107,IN)
202.9.46.193	24	RR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - Failed Logons (IP=193,MN)
202.9.90.145	24	RR	None	2020-08-13 00:00:00	2020-11-11 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=145,TH)
202.91.10.60	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=60,ID)
202.91.245.234	32	RR	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03690 (IP=234,CN)
202.91.34.27	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
202.92.4.0	22	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	VN TO-S-2019-1002 Malicious Email Activity
202.92.4.149	24	ABC	None	2018-03-28 05:00:00	2020-09-19 00:00:00	None	Generic ArcSight scan attempt (IP=149,Vietnam) | updated by dbc with reason VN TO-S-2019-1002 Malicious Email Activity
202.92.6.10	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	VN TO-S-2019-0400 Malicious Email Activity
202.92.7.103	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	VN TO-S-2019-0351 Malicious Email Activity
202.93.226.74	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	ID TO-S-2019-0409 Malicious Email Activity
202.93.227.238	24	BMP	None	2020-07-15 00:00:00	2020-10-13 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=238,ID)
202.93.229.229	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed_Failed Logon (IP=29,ID)
202.95.14.159	24	KF	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Command Injection Attempt (IP=159,CN)
202.95.14.2	24	BP	None	2019-12-03 00:00:00	2020-03-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=2,HK) | updated by RWB Block expiration extended with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=2,CN)
202.95.15.84	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=84,CN)
202.99.192.0	19	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CN TO-S-2019-0952 Malware Activity
203.0.178.90	32	dbc	None	2019-04-26 00:00:00	2020-12-02 00:00:00	None	AU TO-S-2019-0626.01 Malicious Email Activity | updated by wmp Block was inactive. Reactivated on 20200903 with reason HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=90,AU)
203.0.178.90	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	AU TO-S-2019-0626.01 Malicious Email Activity | updated by wmp Block was inactive. Reactivated on 20200903 with reason HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=90,AU)
203.101.189.70	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - 6hr Logons (IP=70,PK)
203.107.32.0	21	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,CN)
203.107.40.0	22	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,CN)
203.107.42.62	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=62,CN)
203.109.195.10	32	RW	None	2020-04-06 00:00:00	2020-05-06 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Mirai Echobot Activity Detected - TT# 20C02436 (IP=10,NZ)
203.109.200.78	24	GM	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	Timeout before authentication for - Failed Logons (IP=78,NZ)
203.113.174.104	32	RW	None	2020-06-05 00:00:00	2020-10-22 00:00:00	None	vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03070 (IP=104,US) | updated by GM Block was inactive. Reactivated on 20200722 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT
203.113.174.104	32	RW	None	2020-06-05 00:00:00	2020-10-22 00:00:00	None	vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03070 (IP=104,US) | updated by GM Block was inactive. Reactivated on 20200722 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT
203.113.174.104	24	BMP	None	2020-02-23 00:00:00	2020-03-24 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01807 (IP=104,VN)
203.113.174.46	24	GM	None	2018-07-11 05:00:00	2020-01-10 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=46,VN) | updated by RW with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 19C03100 (IP=104,US) | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt
203.114.102.69	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
203.114.109.61	24	GM	None	2019-10-21 00:00:00	2020-04-06 00:00:00	None	Illegal user - Failed Logons (IP=61,TH) | updated by KF with reason Failed password (IP=57,US)
203.115.192.0	18	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	MY TO-S-2020-0047 Malicious Email Activity
203.119.112.0	24	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	ID TO-S-2019-0800 Malicious Email Activity
203.12.223.4	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	IN TO-S-2019-0604 Malware Activity
203.121.116.11	24	RR	None	2019-01-19 00:00:00	2020-02-10 00:00:00	None	Failed password for invalid user (IP=11,MY) | updated by CW Block was inactive. Reactivated on 20191112 with reason Failed password for invalid user_Failed Logon (IP=11,MY)
203.122.14.41	24	GM	None	2020-04-21 00:00:00	2020-07-21 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=41,IN)
203.122.43.124	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=124,IN)
203.124.47.199	24	RB	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	APP-DETECT failed FTP login attempt_6 hr Failed Logons_CPC (IP=199,PK)
203.124.47.199	24	RB	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	APP-DETECT failed FTP login attempt_6 hr Failed Logons_CPC (IP=199,PK)
203.124.47.199	24	RB	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	APP-DETECT failed FTP login attempt_6 hr Failed Logons_CPC (IP=199,PK)
203.129.207.4	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Illegal user_Failed Logon (IP=4,IN)
203.129.27.199	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	AU TO-S-2019-0926 Malicious Reconnaissance Activity
203.130.0.0	20	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	PK TO-S-2019-1036 Malicious Email Activity
203.130.128.0	19	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	TH TO-S-2020-0088 Malicious Email Activity
203.131.240.0	20	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	HK TO-S-2019-0400 Malicious Reconnaissance Activity
203.138.172.104	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=104,JP)
203.142.87.88	24	BP	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command infection attempt - 6hr Web Attacks (IP=88,ID)
203.143.0.0	18	dcg	None	2018-08-03 05:00:00	2020-03-03 00:00:00	None	LK TO-S-2018-1002 associated with malicious web application and malware activity | updated by RR with reason Failed password for invalid user - Failed Logons (IP=26,LK)
203.143.84.227	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=227,AU)
203.145.156.203	24	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=203 IN)
203.145.192.0	21	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	TW TO-S-2019-0926 Malicious Reconnaissance Activity
203.146.128.0	19	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	TH TO-S-2020-0006 Malicious Email Activity
203.146.24.0	22	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	TH TO-S-2019-0577 Malicious Email Activity
203.146.251.55	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=55,TH)
203.148.188.16	24	RB	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_6 hr web attacks (IP=16,TH)
203.148.249.181	24	RR	None	2020-09-21 00:00:00	2020-12-20 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=181,TH)
203.148.53.227	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password - Failed Logons (IP=227,CN)
203.150.24.0	22	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	TH TO-S-2019-0577 Malicious Email Activity
203.150.37.223	24	GM	None	2019-12-16 00:00:00	2020-03-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=223,TH)
203.153.41.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
203.154.32.185	32	GM	None	2020-02-09 00:00:00	2020-08-09 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - 20C01659 (IP=185,US) | updated by CR Block was inactive. Reactivated on 20200511 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) -
203.154.32.185	32	GM	None	2020-02-09 00:00:00	2020-08-09 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - 20C01659 (IP=185,US) | updated by CR Block was inactive. Reactivated on 20200511 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) -
203.154.32.185	32	GM	None	2020-02-09 00:00:00	2020-08-09 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - 20C01659 (IP=185,US) | updated by CR Block was inactive. Reactivated on 20200511 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) -
203.154.66.78	24	RW	None	2020-05-24 00:00:00	2020-08-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=78,TH)
203.156.125.195	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=195,TH)
203.157.182.0	24	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	TH TO-S-2019-0571 Malicious Email Activity
203.157.6.0	23	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	TH TO-S-2019-0926 Malicious Reconnaissance Activity
203.160.174.214	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=214,PH)
203.160.52.35	24	RR	None	2016-12-12 06:00:00	2020-02-16 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=35,CN) | updated by CR with reason HTTP: WordPress portable phpmyadmin pl | updated by RR with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=124,CN)
203.160.62.115	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=115,ID)
203.162.148.245	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=245,VN)
203.162.230.150	24	RR	None	2018-12-31 06:00:00	2020-03-08 00:00:00	None	Illegal user (IP=150,VN) | updated by GM with reason Invalid user - Failed Logons (IP=150,VN)
203.162.31.118	24	RR	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=118,VN)
203.167.192.119	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=119,NZ)
203.167.7.18	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=18,PH)
203.170.76.123	32	RR	None	2019-12-20 00:00:00	2020-01-19 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01192 (IP=123,PK)
203.170.85.169	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	AU TO-S-2019-0972 Malicious Email Activity
203.170.87.81	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	AU TO-S-2019-0488 Malicious Email Activity
203.171.235.212	24	KF	None	2020-05-31 00:00:00	2020-08-29 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=212,CN)
203.172.66.216	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password - Failed Logons (IP=216,TH)
203.173.93.138	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	ID TO-S-2019-0409 Malicious Email Activity
203.174.27.0	24	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	AF TO-S-2019-0613 Malware Activity
203.175.162.15	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	SG TO-S-2020-0031 Malicious Email Activity
203.176.135.102	24	CR	None	2020-04-30 00:00:00	2020-07-30 00:00:00	None	Case # 2534 - IOC_ CTR-20-0654 (IP=102,KH)
203.176.79.129	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=129,CN)
203.176.86.99	24	KF	None	2020-05-23 00:00:00	2020-08-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=99,CN)
203.177.132.246	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	PH TO-S-2019-0409 Malicious Email Activity
203.188.252.44	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=44,BD)
203.189.104.105	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	JP TO-S-2019-0864 Malware Activity
203.189.206.109	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Illegal user_Failed Logon (IP=9,CN)
203.189.85.109	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2/BOT: Mirai Echobot Activity Detected - TT# 20C02427 (IP=109,AU)
203.190.153.20	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=20,IN)
203.190.55.147	24	YM	None	2018-06-03 05:00:00	2020-02-04 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=147,ID) | updated by GM with reason ET WEB_SERVER Mi | updated by KF with reason Failed password_6 Hr Failed Logons (IP=222,ID) | updated by RW with reason Authentication Faile
203.194.103.86	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Invalid user - Failed Logon (IP=,MN)
203.194.98.69	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
203.195.229.145	32	BMP	None	2020-06-29 00:00:00	2020-07-29 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03319 (IP=145,CN)
203.202.240.236	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02396 (IP=236,BD)
203.202.249.234	24	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (IP=234,BD)
203.205.32.0	21	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	VN TO-S-2020-0077 Malicious Email Activity
203.205.34.68	32	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	TO-S-2020-0063 / Pulse 201926-19 - TT# 20C00545 (IP=68,VN)
203.210.239.83	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=83,VN)
203.210.84.229	24	EDBT	None	2018-03-18 05:00:00	2020-01-20 00:00:00	None	ET SCAN Potential SSH Scan (IP=229 ID) | updated by RR with reason Failed password for invalid user (IP=218,ID) 2018-06-16 2 | updated by KF with reason Generic ArcSight scan attempt (IP=242,ID)
203.210.86.38	24	KF	None	2019-11-02 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=38,ID) | updated by KF Block expiration extended with reason Failed Password_6 Hr Failed Logons (IP=38,ID)
203.212.25.205	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=205,IN)
203.215.189.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	PK TO-S-2020-0109.01 Malicious Email Activity
203.217.176.191	24	RR	None	2019-01-03 06:00:00	2020-09-02 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=191,MY) | updated by dbc with reason MY TO-S-2019-0952 Malicious Email Activity
203.218.0.198	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=198,HK)
203.218.165.121	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=121,HK)
203.218.191.138	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=138,HK)
203.218.53.66	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=66,HK)
203.219.148.206	32	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	AU TO-S-2019-0839 Malware Activity
203.229.246.118	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=118,KR)
203.230.6.175	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Failed password -Failed Logons (IP=175,KR)
203.232.210.195	24	sjl	None	2015-07-26 05:00:00	2020-02-11 00:00:00	None	ET SCAN Potential SSH Scan (IP=195 KR) | updated by GM with reason Failed password - Failed Logons (IP=195,KR)
203.234.135.222	24	DT	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=222,KR)
203.234.187.143	24	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=143,KR)
203.234.19.83	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Failed password for invalid user - Failed Logons (IP=83,KR)
203.236.117.51	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=51,KR)
203.248.175.72	24	BMP	None	2020-09-23 00:00:00	2020-12-23 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - 6hr Web Attacks (IP=72,KR)
203.25.159.0	24	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AU TO-S-2019-1036 Malicious Email Activity
203.251.12.134	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	KR TO-S-2019-0400 Malware Activity
203.30.236.64	24	DT	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=64,ID)
203.34.4.247	24	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=247,CN)
203.40.180.210	24	CR	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=210,AU)
203.44.88.146	24	GM	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web attacks (IP=146,AU) | This is an RWP address, back-end server runs ASPX not PHP.
203.57.101.84	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=84,CN)
203.57.58.221	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password - Failed Logons (IP=221,CN)
203.69.6.62	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=62,Taiwan)
203.74.0.0	16	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	TW TO-S-2019-0468 Malicious Web Application Activity
203.76.112.170	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=170,BD)
203.76.124.229	24	RR	None	2020-09-14 00:00:00	2020-12-13 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=229,BG)
203.76.98.139	24	RR	None	2020-09-02 00:00:00	2020-12-01 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=139,BG)
203.78.140.119	24	RB	None	2018-05-12 05:00:00	2020-01-14 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=119 HK) | updated by CR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attack (IP=182,HK)
203.78.142.39	24	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=39,HK)
203.80.14.2	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=2,ID)
203.82.196.0	22	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	BD TO-S-2019-1036 Malicious Email Activity
203.82.206.172	24	RB	None	2020-04-08 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (IP=172,BD) | not blocked: This is a signature for home routers
203.90.226.0	24	dbc	None	2019-01-15 06:00:00	2020-01-15 06:00:00	None	HK TO-S-2019-0321 Malicious Email Activity
203.91.114.6	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user - Web Attacks (IP=6,MN)
203.91.116.58	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=58,MN)
203.92.91.194	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=194,SG)
203.96.209.105	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	NZ TO-S-2019-0890.01 Malicious Email Activity
203.97.185.59	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=59,NZ)
203.99.177.0	24	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	PK TO-S-2019-0508 Malware Activity
204.101.119.75	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - 6hr web attacks (IP=75,CA)
204.11.58.156	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	VG TO-S-2019-0382 Malicious Email Activity
204.11.58.168	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
204.11.58.28	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
204.11.59.195	24	BMP	None	2020-07-15 00:00:00	2020-10-13 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=195,VG)
204.12.208.146	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
204.12.235.130	32	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C02999 (IP=130,US)
204.144.184.98	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
204.15.134.245	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
204.15.145.106	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=106,PR)
204.15.78.228	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=228,US)
204.152.207.69	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malicious Email Activity
204.152.209.199	24	jkc	None	2016-03-05 06:00:00	2020-03-18 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=199, US) | updated by ABC with reason ET POLICY Suspicious inbound to mySQ
204.16.246.252	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Web Application Activity
204.18.221.179	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	AE TO-S-2019-0430 Malware Activity
204.188.226.99	32	GM	None	2020-07-11 00:00:00	2020-10-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03427 (IP=99,US)
204.194.141.75	32	RW	None	2020-03-10 00:00:00	2020-04-10 00:00:00	None	TO-S-2020-0358 / IP scanning possible connection - TT# 20C02114 (IP=75,US)
204.195.58.183	32	RR	None	2020-04-19 00:00:00	2020-07-18 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=183,US)
204.236.104.120	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=120,BS)
204.42.255.254	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
204.44.82.130	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
204.48.17.136	32	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user - Failed Logons (IP=136,US)
204.48.19.166	32	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - SourceFire (IP=166,US)
204.48.21.165	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=165,US)
204.48.25.224	32	CR	None	2019-12-21 00:00:00	2020-01-21 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - TT# 20C01200 (IP=224,US)
204.48.26.117	32	DT	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire - (IP=117,US)
204.48.27.136	32	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=136,US)
204.48.55.162	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Web Application Activity
204.63.202.10	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
204.74.221.170	32	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=170,US)
204.87.86.50	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Immediate Inbound Network Block - TT# 20C00511 (IP=50,US)
204.93.159.42	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
204.93.168.136	32	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=136,US)
204.93.168.136	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=136,US)
204.93.169.34	24	RR	None	None	2020-06-26 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=34,US)
205.115.11.198	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168
205.115.2.198	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168
205.115.23.198	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168
205.134.243.82	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
205.134.249.177	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
205.134.255.48	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
205.144.171.141	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=141,KH)
205.144.171.18	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=18, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
205.144.171.185	32	RW	None	2020-05-14 00:00:00	2020-08-14 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=185,US)
205.144.171.195	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Web Application Activity
205.144.171.2	32	DT	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=2,US)
205.144.171.222	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=222,US)
205.144.171.227	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=227,US)
205.144.171.37	32	GM	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=37,US)
205.173.38.114	32	BMP	None	2020-02-13 00:00:00	2020-03-31 00:00:00	None	EXPLOIT-KIT Rig Exploit Kit redirection attempt - SourceFire (IP=114,US) | unblocked-this IP is for Duval County Property Appraiser office and is used for regulatory permit requests
205.177.180.161	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malware Activity
205.178.132.178	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
205.185.118.140	32	RW	None	2019-12-19 00:00:00	2020-03-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=140,US)
205.185.118.194	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
205.185.119.191	32	RW	None	2019-12-25 00:00:00	2020-03-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=191,US) | updated by RWB Block expiration extended with reason Misc Activity - INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=191,US)
205.185.125.164	32	RW	None	2020-07-25 00:00:00	2020-08-25 00:00:00	None	Unauthorized Access-Probe/ UDP: Host Sweep - TT# 20C03553 (IP=164,US)
205.185.126.6	32	DT	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03492 (IP=6,US)
205.186.152.122	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malware Activity
205.186.175.162	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malicious Email Activity
205.189.47.90	24	DT	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt - SourceFire (IP=90,CA)
205.205.150.19	32	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=19,US)
205.205.150.21	32	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=21,US)
205.205.150.222	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	Unauthorized Scanning (IP=222,US)
205.205.150.45	32	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=45,US)
205.205.150.46	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=46,US)
205.205.150.52	32	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_SourceFire (IP=52,US)
205.205.150.59	32	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=59,US)
205.207.122.142	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	CA TO-S-2019-0420 Malicious Email Activity
205.209.173.7	32	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=7,US)
205.220.176.254	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=254,US)
205.234.159.74	32	RR	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	HTTP: vBulletin 5.1.2 Unserialize Code Execution - TT# 20C01636 (IP=74,US)
205.234.159.74	32	RR	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	HTTP: vBulletin 5.1.2 Unserialize Code Execution - TT# 20C01636 (IP=74,US)
205.251.148.178	32	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	HTTP: SQL Injection - Exploit (IP=178,US)
205.251.148.186	32	RB	None	2019-01-20 00:00:00	2020-01-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=186,US) | updated by RW Block was inactive. Reactivated on 20191025 with reason POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6hr web attacks (IP=186,US)
205.251.148.58	32	DT	None	2020-08-08 00:00:00	2020-09-08 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C03670 (IP=58,US)
205.251.150.186	32	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt - Web Attacks (IP=186,US)
205.76.148.4	32	JKC	None	2020-06-12 00:00:00	2020-09-12 00:00:00	None	substandard VPN ENCRYYPTION IP CTO-20-162 (Ip=4,US)
205.85.3.49	32	jkc	None	2020-06-26 00:00:00	2020-07-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 INTEL recommended block IP (ip=32,US)
205.85.33.210	32	jkc	None	2020-06-26 00:00:00	2020-07-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 INTEL recommended block IP (ip=210,US)
206.108.51.195	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	US TO-S-2019-0800 Malicious Email Activity
206.123.153.0	24	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	LA TO-S-2020-0190 Malicious Email Activity
206.123.157.153	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=153,NE)
206.130.117.200	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malicious Email Activity
206.16.212.82	32	wmp	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	HIVE Case #3071 COLS-NA-TIP-20-0188 (IP=82,US)
206.161.216.174	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Reconnaissance Activity
206.167.33.12	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password_6 hr Failed Logons (IP=12,OM)
206.174.165.154	32	RWB	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Misc Activity - FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - sourcefire (IP=154,US)
206.180.128.75	32	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=75,US)
206.189.121.8	32	RR	None	2020-07-03 00:00:00	2020-10-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03363 (IP=8,US)
206.189.122.147	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	GB TO-S-2019-0551.02 Malicious Email Activity
206.189.125.163	24	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=163,GB)
206.189.128.61	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Unauthorized Access Probe - TT# 020420-00054 (IP=61,US)
206.189.129.107	32	RB	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	Unauthorized Access-Probe - TT# 20C02830 (IP=107,US)
206.189.129.38	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=38,IN)
206.189.131.214	24	CR	None	None	2020-02-12 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (IP=214,IN) | updated by GM with reason Invalid user - Failed Logons (IP=213,IN)
206.189.132.204	32	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	Illegal user - Web Attacks (IP=204,US)
206.189.133.29	24	KF	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=29,IN)
206.189.133.69	32	GM	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Unauthorized Access-Probe - TT# 020420-00047 (IP=69,US)
206.189.142.10	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password for invalid user - Failed Logon (IP=10,IN)
206.189.146.13	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=13,SG)
206.189.147.136	24	CR	None	2018-12-28 06:00:00	2020-04-18 00:00:00	None	Failed password for invalid user (IP=136,SG) | updated by RB with reason HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=154,SG) | 2020-02-15 | 2019-03-28 | updated by KF with reason Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C01
206.189.148.1	24	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	Illegal user_6 hr Failed Logons (IP=1 SG)
206.189.148.36	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	Unaffiliated TO-S-2019-0532 Malicious Email Activity
206.189.149.126	24	RR	None	2019-01-02 06:00:00	2020-03-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=126,SG) | updated by GM with reason Invalid user - Failed Logons (IP=116,SG)
206.189.149.9	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=9,SR)
206.189.152.77	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	SG TO-S-2019-1002 Malicious Email Activity
206.189.153.229	32	RR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - TT# 20C01788 (IP=229,US)
206.189.154.111	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C00115 (IP=111,SG)
206.189.155.21	24	YM	None	2018-05-26 05:00:00	2020-09-02 00:00:00	None	ET SCAN Suspicious inbound to PostgreSQL port 5432 (IP=21,SG) | updated by dbc with reason SG TO-S-2019-0952 Malicious Web Application Activity
206.189.156.237	32	RB	None	2018-05-04 05:00:00	2020-01-31 00:00:00	None	ET SCAN Potential SSH Scan (IP=237,US) | updated by RB with reason Failed password_6 hr Failed Logons (IP=237,SG) | 2020-01-31 | 2018-08-02
206.189.157.84	24	YM	None	2018-05-26 05:00:00	2020-02-11 00:00:00	None	ET SCAN Suspicious inbound to PostgreSQL port 5432 (IP=84,SG) | updated by GM with reason Invalid user - Failed Logons (IP=1,SG)
206.189.166.27	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
206.189.178.110	32	GM	None	2020-06-25 00:00:00	2020-08-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=110,US)
206.189.180.4	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=4,US)
206.189.187.113	32	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=113,US)
206.189.188.95	32	RB	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Invalid user_6 hr Failed Logons (IP=95 US)
206.189.19.57	32	RW	None	2020-02-03 00:00:00	2020-03-03 00:00:00	None	Known Attack Tool User Agent/BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C01590 (IP=57,US)
206.189.191.205	32	BMP	None	2020-05-01 00:00:00	2020-07-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=205,US)
206.189.191.73	32	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=73,US)
206.189.192.115	32	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	UDP: Host Sweep (IP=115,US)
206.189.197.229	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0610 Malicious Email Activity
206.189.207.127	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
206.189.213.92	32	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=92,US)
206.189.213.92	24	RR	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=92,US)
206.189.214.46	32	GM	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	SQL injection - Web Attacks (IP=46,US)
206.189.222.181	32	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=181,US)
206.189.25.182	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	GB TO-S-2019-0640.01 Malicious Email Activity
206.189.254.219	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
206.189.30.214	32	RR	None	2019-01-31 00:00:00	2020-01-16 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - TT# 19C01014 (IP=214,US) | updated by RR with reason Exploit.CVE-2019-11510 - CASE # 1043 (IP=214,GB)
206.189.35.243	32	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=243,US)
206.189.37.55	32	RR	None	2020-03-05 00:00:00	2020-06-03 00:00:00	None	Known Attack Tool User Agent/ HTTP: Masscan Scanner Traffic Detected - TT# 20C01990 (IP=55,US)
206.189.59.54	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	DE TO-S-2019-0358 Malicious Web Application Activity
206.189.68.148	24	ABC	None	2018-06-09 05:00:00	2020-02-22 00:00:00	None	Generic ArcSight scan attempt (IP=148,XX) | updated by dbc with reason US TO-S-2019-0431 Malicious Email Activity
206.189.72.217	32	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=217,US)
206.189.73.52	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
206.189.73.71	32	RB	None	2019-01-10 06:00:00	2020-02-01 00:00:00	None	Illegal user (IP=71,US) | updated by RB with reason Failed password_6 hr Failed Logons (IP=71,US) | 2020-02-01 | 2019-04-10
206.189.75.111	32	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - TT# 20C00495 (IP=111,US)
206.189.81.101	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password_Faield Logon (IP=1,SG)
206.189.86.127	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	SG TO-S-2019-0952 Malware Activity
206.189.93.99	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=99,SG)
206.189.98.125	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	NL TO-S-2019-1036 Malicious Email Activity
206.189.98.83	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=83,NL)
206.196.115.210	32	BMP	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - SourceFire (IP=210,US)
206.212.244.226	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
206.214.2.88	24	RWB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Illegal user - Failed Logon (IP=88,AG)
206.217.205.77	32	GM	None	2020-09-09 00:00:00	2020-12-08 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and CVE-2017-12617) - TT# 72414 (IP=77,US)
206.221.176.146	32	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=146,US)
206.221.184.133	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malware Activity
206.221.188.168	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	BG TO-S-2019-0608 Malware Activity
206.225.87.19	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
206.225.87.190	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
206.47.210.218	24	GM	None	2020-01-10 00:00:00	2020-04-10 00:00:00	None	Illegal user - Web Attacks (IP=218,CA)
206.54.165.154	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	NL TO-S-2019-1036 Malware Activity
206.72.197.69	32	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=69,US)
206.72.199.205	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
206.72.206.122	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
206.72.78.26	32	RW	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=26,US)
206.81.1.55	32	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=55,US)
206.81.11.216	24	RR	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Failed password - Failed Logons (IP=216,)
206.81.4.235	32	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=235,US)
206.81.5.13	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=13,US)
206.81.7.42	32	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password (IP=42,US)
206.81.8.14	32	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=206,US)
207.107.110.42	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02415 (IP=42,CA)
207.107.110.42	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=42,CA)
207.107.110.42	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=42,CA)
207.132.84.26	32	dbc	None	2019-10-11 00:00:00	2020-10-11 00:00:00	None	KR TO-S-2020-0027 Burnished Pyrite IOCs Malware Activity
207.133.14.5	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168
207.136.9.198	24	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=198,AT)
207.148.101.95	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	JP TO-S-2020-0056 Malware Activity
207.148.119.16	24	ABC	None	2018-06-02 05:00:00	2020-06-18 00:00:00	None	ET POLICY Suspicious inbound to PostgreSQL port 5432 (IP=16 CA) | updated by dbc with reason SG TO-S-2019-0734.01 Malicious Email Activity
207.148.122.85	24	MLJ	None	2018-03-09 06:00:00	2020-04-26 00:00:00	None	ET SCAN Potential SSH Scan (IP=85,CA) | updated by JKC with reason TIPPR19-0140 (IP=181, SG) | updated by dbc with reason S
207.148.124.67	24	CR	None	2019-02-20 00:00:00	2020-04-29 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=67,SG) | updated by dbc with reason SG TO-S-2019-0631 Malware Activity
207.148.24.125	32	GL	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	HIVE Case #3466 CTO-20-211 JFHQ-DODIN (IP=125,US)
207.148.28.21	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
207.148.74.191	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	CA TO-S-2019-0431 Malicious Web Application Activity
207.148.98.24	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	JP TO-S-2020-0056 Malware Activity
207.154.209.159	24	RB	None	2019-01-18 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user(IP=159,DE) | updated by RWB Block was inactive. Reactivated on 20191107 with reason Failed password - Web Attacks (IP=159,DE)
207.154.210.84	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=84,US)
207.154.211.36	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=36,DE)
207.154.215.66	32	ABC	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=66,US)
207.154.229.50	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=50,DE)
207.158.10.43	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
207.172.75.26	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (IP=26,US)
207.174.213.208	32	wmp	None	2020-07-07 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=208,US) | updated by wmp Block expiration extended with reason HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=208,US)
207.180.196.144	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=144,DE)
207.180.196.43	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DE TO-S-2020-0056 Malware Activity
207.180.198.106	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=106,DE)
207.180.200.146	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=146,DE)
207.180.201.51	24	RW	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - 6hr web attacks (IP=51,DE)
207.180.208.194	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=194,DE)
207.180.212.98	24	RW	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	UDP: Host Sweep (IP=98,DE)
207.180.215.114	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	DE TO-S-2019-0926 Malicious Email Activity
207.180.215.87	32	RB	None	2020-05-29 00:00:00	2020-08-27 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02988 (IP=87,DE)
207.180.223.205	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	DE TO-S-2019-0926 Malicious Email Activity
207.180.227.55	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	DE TO-S-2019-0926 Malicious Email Activity
207.180.231.227	24	RR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=227,DE)
207.180.236.85	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=85,DE)
207.180.248.42	32	KF	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=42,US)
207.180.253.184	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	DE TO-S-2019-0926 Malicious Email Activity
207.180.255.84	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SQL use of sleep function with and - likely SQL injection - SourceFire (IP=84,DE)
207.182.141.186	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
207.182.150.149	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
207.189.30.106	32	KF	None	2019-01-20 00:00:00	2020-04-22 00:00:00	None	Signature: 8316: HTTP: Cross Site Scripting (String.fromCharCode) (IP=106,US) | updated by dbc with reason US TO-S-2019-0617 M
207.189.30.164	32	GM	None	2019-04-15 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (IP=164,US) | updated by dbc with reason US TO
207.189.31.110	24	CR	None	2019-04-08 00:00:00	2020-09-19 00:00:00	None	SQL use of sleep function with select - likely SQL injection (IP=110,CA) | updated by wmp with reason M-NSM possible sql inj | updated by dbc with reason CA TO-S-2019-1002 Malware Activity
207.211.30.237	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malware Activity
207.232.0.0	18	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
207.236.200.70	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user - Failed Logons (IP=70,CA)
207.241.228.156	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
207.243.62.162	32	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=162,US)
207.244.106.50	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=50,NL)
207.244.109.181	32	BP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - SourceFire (IP=181,US)
207.244.154.116	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0781 Malicious Email Activity
207.244.83.131	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malware Activity
207.244.84.211	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Web Application Activity
207.246.240.116	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=116,US)
207.246.64.231	32	GM	None	2020-03-08 00:00:00	2020-06-08 00:00:00	None	HTTP: Cisco Collaboration Server Vulnerability - TT# 20C02067 (IP=231,US)
207.254.213.224	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=224,US)
207.38.89.99	32	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=99,US)
207.38.90.10	32	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=10,US)
207.38.90.9	32	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=9,US)
207.46.13.10	24	RW	None	2020-03-03 00:00:00	2020-06-03 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Sourcefire (IP=10,US)
207.46.151.8	32	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Illegal user_Failed Logon (IP=8,US)
207.58.179.245	32	BMP	None	2020-07-23 00:00:00	2020-10-21 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=245,US)
207.7.83.12	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malware Activity
207.96.70.164	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=164,UA)
207.99.117.59	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
207.99.117.60	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
207.99.117.61	32	dbc	None	2019-08-27 00:00:00	2020-12-14 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity | updated by wmp Block expiration extended with reason HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=61,US) | updated by wmp Block expiration extended with reason HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=61,US) | u
208.100.26.230	32	GLM	None	2017-01-11 06:00:00	2020-01-15 00:00:00	None	SERVER-APACHE Apache mod_ssl non-SSL connection to SSL port denial of service attempt (IP=230,US) | updated by RB with reason | updated by CR with reason OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt _Sourcefire (IP=2
208.103.169.97	32	CR	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	Unauthorized Access-Probe - TT# 20C03855 (IP=97,US)
208.104.55.241	32	KF	None	2020-06-27 00:00:00	2020-09-25 00:00:00	None	HTTP: ColdFusion sourcewindow File Disclosure - Web Attacks (IP=241,US)
208.109.12.211	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=211,US)
208.109.207.139	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
208.110.86.130	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
208.111.178.129	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malicious Email Activity
208.112.93.33	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	HTTP: China Chopper ASP Webshell Payload Only Detection - TT# 20C02798 (IP=33,US)
208.113.162.49	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
208.113.163.153	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
208.113.163.231	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
208.113.169.177	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
208.113.184.154	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0734.01 Malicious Email Activity
208.113.186.111	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
208.113.192.207	32	RW	None	2020-04-30 00:00:00	2020-08-28 00:00:00	None	Server-Webapp Citrix ADC and Gateway arbitrary attempt - Sourcefire (IP=207,US) | updated by RR Block expiration extended with reason Exploit.CVE-2019-11510 - Case #2703 (IP=207.US)
208.113.204.109	32	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP Dell KACE K1000 command injection attempt - Web Attacks (IP=109,US)
208.113.204.14	32	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP Dell KACE K1000 command injection attempt - Web Attacks (IP=14,US)
208.113.204.147	32	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP Dell KACE K1000 command injection attempt - Web Attacks (IP=147,US)
208.113.216.165	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malicious Email Activity
208.113.221.246	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0734.01 Malicious Email Activity
208.113.222.55	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=55,US)
208.117.46.143	32	BMP	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr Web Attacks (IP=143,US)
208.117.46.143	24	BMP	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=1433,GB)
208.118.63.34	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	US TO-S-2019-0926 Malicious Email Activity
208.118.63.70	32	KF	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=70,US)
208.122.239.92	32	20200120	None	None	2020-02-09 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - WebAttacks (IP=92,US) | updated by RWB Block was inactive. Reactivated on 20191022 with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - WebAttacks (IP=9
208.123.119.161	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Web Application Activity
208.126.134.143	32	RW	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6hr Web Attack (IP=143,US)
208.14.28.121	32	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Possible SQLi attempt/HTTP: Blind SQL Injection - Timing - TT# 20C00794 (IP=121,US)
208.168.242.219	32	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=219,US)
208.43.30.58	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0734.01 Malicious Email Activity
208.48.167.214	32	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=214,US)
208.48.252.70	32	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=70,US)
208.66.20.24	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malicious Email Activity
208.70.128.178	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=178,US)
208.70.245.55	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=55,CA)
208.73.205.169	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=169,US)
208.75.123.184	32	wmp	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	HIVE Case #3755 COLS-NA-TIP-20-0278 (IP=184,US)
208.75.123.233	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=233,US)
208.76.1.111	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
208.79.237.250	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
208.80.151.79	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Web Application Activity
208.80.194.42	24	RR	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat - Web Attack (IP=42,US)
208.80.208.100	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=100,US) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=100,US)
208.88.173.42	32	RW	None	2020-04-07 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=42,US)
208.88.6.30	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	CA TO-S-2019-0577 Malicious Email Activity
208.88.72.111	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
208.91.112.55	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	CA TO-S-2020-0065 Command and Control Exploit
208.91.196.175	24	RR	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	Compromised Websites (IP=175,CN)
208.91.196.175	24	RR	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	Compromised Website (IP=175,CN)
208.91.196.94	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=94,VG)
208.91.197.0	24	GLM	None	2016-10-21 05:00:00	2020-01-24 00:00:00	None	MALWARE-CNC Win.Trojan.InstantAccess variant outbound connection (IP=13,VG) | updated by jky with reason US TO-S-2017-0808 Ma
208.91.199.121	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=121,US)
208.97.136.124	32	RB	None	2020-02-27 00:00:00	2020-05-27 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C01839 (IP=124,US)
208.97.139.102	32	KF	None	2019-12-11 00:00:00	2020-03-10 00:00:00	None	SERVER-WEBAPP Dell KACE K1000 command injection attempt (IP=102,US)
208.97.139.112	32	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt - Web Attacks (IP=147,US)
208.97.139.113	32	KF	None	2019-12-11 00:00:00	2020-03-10 00:00:00	None	SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (IP=113,US)
208.97.139.121	32	KF	None	2019-12-11 00:00:00	2020-03-10 00:00:00	None	SERVER-WEBAPP ACTi ASOC command injection attempt (IP=121,US)
208.97.139.167	32	RR	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C01723 (IP=167,US)
208.97.140.134	32	wmp	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	HIVE Case #3755 COLS-NA-TIP-20-0278 (IP=134,US)
208.97.149.113	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
209.104.134.69	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
209.107.214.56	32	RB	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	Unauthorized Access-Probe - TT# 20C01827 (IP=56,US)
209.107.214.57	32	CR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	Unauthorized Access-Probe - TT# 20C01822 (IP=57,US)
209.12.110.71	32	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent - TT# 20C00040 (IP=71,US)
209.124.70.197	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=197,US)
209.124.75.167	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0747 Malicious Email Activity
209.124.75.7	32	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=7,US)
209.126.106.240	32	wmp	None	2020-09-14 00:00:00	2020-12-13 00:00:00	None	HIVE Case #3853 COLS-NA-TIP-20-0291 (IP=240,US)
209.126.106.240	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=240,US)
209.126.119.31	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
209.126.235.22	32	RR	None	2020-04-29 00:00:00	2020-07-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=22,US)
209.126.64.130	32	wmp	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	HIVE Case #3996 Palo Alto phpStudy Webshell Access Detection (IP=130,US)
209.132.252.14	32	RW	None	2020-05-12 00:00:00	2020-08-12 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=14,US)
209.132.252.21	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
209.141.36.236	32	RB	None	2020-07-31 00:00:00	2020-10-29 00:00:00	None	Unauthorized Access-Probe - TT# 20C03592 (IP=236,US)
209.141.37.101	32	DT	None	2020-07-05 00:00:00	2020-10-03 00:00:00	None	DLINK Command Injection - New Exploit URL (IP=101,US)
209.141.38.41	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	US TO-S-2020-0187 Malicious Email Activity
209.141.38.71	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
209.141.40.181	32	RW	None	2019-12-17 00:00:00	2020-03-17 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=181,US)
209.141.40.182	32	DT	None	2020-10-02 00:00:00	2020-01-02 00:00:00	None	Unauthorized Access-Probe // UDP: Host Sweep - TT# 21C00005 (IP=182,US)
209.141.43.185	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
209.141.48.68	32	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=68,US) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
209.141.50.157	24	FT	None	2020-08-25 00:00:00	2020-11-25 00:00:00	None	Unauthorized Access-Probe - TT# 20C03772 (IP=157,US)
209.141.53.185	32	RB	None	2019-01-23 00:00:00	2020-09-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=185,US) | updated by dbc with reason US TO-S-2019-0972 Malware Activity
209.141.7.138	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - Sourcefire (IP=138,PH)
209.146.25.190	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=190,PH)
209.15.36.30	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Web Application Activity
209.15.36.31	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Web Application Activity
209.15.36.32	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Web Application Activity
209.15.36.33	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Web Application Activity
209.15.36.34	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Web Application Activity
209.15.36.35	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Web Application Activity
209.15.36.36	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Web Application Activity
209.15.36.37	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Web Application Activity
209.151.194.146	32	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Possible SQLi attempt/HTTP: Blind SQL Injection - Timing - TT# 20C00797 (IP=146,US)
209.159.154.190	32	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=190,US)
209.160.107.95	32	KF	None	2020-03-30 00:00:00	2020-06-29 00:00:00	None	SERVER-WEBAPP Wordpress Creative Contact Form arbitrary PHP file upload attempt - Web Attacks (IP=95,US) | updated by RR Block expiration extended with reason 17031 HTTP GetSimple CMS File Upload - TT# 20C02252 (IP=95,US)
209.160.29.11	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
209.17.115.110	32	EDBT	None	2016-11-05 05:00:00	2020-02-22 00:00:00	None	BROWSER-IE Microsoft Internet Explorer CSS memory corruption attempt (1:18175) (IP=110 ,US) | updated by dbc with reason US T
209.17.115.111	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malware Activity
209.17.115.112	32	SYM	None	2016-08-01 05:00:00	2020-02-22 00:00:00	None	BROWSER-IE Microsoft Internet Explorer CSS memory corruption attempt (1:18175) (ip=112, US) | updated by dbc with reason US T
209.17.115.115	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malware Activity
209.17.115.117	32	GLM	None	2016-11-15 06:00:00	2020-02-22 00:00:00	None	SERVER-OTHER Symantec MIME parser updateheader heap buffer overflow attempt (IP=117,US) | updated by dbc with reason US TO-S-
209.17.115.42	32	GLM	None	2016-11-25 06:00:00	2020-02-22 00:00:00	None	SERVER-OTHER Symantec MIME parser updateheader heap buffer overflow attempt (IP=42,US) | updated by dbc with reason US TO-S-2
209.17.115.43	32	GLM	None	2016-11-25 06:00:00	2020-02-22 00:00:00	None	SERVER-OTHER Symantec MIME parser updateheader heap buffer overflow attempt (IP=43,US) | updated by dbc with reason US TO-S-2
209.17.115.44	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
209.17.115.47	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malware Activity
209.17.115.48	32	RR	None	2016-11-29 06:00:00	2020-02-22 00:00:00	None	BROWSER-IE Microsoft Internet Explorer CSS memory corruption attempt (1:18175) (IP=48,US) | updated by dbc with reason US TO-
209.17.115.52	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malware Activity
209.17.115.53	32	GLM	None	2016-11-15 06:00:00	2020-02-22 00:00:00	None	SERVER-OTHER Symantec MIME parser updateheader heap buffer overflow attempt (IP=53,US) | updated by dbc with reason US TO-S-2
209.17.116.7	32	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	OS-WINDOWS Microsoft Windows GDI WMF out of bounds read attempt - Sourcefire (IP=7,US)
209.170.131.139	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
209.170.211.179	32	dbc	None	2019-09-10 00:00:00	2020-11-23 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity | updated by wmp Block expiration extended with reason HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=179,US)
209.172.32.68	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=68,CA)
209.18.90.60	32	RR	None	2018-06-19 05:00:00	2020-06-12 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=60,US) | updated by KF Block was inactive. Reactivated on 20200202 with reason HTTP: SQL Injection - Exploit II (IP=60,US) | updated by RW Block expiration extended with reason HTTP: SQL Injection - Exploit II -
209.181.144.226	32	RW	None	2020-02-06 00:00:00	2020-03-06 00:00:00	None	IP block request / Possible brute force attempts - TT# 20C01627(IP=226,US)
209.182.196.251	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
209.182.197.179	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
209.182.201.152	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
209.182.211.84	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
209.182.212.50	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
209.182.217.224	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
209.188.7.136	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
209.197.3.15	32	RR	None	2019-08-03 00:00:00	2020-08-20 00:00:00	None	Self-Report / Hosts Attempting Communication with Known Malicious Destinations - TT# 19C02710 (IP=15,US) | dbc Reactivated on 20191105 US TO-S-2020-0088 Malicious Web Application Activity | unblock TO 0412.01 | used by earthexplorer.usgs.gov
209.205.214.18	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0781 Malicious Email Activity
209.205.217.210	32	RR	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Failed password - Failed Logons (IP=210,US)
209.212.195.244	24	RW	None	2020-01-18 00:00:00	2020-04-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=244,MV) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=244,MV)
209.217.245.186	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
209.222.101.251	32	DT	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=251,US)
209.222.98.195	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
209.222.99.106	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
209.226.71.196	24	RR	None	2020-09-12 00:00:00	2020-12-11 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=196,CA)
209.226.72.132	24	DT	None	2020-09-05 00:00:00	2020-12-05 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=132,CA)
209.235.23.125	24	RR	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Failed password - Failed Logons (IP=125,)
209.235.67.48	32	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	Invalid user - Failed Logons (IP=48,US)
209.236.71.57	32	wmp	None	2020-06-23 00:00:00	2020-09-23 00:00:00	None	HIVE Case #3072 COLS-NA-TIP-20-0190 (IP=57,US)
209.239.122.52	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
209.250.225.247	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	GB TO-S-2020-0056 Malware Activity
209.250.227.40	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	GB TO-S-2019-1036 Malicious Web Application Activity
209.250.228.107	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	GB TO-S-2020-0190 Malware Activity
209.250.229.9	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=9,GB)
209.250.232.153	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	DE TO-S-2019-0508 Malware Activity
209.250.233.247	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DE TO-S-2020-0056 Malware Activity
209.250.236.161	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
209.250.238.107	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	DE TO-S-2020-0190 Malware Activity
209.250.243.71	32	wmp	None	2020-08-17 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3600 CTO-20-225 (IP=71,NL)
209.250.244.210	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	NL TO-S-2019-0816 Malicious Email Activity
209.250.247.32	32	wmp	None	2020-08-17 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3600 CTO-20-225 (IP=32,NL)
209.250.250.70	24	ABC	None	2018-02-01 06:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=70,XX) | updated by kmw with reason NL TO-S-2019-0382 Malicious Web Application Activity
209.250.254.234	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	NL TO-S-2019-0430 Malicious Web Application Activity
209.42.195.172	24	RWB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	Web Application Attack - SQL HTTP URI blind injection attempt - SourceFire (IP=172,GB)
209.43.40.115	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
209.44.114.202	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	CA TO-S-2019-0640.01 Malicious Email Activity
209.45.0.0	17	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	PE TO-S-2019-0734.01 Malicious Email Activity
209.45.69.83	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=83,PE)
209.53.113.223	24	GLM	None	2017-07-24 05:00:00	2020-07-06 00:00:00	None	APP-DETECT Absolute Software Computrace outbound connection - search.namequery.com (IP=223,CA) | updated by KF Block was inactive. Reactivated on 20200102 with reason APP-DETECT Absolute Software Computrace outbound connection - search.namequery.com (1:
209.54.52.59	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
209.58.129.97	32	RR	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C01508 (IP=97,US)
209.58.129.99	24	RR	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=99,US)
209.58.165.102	32	dbc	None	2019-09-30 00:00:00	2020-12-22 00:00:00	None	SG TO-S-2019-1036 Malicious Email Activity | updated by wmp Block expiration extended with reason HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=102,SG)
209.58.167.181	32	GM	None	2020-07-11 00:00:00	2020-10-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03429 (IP=181,SG)
209.59.137.4	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
209.59.164.209	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
209.59.173.219	32	wmp	None	2020-09-03 00:00:00	2020-12-10 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=219,US) | updated by wmp Block expiration extended with reason HIVE Case #3845 COLS-NA-TIP-20-0289 (IP=219,US)
209.59.96.49	32	RB	None	2020-01-07 00:00:00	2020-04-06 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution- TT# 20C01375 (IP=49,AG)
209.6.201.185	32	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	SQL union select - possible sql injection attempt - POST parameter - Web Attacks (IP=185,US)
209.73.178.148	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malware Activity
209.80.12.167	32	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=167,US)
209.85.145.121	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=121,US)
209.85.160.196	32	wmp	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	HIVE Case #3555 COLS-NA-TIP-20-0254 (IP=196,US)
209.85.166.170	32	wmp	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3493 COLS-NA-TIP-20-0250 (IP=170,US)
209.85.166.197	32	wmp	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HIVE Case #3479 COLS-NA-TIP-20-0246 (IP=197,US)
209.85.166.198	32	wmp	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HIVE Case #3479 COLS-NA-TIP-20-0246 (IP=198,US)
209.85.166.199	32	wmp	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HIVE Case #3479 COLS-NA-TIP-20-0246 (IP=199,US)
209.85.166.200	32	wmp	None	2020-08-18 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3613 TO-S-2020-0741 COLS-NA-TIP-20-0263 (IP=200,US)
209.85.166.69	32	wmp	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HIVE Case #3479 COLS-NA-TIP-20-0246 (IP=69,US)
209.85.166.71	32	wmp	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HIVE Case #3479 COLS-NA-TIP-20-0246 (IP=71,US)
209.85.166.72	32	wmp	None	2020-08-18 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3613 TO-S-2020-0741 COLS-NA-TIP-20-0263 (IP=72,US)
209.85.210.66	32	wmp	None	2020-09-11 00:00:00	2020-12-10 00:00:00	None	HIVE Case #3840 COLS-NA-TIP-20-0287 (IP=66,US)
209.85.219.65	32	wmp	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	HIVE Case #3555 COLS-NA-TIP-20-0254 (IP=65,US)
209.85.219.66	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=66,US)
209.86.89.64	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=64,US)
209.88.89.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	ZW TO-S-2019-0626.01 Malware Activity
209.90.179.217	24	RR	None	2020-07-14 00:00:00	2020-10-12 00:00:00	None	CERT/CC VU#257161:CVE-2020-CVE-2020-11910 anomalous ICMPv4 type 3,code 4 Path MTU Discovery - SourceFire (IP=217,CA)
209.94.195.212	24	KF	None	2019-10-28 00:00:00	2020-01-27 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=212,TT) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=212,TT)
209.97.144.19	32	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	Illegal user - Failed Logons (IP=19,US)
209.97.150.150	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=150,US)
209.97.164.9	32	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user - Failed Logons (IP=9,US)
209.97.167.24	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	SG TO-S-2020-0190 Malicious Email Activity
209.97.168.44	32	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	Apache Struts ConversionErrorInterceptor OGNL Script - TT# 20C01444 (IP=44,US)
209.97.168.44	24	RW	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Sourcefire (IP=44,SG)
209.97.170.21	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	SG TO-S-2019-0551.02 Malicious Email Activity
209.97.173.1	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=1,SG)
209.97.179.187	32	RW	None	2020-04-29 00:00:00	2020-07-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=187,US)
209.97.180.161	24	CW	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt_SourceFire (IP=61,UK)
209.97.183.1	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	GB TO-S-2019-0613 Malware Activity
209.97.190.223	32	GM	None	2020-03-05 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent - TT# 20C01979 (IP=223,US)
209.97.191.8	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=8,UK)
209.99.16.227	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
209.99.201.56	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
209.99.64.25	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malware Activity
21.204.171.167	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=167,CN)
210.1.58.192	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	TH TO-S-2019-0631 Malicious Email Activity
210.1.60.44	24	FT	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=44,TH)
210.109.99.64	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	KR TO-S-2019-0734.01 Malicious Email Activity
210.112.125.30	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt (1:26850:5) -SoureFire (IP=30,KR)
210.112.41.71	24	GM	None	2020-06-10 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=71,KR)
210.115.229.74	24	BMP	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=74,KR)
210.118.98.177	24	RR	None	2019-06-12 00:00:00	2020-01-23 00:00:00	None	BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt - SourceFire (IP=177,KR) | updated by RW Block was inactive. Reactivated on 20191023 with reason BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt -
210.12.116.124	24	KF	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=124,CN)
210.12.192.0	21	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	CN TO-S-2019-0400 Malware Activity
210.120.63.89	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=89,KR)
210.126.1.36	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=36,KR)
210.128.159.81	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	JP TO-S-2019-0658 Malware Activity
210.13.110.61	24	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=61,CN)
210.131.4.99	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=99,JP)
210.16.102.0	24	jky	None	2017-08-24 05:00:00	2020-11-30 00:00:00	None	IN TO-S-2017-1436 Spear phish UK finance org | updated by dbc with reason IN TO-S-2019-0351 Malicious Email Activity | updat | updated by wmp Block was inactive. Reactivated on 20200901 with reason HIVE Case #3708 TO-S-2020-0766 (IP=0,IN)
210.16.180.238	24	RR	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - SourceFire (IP=238,CN)
210.16.189.203	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password (IP=203,CN)
210.16.189.203	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password (IP=203,CN)
210.172.144.242	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	JP TO-S-2019-0864 Malware Activity
210.177.54.141	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=141,HK)
210.18.140.109	24	RR	None	2019-08-29 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP Hikvision IP camera admin authentication attempt - Web Attacks (IP=109,IN) | updated by dbc with reason IN TO-S-2019-0952 Malware Activity
210.18.156.75	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Failed password_Failed Logon (IP=75,IN)
210.183.236.155	24	RR	None	2017-11-24 06:00:00	2020-01-15 00:00:00	None	Illegal user (IP=155,KR) | updated by RR with reason Illegal user (IP=30,KR) | updated by GM with reason Illegal user - Failed Logons (IP=30,KR)
210.185.111.42	24	CW	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	Illegal user_Failed Logon (IP=42,AU)
210.186.122.132	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Web Application Attack - SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - sourcefire (IP=,MY)
210.186.153.149	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Attempted User Privilege Gain - SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - sourcefire (IP=,MY)
210.186.154.100	24	RR	None	2020-06-26 00:00:00	2020-09-24 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - Web Attacks (IP=100,MY)
210.186.224.192	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt_SourceFire (IP=92,MY)
210.186.62.124	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=124,MY)
210.187.155.106	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=106,MY)
210.187.168.151	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=151,MY)
210.188.201.38	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	JP TO-S-2019-0608 Malicious Email Activity
210.188.201.65	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	JP TO-S-2019-0468 Malware Activity
210.19.250.197	32	RR	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03755 (IP=197,MY)
210.193.49.183	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=183,SG)
210.2.91.62	24	RW	None	2020-05-07 00:00:00	2020-08-07 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=62,VN)
210.209.123.152	32	RW	None	2020-02-05 00:00:00	2020-08-16 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20EX002 (IP=152,HK) | updated by BMP Block was inactive. Reactivated on 20200516 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability(CVE-2019-16759) - TT# 20C02803
210.209.123.152	32	RB	None	2019-11-17 00:00:00	2020-08-16 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20EX002 (IP=152,HK) | updated by BMP Block was inactive. Reactivated on 20200516 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability(CVE-2019-16759) - TT# 20C02803
210.211.108.68	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=68,VN)
210.211.108.68	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=68,VN)
210.211.116.204	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=204,VN)
210.211.118.225	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=225,VN)
210.212.194.6	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=6,IN)
210.212.205.44	24	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=44 IN)
210.212.237.67	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=67,IN)
210.217.24.254	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password for invalid user - Failed Logons (IP=254,KR)
210.219.173.124	24	BLP	None	2016-10-12 05:00:00	2020-02-21 00:00:00	None	FTP login attempt (IP=124,KR) | updated by dbc with reason KR TO-S-2019-0420 Malicious Email Activity | updated by dbc w
210.22.100.102	24	RB	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	Timeout before authentication for_6 hr Failed Logons (IP=102,CN)
210.22.123.122	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	Illegal user - Failed Logons (IP=122,CN)
210.224.185.28	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	JP TO-S-2019-0400 Malicious Email Activity
210.242.67.1	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=1,TW)
210.28.0.0	14	jky	None	2017-08-17 05:00:00	2020-01-16 00:00:00	None	CN TO-S-2017-1441 DDOS activity | updated by RR with reason HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=141,CN)
210.4.155.57	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=57,TH)
210.5.47.84	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	MY TO-S-2019-0723 Malicious Web Application Activity
210.51.161.210	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=210,CN)
210.56.100.124	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=124,CN)
210.56.28.219	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password for invalid user - Failed Logons (IP=219,PK)
210.59.128.0	17	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	TW TO-S-2019-0864 Malware Activity
210.61.153.181	24	RW	None	2020-04-07 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=181,TW)
210.65.138.65	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Invalid user -Failed Logons (IP=65,TW)
210.66.204.54	24	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=54,TW)
210.74.11.97	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=97,CN)
210.74.131.196	24	CR	None	2019-12-21 00:00:00	2020-03-21 00:00:00	None	HTTP: SQL Injection Attempt Detected_6 hr Web Attack (IP=196,CN)
210.74.131.196	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Attempted User Privilege Gain - SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Failed Logon (IP=,CN)
210.82.0.0	15	jky	None	2017-09-01 05:00:00	2020-01-28 00:00:00	None	CN TO-S-2017-1473 Potential Intrusion set | updated by dcg with reason CN TO-S-2018-0819 associated with malware malicious act | updated by RW with reason - 6hr Failed Logon (IP=225,CN)
210.87.255.235	24	RR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=235,HK)
210.97.13.131	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=131,KR)
211.103.196.36	24	RW	None	2020-01-07 00:00:00	2020-04-09 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=36,CN) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=36,CN)
211.103.210.194	32	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01744 (IP=194,CN)
211.104.160.231	24	sjl	None	2016-03-23 05:00:00	2020-04-08 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=231 KR) | updated by jky with reason KR TO-S-2017-1364 Phishing activity
211.104.171.220	24	CR	None	2017-11-13 06:00:00	2020-03-08 00:00:00	None	Illegal user (IP=220,KR) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=239,KR)
211.107.37.174	4	GM	None	2018-04-14 05:00:00	2020-04-19 00:00:00	None	Illegal user (IP=174,KR) | updated by CR with reason Authentication Failed_6 hr Failed Logon (IP=236,KR) | updated by KF with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=83,KR)
211.110.140.0	24	ged	None	2016-10-22 05:00:00	2020-01-14 00:00:00	None	Illegal user (IP=164 ,KR) | updated by RR with reason Illegal user (IP=241,KR) | updated by RR with reason Illegal user - Web Attacks (IP=200,KR)
211.110.184.22	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Illegal user - 6hr Logon (IP=22,KR)
211.114.176.34	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=34,KR)
211.115.73.58	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	KR TO-S-2019-0631 Malicious Email Activity
211.117.60.23	24	BMP	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	Illegal user - 6hr Logons (IP=23,KR)
211.13.137.67	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	JP TO-S-2019-0769 Malicious Email Activity
211.13.204.67	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	JP TO-S-2020-0109.01 Malicious Email Activity
211.13.204.68	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	JP TO-S-2020-0109.01 Malicious Email Activity
211.13.204.71	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	JP TO-S-2020-0109.01 Malicious Email Activity
211.136.105.4	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Illegal user - 6hr Logons (IP=4,CN)
211.137.225.142	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=142,CN)
211.137.225.150	24	KF	None	2019-12-11 00:00:00	2020-03-10 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=150,CN)
211.138.181.202	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=202,CN)
211.140.196.48	24	RB	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=48,CN)
211.141.124.24	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=24,CN)
211.144.12.75	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=75,CN)
211.144.122.42	24	GLM	None	2018-12-20 06:00:00	2020-02-02 00:00:00	None	Illegal user (IP=42,CN) | updated by RWB Block was inactive. Reactivated on 20191104 with reason Invalid user - Failed Logon (IP=42,CN)
211.149.131.144	24	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SQL HTTP URI blind injection attempt- 6 hr Web Attacks (IP=144,CN)
211.149.199.122	24	MLJ	None	2017-05-03 05:00:00	2020-01-15 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=122,CN) | updated by CR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=81,CN)
211.149.204.68	24	DT	None	2020-04-29 00:00:00	2020-07-28 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=68,CN)
211.149.205.229	24	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SQL HTTP URI blind injection attempt- 6 hr Web Attacks (IP=2229,CN)
211.149.208.131	24	YM	None	2018-05-15 05:00:00	2020-01-14 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=131,CN) | updated by CR with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_Web Attack (IP=180,CN)
211.149.214.188	24	RR	None	None	2020-06-27 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=188,CN)
211.152.47.130	24	RB	None	2020-08-01 00:00:00	2020-10-30 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Sourcefire (IP=130,CN)
211.152.62.14	24	RR	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Failed password - Failed Logons (IP=14,)
211.159.149.29	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password_6 hr Failed Logons (IP=29 CN)
211.159.157.75	24	RR	None	2019-01-22 00:00:00	2020-01-09 00:00:00	None	Illegal user (IP=75,CN) | updated by RB with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_Sourcefire (IP=252,CN) | 2020-01-09 | 2019-04-22
211.159.159.238	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=238,CN)
211.159.161.91	24	RW	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=91,CN)
211.159.164.24	24	RR	None	2017-10-11 05:00:00	2020-02-01 00:00:00	None	ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack (IP=24,CN) | updated by RB with reason MALWARE-BACKDOOR | updated by RB with reason Failed password_6 hr Failed Logons (IP=44,CN) | 2020-02-01 | 2019-03-06
211.159.169.118	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=118,CN)
211.159.177.120	24	CR	None	2019-03-11 00:00:00	2020-02-27 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=120,CN) | updated by RW Block was inactive. Reactivated on 20191127 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire
211.159.184.39	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=39,CN)
211.159.186.241	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=41,CN)
211.159.218.11	24	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=11,CN)
211.169.249.214	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=214,KR)
211.192.5.232	32	GM	None	2020-09-22 00:00:00	2020-12-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=232,KR)
211.193.13.111	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=111,KR)
211.193.58.173	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=173,KR)
211.195.117.212	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password - Failed Logons (IP=212,KR)
211.198.178.96	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	APP-DETECT failed FTP login attempt - Web Attacks (IP=96,KR)
211.198.237.152	24	CR	None	2017-10-26 05:00:00	2020-02-15 00:00:00	None	TELNET: Password Brute Force (IP=152,KR) | updated by RB with reason SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Sourcefire (IP=152,KR) | 2020-02-15 | 2018-01-24
211.20.114.113	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection_Web attacks (IP=13,TW)
211.20.181.186	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=186,TW)
211.201.66.174	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Illegal user - Failed Logons (IP=174,KR)
211.203.77.250	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - 6hr Web Attacks (IP=250,KR)
211.206.189.69	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=69,KR)
211.209.232.88	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	KR TO-S-2019-0351 Malware Activity
211.21.226.123	24	DT	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=123,TW)
211.21.226.125	32	RR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01812 (IP=125,TW)
211.214.19.125	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=125,KR)
211.219.80.99	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Failed password - Failed Logons (IP=99,KR)
211.22.154.223	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Failed password for invalid user -Failed Logons (IP=223,TW)
211.223.198.220	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02805 (IP=220,KR)
211.223.9.42	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=42,KR)
211.224.128.182	24	CR	None	2020-04-04 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=182,KR)
211.224.128.182	24	BMP	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=182,KR)
211.226.235.45	24	CW	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=45,KR)
211.23.120.113	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=113,TW)
211.23.125.95	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=95,TW)
211.230.8.51	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=51,KR)
211.230.82.97	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=97,KR)
211.232.155.21	32	BMP	None	2019-12-23 00:00:00	2020-01-23 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01212 (IP=21,KR)
211.232.39.8	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=8,KR)
211.234.2.11	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=11,KR)
211.238.138.35	24	RB	None	2019-03-30 00:00:00	2020-04-26 00:00:00	None	Illegal user (IP=35 KR) | updated by dbc with reason KR TO-S-2019-0626.01 Malware Activity
211.238.147.196	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	KR TO-S-2019-0571 Malicious Email Activity
211.248.17.209	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	KR TO-S-2019-0508 Malware Activity
211.25.57.84	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=84,MY)
211.251.237.142	24	MLJ	None	2018-01-15 06:00:00	2020-01-21 00:00:00	None	ET SCAN Potential SSH Scan (IP=142,KR) | updated by GM with reason Illegal user - Failed Logons (IP=70,KR)
211.252.84.73	24	CR	None	2018-05-10 05:00:00	2020-02-01 00:00:00	None	ET SCAN LibSSH Based Frequent SSH | updated by RB with reason Failed password_6 hr Failed Logons (IP=191,KR) | 2020-02-01 | 2018-08-08
211.254.213.18	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
211.254.221.70	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Illegal user - 6hr Logons (IP=70,KR)
211.26.123.219	24	RR	None	2020-01-17 00:00:00	2020-04-29 00:00:00	None	Authentication Failed - Failed Logons (IP=219,AU) | updated by GM Block expiration extended with reason Authentication Failed - Failed Logons (IP=219,AU)
211.26.187.128	24	RR	None	2018-12-20 06:00:00	2020-02-27 00:00:00	None	Failed password for invalid user (IP=128,AU) | updated by RB with reason Invalid user_6 hr Failed Logons (IP=128,AU) | 2020-02-27 | 2019-03-20
211.31.79.135	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=135,AU)
211.33.130.21	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	KR TO-S-2019-0400 Malicious Email Activity
211.43.203.47	24	jky	None	2016-12-28 06:00:00	2020-04-04 00:00:00	None	KR TO-S-2017-0370 Fireeye detected malicious attachment | updated by dbc with reason KR TO-S-2019-0571 Malicious Email Activit
211.43.220.150	24	CR	None	2020-05-25 00:00:00	2020-08-25 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=150,KR)
211.48.68.90	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=90,KR)
211.51.169.226	24	KF	None	2020-06-11 00:00:00	2020-09-09 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=226,CN)
211.52.130.188	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt_Sourcefire (IP=188,KR)
211.63.71.72	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	KR TO-S-2019-1036 Malicious Email Activity
211.72.104.19	24	GM	None	2020-03-23 00:00:00	2020-06-23 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=19,TW)
211.75.246.171	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - 6hr Web Attacks (IP=171,TW)
212.1.208.114	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
212.101.173.47	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	SI TO-S-2019-0631 Malware Activity
212.102.49.251	32	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	Known Attack Tool User Agent V2/UDS-OpenVAS_RC8766 - TT# 20C03892 (IP=251,ES)
212.103.61.50	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malicious Email Activity
212.103.61.51	32	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Failed password_Failed Logon (IP=51,US)
212.107.224.0	19	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	RU TO-S-2019-0409 Malicious Email Activity
212.109.160.198	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	Authentication Failed - Failed Logons (IP=198,BR)
212.111.96.62	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=62,ES)
212.112.108.98	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=98,KG)
212.112.98.146	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user_Faield Logon (IP=46,KG)
212.113.132.65	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	GB TO-S-2019-0382 Malicious Email Activity
212.119.170.230	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=230,RU)
212.119.46.99	24	jkc	None	2020-07-01 00:00:00	2020-10-01 00:00:00	None	HIVE Case #3146 CTO-20-172 (IP=99,RU)
212.120.101.24	24	RW	None	2020-01-18 00:00:00	2020-04-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=24,NL) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=24,NL)
212.124.112.0	21	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	CH TO-S-2019-0734.01 Malicious Email Activity
212.129.135.221	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Failed password - Failed Logons (IP=221,NL)
212.129.138.67	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=67,CN)
212.129.145.70	24	GM	None	2019-04-07 00:00:00	2020-02-06 00:00:00	None	WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=70,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=24 CN) | 2020-02-06 | 2019-06-07
212.129.19.151	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - SourceFire (IP=151,FR)
212.129.240.194	24	BMP	None	2020-03-21 00:00:00	2020-06-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=194,NL)
212.129.241.239	24	RR	None	2020-08-22 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=239,CN)
212.129.27.130	24	DT	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	SQL use of concat function with select - likely SQL injection - Web Attacks (IP=130,FR)
212.129.31.92	24	MWH	None	2016-12-05 06:00:00	2020-09-19 00:00:00	None	ET CINS Active Threat Intelligence Poor Reputation IP & Misc Web Attack (IP=92) | updated by dbc with reason FR TO-S-2019-1002 Malicious Email Activity
212.129.52.3	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=3,FR)
212.13.31.14	24	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=14,RU)
212.131.13.41	24	KF	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=41,IT) | updated by GM Block expiration extended with reason SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - Web Attacks (IP=41,IT)
212.131.143.250	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=50,IT)
212.142.141.106	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=106,ES)
212.144.80.56	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	Authentication Failed - Failed Logons (IP=56,DE)
212.147.15.213	24	CR	None	2019-10-14 00:00:00	2020-01-14 00:00:00	None	Illegal user_6 hr Failed Logon (IP=213,CH)
212.152.32.0	19	jky	None	2017-12-11 06:00:00	2020-01-31 00:00:00	None	RU TO-S-2018-0219 Application specific activity | updated by RR with reason Failed password - Failed Logons (IP=78,RU)
212.154.12.213	24	RR	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=213,TR) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=213,TR)
212.154.23.99	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=99,TR)
212.154.78.125	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=125,TR)
212.156.115.55	24	GED	None	2014-08-20 05:00:00	2020-02-18 00:00:00	None	ET SCAN Potential SSH Scan (IP=55, TR) | updated by RR with reason Illegal user (IP=110,CN) | updated by RR with reason Invalid user - Failed Logons (IP=102,TR)
212.156.137.210	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	TR TO-S-2019-0382 Malicious Email Activity
212.156.153.10	24	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=10,TR)
212.156.17.218	24	RB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	Failed password_6 hr Failed Logons (IP=218,TR)
212.158.174.121	24	DT	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=121,RU)
212.159.69.43	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	GB TO-S-2019-0608 Malware Activity
212.160.237.95	24	RW	None	2020-08-18 00:00:00	2020-11-18 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Sourcefire (IP=95,PL)
212.164.227.79	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=79,RU)
212.164.71.148	24	SYM	None	2014-11-02 05:00:00	2020-08-15 00:00:00	None	SSH Scan (ip=148,RU) | updated by dbc with reason RU TO-S-2019-0890.01 Malicious Email Activity
212.171.163.150	24	RR	None	2020-01-17 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=150,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=150,IT)
212.171.210.108	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	IT TO-S-2019-0608 Malware Activity
212.171.211.174	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=174,IT)
212.175.35.194	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Failed password for invalid user - Failed Logon (IP=,IN)
212.179.104.128	24	RW	None	2020-04-03 00:00:00	2020-06-03 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02333 (IP=128,IL)
212.179.226.196	24	CR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=196,IL)
212.187.248.70	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	GB TO-S-2019-0551.02 Malicious Email Activity
212.19.118.138	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=138,IT)
212.194.96.106	32	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6hr web attacks (IP=106,FR)
212.194.96.106	24	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt - Sourcefire (IP=106,FR)
212.204.252.100	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	NL TO-S-2019-0420 Malicious Email Activity
212.224.109.175	24	bob	None	2016-07-22 05:00:00	2020-04-19 00:00:00	None	DE TO-S-2016-0900 IP associated with malicious activity | updated by dbc with reason DE TO-S-2019-0608 Malware Activity
212.227.126.130	32	wmp	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	HIVE Case #3109 COLS-NA-TIP-20-0192 (IP=130,DE)
212.227.164.55	32	RB	None	2020-06-04 00:00:00	2020-09-02 00:00:00	None	HTTP Cross Site Scripting (String.fromCharCode) - TT# 20C03057 (IP=55,ES)
212.227.17.11	32	wmp	None	2020-08-12 00:00:00	2020-11-12 00:00:00	None	HIVE Case #3477 COLS-NA-TIP-20-0244 (IP=11,DE)
212.227.175.98	24	RR	None	2018-02-21 06:00:00	2020-02-11 00:00:00	None	Authentication Failed (IP=98,DE) | updated by RR with reason Illegal user - Failed Logons (IP=59,DE)
212.232.25.224	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=224,TW)
212.232.55.224	24	RR	None	2020-01-18 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=224,RU) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=224,RU) | updated by RWB with reason Attempted Administra
212.237.131.3	24	RB	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=3,DK)
212.237.232.166	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	LT TO-S-2019-0430 Malicious Email Activity
212.237.37.100	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=100,IT)
212.237.53.169	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Invalid user - Failed Logon (IP=169,IT)
212.237.62.168	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=168,IT)
212.237.63.109	24	MLJ	None	2017-07-11 05:00:00	2020-02-16 00:00:00	None	ET SCAN Potential SSH Scan (IP=109,DK) | updated by RR with reason Failed password - Failed Logons (IP=28,IT)
212.239.119.213	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=213,IT)
212.24.32.70	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=70,RU)
212.243.204.81	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=81,CH)
212.244.112.19	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	PL TO-S-2019-1036 Malicious Email Activity
212.25.86.242	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	IL TO-S-2019-0351 Malware Activity
212.251.48.146	24	KF	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	Authentication Failed (IP=146,GR)
212.253.235.85	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=85,TR)
212.253.251.39	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=39,TR)
212.253.255.15	24	RW	None	2020-01-09 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=15,TR)
212.253.86.220	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=220,TR)
212.3.151.210	24	CR	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=210,RU)
212.30.52.243	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password (IP=243,LB)
212.32.226.245	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	NL TO-S-2019-0890.01 Malicious Email Activity
212.32.235.160	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NL TO-S-2019-0626.01 Malware Activity
212.32.243.39	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	NL TO-S-2019-0430 Malicious Email Activity
212.32.255.93	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	NL TO-S-2019-0640.01 Malware Activity
212.33.225.173	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=173,RU)
212.34.224.0	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=0,AM)
212.35.17.41	24	MLJ	None	2018-02-01 06:00:00	2020-01-27 00:00:00	None	Authentication Failed (IP=41,CH) | updated by RB with reason INDICATOR-SCAN SSH brute force login attempt (IP=41,CH) | 2018-1 | updated by CR Block was inactive. Reactivated on 20191029 with reason Authentication Failed 6 hr Failed Logon (IP=41,CH)
212.44.101.95	24	YM	None	2018-04-05 05:00:00	2020-01-25 00:00:00	None	ET SCAN Potential SSH Scan (IP=95,SI) | updated by kmw with reason SI TO-S-2019-0358 Malicious Email Activity
212.44.236.122	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=122,FR)
212.47.231.14	24	RR	None	2016-11-15 06:00:00	2020-02-02 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=14,FR) | updated by EDBT with reason ET SCAN Potential SSH Scan | updated by KF with reason Failed password_6 Hr Failed Logons (IP=183,FR) | updated by KF with reason Failed password_6 Hr
212.47.238.20	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=20,FR)
212.47.238.207	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=207,FR)
212.48.80.9	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	GB TO-S-2019-0551.02 Malicious Email Activity
212.51.148.162	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Illegal user - Failed Logons (IP=162,CH)
212.51.156.195	24	MLJ	None	2017-07-07 05:00:00	2020-01-03 00:00:00	None	ET SCAN Potential SSH Scan (IP=195,CH) | updated by GM with reason Illegal user - Failed Logons (IP=48,CH)
212.53.140.22	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	DE TO-S-2019-0468 Malware Activity
212.53.234.201	32	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	Possible SQLi attempt - TT# 20C00405 (IP=201,DE)
212.57.32.97	24	YM	None	2018-06-03 05:00:00	2020-04-17 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=97,SK) | updated by GM with reason SQL 1 = 1 - possible sql injection attempt (
212.58.114.84	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed_Failed Logon (IP=84,GE)
212.63.110.115	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	ES TO-S-2020-0056 Malicious Email Activity
212.64.0.208	24	FT	None	2020-09-18 00:00:00	2020-12-17 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=208,CN)
212.64.109.31	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password_Failed Logon (IP=31,CN)
212.64.112.133	24	JKC	None	2019-01-07 06:00:00	2020-01-19 00:00:00	None	WPC REGIONAL Fireeye multiple alerts MPS (IP=133, NL) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=133,CN)
212.64.162.119	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Invalid user - Failed Logons (IP=119,ES)
212.64.22.241	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=241,NL)
212.64.23.30	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password for invalid user - Failed Logons (IP=30,NL)
212.64.32.126	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=126,CN)
212.64.33.162	24	RR	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=162,CN)
212.64.35.151	24	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6 hr web attacks (IP=151,CN)
212.64.43.78	24	RW	None	2020-08-18 00:00:00	2020-11-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=78,NL)
212.64.55.250	32	RW	None	2020-09-27 00:00:00	2020-12-27 00:00:00	None	FTKNOX_HRC_IPS - TT# 20C03994 (IP=250,CN)
212.64.56.225	24	DT	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=225,CN)
212.64.58.150	24	RR	None	2019-06-30 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6 hr Web Attacks (IP=150,NL) | updated by GM with reason Failed password - Failed Logons (IP=154,CN)
212.64.67.204	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=204,CN)
212.64.68.83	24	RB	None	2020-08-01 00:00:00	2020-11-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=83,CN)
212.64.69.217	24	RR	None	2019-10-18 00:00:00	2020-01-16 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=217,CN)
212.64.7.134	24	CR	None	2019-01-21 00:00:00	2020-01-28 00:00:00	None	Illegal user (IP=134,NL) | updated by RWB Block was inactive. Reactivated on 20191030 with reason Failed password - Failed Logon (IP=134,NL)
212.64.82.162	24	RR	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=162,NL)
212.64.91.66	24	RR	None	2019-01-25 00:00:00	2020-03-08 00:00:00	None	Illegal user (IP=66,NL) | updated by BP Block was inactive. Reactivated on 20191209 with reason Invalid user (IP=66,NL)
212.64.94.179	24	RR	None	2019-01-14 06:00:00	2020-03-02 00:00:00	None	Illegal user (IP=179,NL) | updated by BP Block was inactive. Reactivated on 20191203 with reason Failed password for invalid user - 6hr Logon (IP=179,CN)
212.67.217.158	32	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	GB TO-S-2019-0839 Malicious Email Activity
212.68.208.120	24	CR	None	2019-10-14 00:00:00	2020-01-14 00:00:00	None	Illegal user_6 hr Failed Logon (IP=120,BE)
212.71.234.16	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	GB TO-S-2019-1036 Malicious Email Activity
212.71.255.214	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=214,GB)
212.71.255.214	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=214,GB)
212.72.47.218	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	NL TO-S-2019-0409 Malicious Email Activity
212.73.64.0	19	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	AM TO-S-2020-0012 Malware Activity
212.73.86.34	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	AM TO-S-2019-0420 Malicious Email Activity
212.76.13.242	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Illegal user - Failed Logons (IP=242,KZ)
212.77.192.0	19	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	QA TO-S-2019-0938 Malware Activity
212.81.219.50	24	GM	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=50,ES)
212.83.128.2	24	RW	None	2020-09-08 00:00:00	2020-12-08 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - Sourcefire (IP=2,FR)
212.83.138.13	24	GED	None	2014-08-19 05:00:00	2020-02-26 00:00:00	None	ET SCAN Potential SSH Scan (IP=13, FR) | updated by ABC with reason Generic ArcSight scan attempt (IP=82,FR) | updated by RR with reason Invalid user - Failed Logons (IP=75,FR)
212.83.138.75	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=75,FR)
212.83.141.0	24	ged	None	2015-08-09 05:00:00	2020-09-02 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=0, FR) | updated by SYM with reason ET SCAN Potential SSH Scan ( | updated by dbc with reason FR TO-S-2019-0952 Malicious Email Activity
212.83.183.57	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=57,FR)
212.85.104.52	24	RR	None	2017-01-13 06:00:00	2020-04-08 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (IP=52,PL) | updated by dbc with reason PL TO-S-2019-0577 M
212.85.168.72	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	SI TO-S-2019-0608 Malware Activity
212.85.38.23	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	ES TO-S-2019-0571 Malicious Email Activity
212.85.73.148	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	SE TO-S-2019-0608 Malware Activity
212.85.91.19	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=19,SE)
212.87.47.5	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=5,DE)
212.89.162.172	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password for invalid user - Failed Logons (IP=172,AT)
212.90.108.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	UA TO-S-2020-0109.01 Malicious Email Activity
212.90.62.4	24	RB	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=4,UA)
212.91.22.89	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	PL TO-S-2019-0608 Malware Activity
212.92.100.0	23	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	RU TO-S-2019-0358 Malicious Email Activity
212.92.106.6	32	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	Known Attack Tool User Agent / 20451: HTTP: OpenVAS Vulnerability Scanner - TT# 20C01330 (IP=6,NL)
212.92.128.0	18	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
212.92.250.91	24	RR	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Illegal user - Failed Logons (IP=91,UA )
212.92.8.81	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=81,HU)
212.94.79.34	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	FI TO-S-2019-0546 Malicious Email Activity
212.97.132.142	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DK TO-S-2020-0056 Malware Activity
212.97.132.202	24	djs	None	2014-11-22 06:00:00	2020-08-27 00:00:00	None	FE_Heuristics_Macro_2 c2 maid=4611 (ip=202,DK) | updated by jky with reason DK TO-S-2017-0338 Fireeye detected malicious attac | updated by dbc with reason DK TO-S-2019-0938 Malicious Email Activity
213.100.194.62	24	GM	None	2020-03-24 00:00:00	2020-06-24 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=62,SE)
213.100.221.182	32	RB	None	2020-03-19 00:00:00	2020-06-17 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02186 (IP=182,SE)
213.108.136.205	32	BMP	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02827 (IP=205,RU)
213.108.136.205	24	BMP	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6hr Web Attacks (IP=205,RU)
213.108.170.121	24	GM	None	2020-01-16 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=121,RU) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=121,RU)
213.109.228.32	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=32,UK)
213.113.47.4	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=4,SE)
213.120.104.180	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	GB TO-S-2019-1036 Malicious Email Activity
213.128.186.175	32	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01600 (IP=175,NO)
213.128.186.175	32	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01600 (IP=175,NO)
213.128.89.184	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	TR TO-S-2020-0088 Malware Activity
213.131.83.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	EG TO-S-2019-0626.01 Malware Activity
213.133.115.6	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	DE TO-S-2019-0571 Malicious Email Activity
213.136.71.235	24	dbc	None	2014-07-01 05:00:00	2020-07-29 00:00:00	None	Potential SSH Scan (ip=235 DE) | updated by sym with reason Sipvicious User-Agent Detected (friendly-scanner) (IP=67,DE) | u | updated by dbc with reason DE TO-S-2019-0852 Malware Activity
213.136.72.218	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DE TO-S-2020-0056 Malware Activity
213.136.79.34	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	DE TO-S-2019-0532 Malicious Email Activity
213.136.89.167	24	ged	None	2014-10-03 05:00:00	2020-04-26 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (IP=167, DE) | updated by RR with reason Illegal user (IP=142,DE) | 2018-02-23 | 2015-0
213.14.218.51	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	TR TO-S-2019-0626.01 Malware Activity
213.142.130.88	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	TR TO-S-2019-0640.01 Malicious Email Activity
213.143.67.108	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=108,SI)
213.143.80.100	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=100,SI)
213.145.128.0	20	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	KG TO-S-2020-0012 Malware Activity
213.150.71.110	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	SQL HTTP URI blind injection attempt_SourceFire (IP=10,RU)
213.151.241.36	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	SK TO-S-2019-0640.01 Malware Activity
213.152.162.165	24	FT	None	2020-11-04 00:00:00	2020-02-02 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54574:1) - SourceFire (IP=165,NL)
213.152.168.27	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malicious Email Activity
213.153.152.136	24	JC	None	2015-01-19 06:00:00	2020-04-17 00:00:00	None	HTTP: Apache mod_cgi Bash Environment VariableCode Injection (IP | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=175,TR)
213.153.79.98	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=98,DE)
213.155.160.20	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	PL TO-S-2019-0571 Malicious Email Activity
213.155.98.228	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	TR TO-S-2019-0608 Malicious Email Activity
213.157.48.133	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Invalid user - Failed Logon (IP=133,KZ)
213.158.160.0	19	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	EG TO-S-2019-0351 Malicious Email Activity
213.159.7.42	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	TR TO-S-2019-0952 Malware Activity
213.16.184.12	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
213.160.32.41	24	CR	None	2019-05-08 00:00:00	2020-01-15 00:00:00	None	Illegal user_6 hr Failed Logon (IP=41,CH) | updated by GM with reason Illegal user - Failed Logons (IP=144,CH)
213.160.71.66	24	RB	None	2018-01-06 06:00:00	2020-10-25 00:00:00	None	SQL use of sleep function with and - likely SQL injection (IP=66,DE) | updated by dbc with reason DE TO-S-2020-0065 Malicious Email Activity
213.161.186.142	24	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	GM SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=142,NO)
213.162.211.159	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	ES TO-S-2019-0488 Malicious Email Activity
213.168.250.213	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	GB TO-S-2019-0551.02 Malicious Email Activity
213.171.221.18	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	GB TO-S-2019-0468 Malicious Email Activity
213.172.145.174	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=174,ZA)
213.174.128.0	19	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	RU TO-S-2019-0577 Malicious Email Activity
213.174.157.150	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=150,US)
213.175.208.100	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=100,GB)
213.175.64.0	18	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	LV TO-S-2019-0409 Malicious Email Activity
213.176.60.102	32	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01265 (IP=102,HK)
213.180.204.221	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=221,RU)
213.182.92.37	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=37,IT)
213.185.240.65	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	SE TO-S-2019-0608 Malware Activity
213.185.248.144	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	Authentication Failed - Failed Logons (IP=144,SE)
213.186.33.17	24	dbc	None	2014-05-28 05:00:00	2020-08-15 00:00:00	None	Malware.archive before Trojan.Asprox (ip=17,FR) | updated by djs with reason Cryptowall 3.0 check-in (ip=80,FR) | updated by | updated by dbc with reason FR TO-S-2019-0890.01 Malicious Email Activity
213.186.33.40	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=40,FR)
213.186.33.40	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=40,FR)
213.186.33.69	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=69,FR)
213.187.33.105	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	GB TO-S-2019-0852 Malicious Email Activity
213.188.116.222	24	GM	None	2019-10-01 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt - Web Attacks (IP=222,DE)
213.189.82.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	KW TO-S-2019-0626.01 Malware Activity
213.19.161.155	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	GB TO-S-2019-0640.01 Malicious Email Activity
213.190.6.5	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	Unaffiliated TO-S-2019-0532 Malicious Email Activity
213.190.6.95	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	DE TO-S-2019-0938 Malicious Email Activity
213.191.128.80	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=80,HR)
213.192.94.102	24	EDBT	None	2017-11-21 06:00:00	2020-03-23 00:00:00	None	ET SCAN Potential SSH Scan (IP=102,PL) | updated by KF with reason Authentication Failed (IP=102 PL) | updated by RW Block was inactive. Reactivated on 20191223 with reason Authentication Failed - 6hr Failed Logon(IP=102,PL)
213.198.241.13	32	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Immediate Inbound Network Block - TT# 20C00807 (IP=13,US)
213.202.100.91	24	MLJ	None	2018-04-04 05:00:00	2020-09-02 00:00:00	None	ET SCAN Potential SSH Scan (IP=91,HR) | updated by kmw with reason HR TO-S-2019-0363.01 Malicious Email Activity | updated by dbc with reason HR TO-S-2019-0952 Malware Activity
213.202.217.9	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	DE TO-S-2019-0626.01 Malware Activity
213.202.255.28	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	DE TO-S-2019-0658 Malware Activity
213.202.81.73	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	HR TO-S-2019-0608 Malware Activity
213.203.166.90	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02410 (IP=90,IT)
213.205.37.14	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=14,IT)
213.205.37.21	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=21,IT)
213.207.64.147	24	RB	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=147,NL)
213.208.176.0	21	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	RU TO-S-2020-0006 Malicious Email Activity
213.209.8.32	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=32,IT)
213.209.8.36	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=36,IT)
213.215.116.99	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	SK TO-S-2019-0577 Malicious Email Activity
213.215.124.60	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	SK TO-S-2019-0604 Malicious Email Activity
213.219.39.185	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=185,GB)
213.22.175.66	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	PT TO-S-2019-0608 Malware Activity
213.226.126.0	24	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	RU TO-S-2019-0658 Malware Activity
213.227.140.32	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NL TO-S-2019-0626.01 Malware Activity
213.227.149.89	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	NL TO-S-2019-0938 Malware Activity
213.227.149.90	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	NL TO-S-2019-0938 Malware Activity
213.227.154.22	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	NL TO-S-2019-0781 Malicious Email Activity
213.227.155.25	32	dbc	None	2019-12-17 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0187 Malicious Email Activity | updated by dbc Block expiration extended with reason NL TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malware Activity
213.229.107.49	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	GB TO-S-2019-0577 Malicious Email Activity
213.232.124.0	22	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	IR TO-S-2019-0631 Malicious Email Activity
213.233.237.35	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6hr web attacks (IP=35,NL)
213.233.85.98	24	KF	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Known Attack Tool User Agent/BOT: Muieblackcat Traffic Detected I - TT# 20C01710 (IP=98,RO)
213.238.198.152	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=152,SW)
213.238.223.27	24	KF	None	2019-01-06 06:00:00	2020-04-19 00:00:00	None	Failed password (IP=27,SE) | updated by dbc with reason SE TO-S-2019-0608 Malware Activity
213.239.194.252	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	DE TO-S-2020-0006 Malicious Email Activity
213.239.207.147	24	GLM	None	2018-07-11 05:00:00	2020-04-08 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=147,DE) | updated by dbc with reason DE TO-S-2019-0577 Malicious Email Activity
213.239.213.122	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	DE TO-S-2019-0431 Malicious Email Activity
213.241.46.78	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user - Failed Logons (IP=78,PL)
213.248.188.184	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=184,TR)
213.251.132.203	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=203,FR)
213.251.182.114	24	MLJ	None	2017-01-27 06:00:00	2020-09-10 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=114,FR) | updated by GLM with reason SQL 1 = 1 - possible sql injection attemp | updated by dbc with reason FR TO-S-2019-0972 Malware Activity
213.251.35.49	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password_6 hr Failed Logons (IP=49 GB)
213.251.79.203	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	BE TO-S-2019-0864 Malware Activity
213.32.16.127	24	GLM	None	2018-12-14 06:00:00	2020-02-08 00:00:00	None	Failed password (IP=127,FR) | updated by GM with reason Invalid user - Failed Logons (IP=127,FR)
213.32.18.25	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=25,FR)
213.32.22.239	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=239,FR)
213.32.23.58	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=58,FR)
213.32.65.48	24	MLJ	None	2016-11-09 06:00:00	2020-03-05 00:00:00	None	ET COMPROMISED Known Compromised or Hostile Host Traffic group 32 (IP=48,DK) | updated by GM with reason Invalid user - Failed Logons (IP=11,FR)
213.32.75.112	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password (IP=112,FR)
213.32.92.57	24	CR	None	2019-01-17 00:00:00	2020-04-26 00:00:00	None	Failed password for invalid user user (IP=57,DK) | updated by GM Block was inactive. Reactivated on 20200126 with reason Failed password - Failed Logons (IP=57,FR)
213.35.152.58	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	EE TO-S-2019-0631 Malicious Email Activity
213.37.12.117	24	RR	None	2018-10-02 05:00:00	2020-04-19 00:00:00	None	Authentication Failed (IP=117,ES) | updated by dbc with reason ES TO-S-2019-0608 Malware Activity
213.39.53.241	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=241,GB)
213.47.38.104	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=104,AT)
213.52.10.237	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	NO TO-S-2020-0109.01 Malicious Email Activity
213.58.202.70	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	PT TO-S-2019-0409 Malicious Email Activity
213.59.223.230	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=230,RU)
213.6.128.0	17	dlb	None	2018-08-31 05:00:00	2020-03-08 00:00:00	None	PA TO-S-2018-1080 malware activity | updated by GM with reason Invalid user - Failed Logons (IP=134,PS)
213.60.144.138	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=138 ES)
213.61.215.54	24	RW	None	2020-07-18 00:00:00	2020-10-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=54,DE)
213.64.0.0	14	jky	None	2016-12-01 06:00:00	2020-01-16 00:00:00	None	SE TO-S-2017-0241 Unauthorized access attempts | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=6 SE) | 2020-01-16 | 2017-12-01
213.64.53.167	24	GM	None	2020-09-05 00:00:00	2020-12-05 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=167,ES)
213.67.75.164	24	BMP	None	2020-03-10 00:00:00	2020-06-08 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=164,SE)
213.7.231.44	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=44,CY)
213.74.248.28	24	wmp	None	2019-02-12 00:00:00	2020-01-29 00:00:00	None	authentication bypass vulnerability (IP=28,TR) | updated by GM with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - 19C03017 (IP=28,US) | updated by GM with reason HTTP: WordPress portable phpmyadmin plugin authentication bypas
213.77.77.253	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=253,PL)
213.8.199.27	24	CR	None	2017-10-24 05:00:00	2020-02-04 00:00:00	None	ET SCAN Potential SSH Scan (IP=27,IL) | updated by RR with reason APP-DETECT failed FTP login attempt - Failed Logons (IP=77,IL)
213.82.39.226	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=226 IT)
213.82.88.181	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=181,IT) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
213.87.101.176	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Illegal user - 6hr Logon (IP=176,RU)
213.89.244.230	24	KF	None	2020-03-15 00:00:00	2020-06-13 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02140 (IP=230,SW)
213.90.0.0	17	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	AT TO-S-2019-0972 Malicious Web Application Activity
213.96.16.202	24	CR	None	2020-04-04 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=202,ES)
214.16.26.254	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
214.24.21.228	32	BMP	None	2020-09-08 00:00:00	2020-12-08 00:00:00	None	FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt - SourceFire (IP=228,US)
214.25.94.8	32	JKC	None	2020-06-12 00:00:00	2020-07-20 00:00:00	None	substandard VPN ENCRYYPTION IP CTO-20-162 (ip=8,US) | unblock per CTO-20-193
214.48.244.108	32	jkc	None	2020-06-26 00:00:00	2020-07-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 INTEL recommended block IP (ip=108,US)
214.48.244.109	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168
214.48.244.140	32	jkc	None	2020-06-26 00:00:00	2020-07-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 INTEL recommended block IP (ip=140,US)
214.48.244.83	32	jkc	None	2020-06-26 00:00:00	2020-07-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 INTEL recommended block IP (ip=83,US)
214.48.244.96	32	jkc	None	2020-06-26 00:00:00	2020-07-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 INTEL recommended block IP (ip=96,US)
214.48.244.97	32	jkc	None	2020-06-26 00:00:00	2020-07-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 INTEL recommended block IP (ip=97,US)
214.48.248.106	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168
214.48.252.108	32	jkc	None	2020-06-26 00:00:00	2020-07-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 INTEL recommended block IP (ip=108,US)
214.48.252.109	32	jkc	None	2020-06-26 00:00:00	2020-07-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 INTEL recommended block IP (ip=109,US)
214.48.252.96	32	jkc	None	2020-06-26 00:00:00	2020-07-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 INTEL recommended block IP (ip=96,US)
214.48.252.97	32	jkc	None	2020-06-26 00:00:00	2020-07-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 INTEL recommended block IP (ip=97,US)
216.10.240.0	20	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	IN TO-S-2019-0640.01 Malicious Email Activity
216.10.240.53	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=53,IN)
216.104.200.0	23	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	UG TO-S-2019-1036 Malicious Email Activity
216.108.229.69	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
216.108.236.69	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	Unaffiliated TO-S-2019-0532 Malicious Email Activity
216.126.194.21	32	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - Sourcefire (IP=21,US)
216.137.147.15	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malware Activity
216.144.240.62	32	RR	None	2019-01-17 00:00:00	2020-04-19 00:00:00	None	APP-DETECT failed FTP login attempt (IP=62,US) | updated by RR with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=62,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP Citrix ADC an
216.144.246.22	32	RW	None	2020-01-18 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=22,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=22,US)
216.144.247.254	32	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Sourcefire (IP=254,US)
216.144.251.86	32	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=86,US)
216.146.39.125	32	wmp	None	2020-07-02 00:00:00	2020-10-02 00:00:00	None	HIVE Case #3190 COLS-NA-TIP-20-0200 (IP=125,US)
216.151.184.182	32	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	Immediate Network Block TT# 20C01527 (IP=82,CA)
216.151.213.111	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
216.152.140.210	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	CA TO-S-2019-0938 Malicious Web Application Activity
216.155.135.104	32	CR	None	2019-12-04 00:00:00	2020-01-04 00:00:00	None	Known Attack Tool User Agent/20086: HTTP: Muieblackcat Security Scanner - TT# 20C01087 (IP=104,US)
216.157.88.24	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
216.158.227.83	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
216.158.93.163	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
216.167.204.214	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
216.17.103.99	32	wmp	None	2020-08-03 00:00:00	2020-11-03 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=99,US)
216.17.166.86	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
216.170.118.0	23	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	GD TO-S-2019-0658 Malware Activity
216.170.123.111	32	EB	None	2020-03-26 00:00:00	2020-06-26 00:00:00	None	HIVE Case #2342 COVID-19_IOCs (IP=111,US)
216.170.123.202	32	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	US TO-S-2019-0593 Malicious Email Activity
216.172.164.56	32	wmp	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	HIVE Case #3555 COLS-NA-TIP-20-0254 (IP=56,US)
216.172.168.233	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
216.172.169.132	32	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=132,US)
216.172.172.168	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
216.172.184.137	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
216.172.184.231	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
216.177.137.116	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
216.194.165.83	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Web Application Activity
216.194.167.195	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
216.200.166.196	32	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=196,US) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
216.205.24.161	32	wmp	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	HIVE Case #3484 COLS-NA-TIP-20-0249 (IP=161,US)
216.205.24.204	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=204,US)
216.205.24.214	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=214,US)
216.219.81.50	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
216.221.192.163	32	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=163,US)
216.221.199.101	32	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=101,US)
216.221.200.24	32	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=24,US)
216.221.201.143	32	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=143,US)
216.221.205.39	32	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=39,US)
216.221.207.204	32	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=204,US)
216.238.230.141	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=141,CA)
216.239.138.249	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=249,US)
216.24.196.13	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=13,US)
216.24.249.75	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=75,US)
216.243.58.154	32	GM	None	2019-02-09 00:00:00	2020-01-25 00:00:00	None	Authentication Failed (IP=154,US) | updated by RW Block was inactive. Reactivated on 20191025 with reason APP-DETECT failed FTP login attempt - 6hr Failed Logon(IP=154,US)
216.245.212.202	32	GLM	None	2019-01-15 06:00:00	2020-04-19 00:00:00	None	APP-DETECT failed FTP login attempt (IP=202,US) | updated by RR with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=202,US) | updated by KF with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code
216.245.214.66	32	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=66,US)
216.245.216.22	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=22,US)
216.25.226.54	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=54,US)
216.250.120.232	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
216.251.77.18	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=18,US)
216.27.63.18	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=18,US)
216.38.63.66	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
216.40.44.198	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	CA TO-S-2019-0890.01 Malicious Email Activity
216.45.59.206	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
216.55.138.117	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
216.55.149.9	32	RB	None	2017-03-21 05:00:00	2020-10-20 00:00:00	None	APP-DETECT failed FTP login attempt (IP=9,US) | updated by wmp Block was inactive. Reactivated on 20200720 with reason HIVE Case #3374 COLS-NA-TIP-20-0228 (IP=9,US)
216.57.119.110	32	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=110,US)
216.58.193.161	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	NL TO-S-2019-0769 Malicious Email Activity
216.58.195.129	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	NL TO-S-2019-0781 Malicious Email Activity
216.58.198.206	32	wmp	None	2020-08-20 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=206,US) | updated by wmp Block expiration extended with reason HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=206,US) | updated by wmp Block expiration extended with reason HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20
216.58.204.110	32	wmp	None	2020-07-30 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=110,US) | updated by wmp Block expiration extended with reason HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=110,US)
216.58.204.97	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=97,US)
216.58.206.238	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=238,US)
216.58.209.243	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=243,US)
216.58.213.142	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=142,US)
216.58.213.174	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=174,US)
216.58.213.84	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=84,US)
216.66.91.3	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malware Activity
216.67.115.156	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=156,US)
216.70.88.11	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
216.75.199.68	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
216.83.45.200	32	RW	None	2020-07-26 00:00:00	2020-10-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=200,US)
216.83.54.153	32	RR	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=153,US)
216.83.54.153	24	RW	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=146,IN)
216.83.55.31	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=31 HK)
216.98.136.85	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=85,US)
216.98.139.49	32	RR	None	2020-05-02 00:00:00	2020-07-31 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=49,US)
217.107.219.81	24	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=81,RU)
217.11.165.210	24	KF	None	2020-04-22 00:00:00	2020-07-21 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=210,GE)
217.112.35.68	24	YM	None	2018-03-15 05:00:00	2020-02-20 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (IP=68,RU) | updated by GM with reason SQL union select - po | updated by RR with reason SQL use of sleep function with and - likely SQL injection - SourceFire (IP=56,RU)
217.113.16.0	20	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AM TO-S-2019-1036 Malicious Email Activity
217.116.232.205	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	DK TO-S-2019-0631 Malicious Email Activity
217.116.232.211	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	DK TO-S-2019-0613 Malicious Email Activity
217.116.232.214	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	DK TO-S-2019-0546 Malicious Email Activity
217.116.232.217	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	DK TO-S-2019-0577 Malicious Email Activity
217.116.26.57	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	ES TO-S-2019-0409 Malicious Email Activity
217.117.137.211	24	CR	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attack (IP=211,PL)
217.12.201.16	24	GM	None	2020-06-18 00:00:00	2020-08-18 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=16,NL)
217.12.223.225	24	GM	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=225,UA)
217.12.223.70	32	GM	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	Possible SQLi attempt / HTTP: SqlMap SQL Injection - Scanning I - TT# 20C02977 (IP=70,UA)
217.128.84.134	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password for invalid user (IP=134,FR)
217.13.100.44	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	HU TO-S-2019-0577 Malicious Email Activity
217.13.103.46	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	HU TO-S-2019-0777 Malicious Email Activity
217.13.93.178	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=178,ES)
217.131.205.232	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=232,TU)
217.131.28.231	24	RR	None	2020-01-17 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=231,CN) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=231,TR)
217.132.118.4	24	RW	None	2020-01-18 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=4,IL) | updated by RB Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=4 IL)
217.132.47.180	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=180,IL)
217.133.112.227	32	GM	None	2020-03-22 00:00:00	2020-06-22 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02194 (IP=227,US)
217.138.76.66	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=66,GB)
217.141.242.114	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - Web Attacks (IP=114,IT)
217.144.104.39	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=39,IR)
217.146.69.14	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	EE TO-S-2019-0420 Malicious Email Activity
217.146.69.26	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	EE TO-S-2019-0363.01 Malicious Email Activity
217.147.37.241	24	RR	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	Authentication Failed - Failed Logons (IP=241,LT)
217.151.128.0	20	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	RU TO-S-2020-0006 Malicious Email Activity
217.151.149.202	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	DE TO-S-2019-0604 Malicious Email Activity
217.151.234.46	24	RW	None	2019-12-25 00:00:00	2020-03-30 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=46,RU) | updated by RWB Block expiration extended with reason Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt
217.155.5.166	24	RR	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (IP=166,GB)
217.16.186.59	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	CZ TO-S-2019-0640.01 Malicious Email Activity
217.160.0.191	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	DE TO-S-2020-0006 Malicious Email Activity
217.160.0.249	24	jky	None	2016-12-23 06:00:00	2020-09-19 00:00:00	None	DE TO-S-2017-0352 Foreign intrusion set activity | updated by jky with reason DE TO-S-2018-0562 Malware activity | updated b | updated by dbc with reason DE TO-S-2019-0747 Malicious Email Activity | updated by dbc with reason DE TO-S-2019-1002 Mali
217.160.108.55	24	RR	None	2020-08-13 00:00:00	2020-11-11 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=55,DE)
217.160.109.72	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
217.160.141.35	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - SourceFire (IP=35,DE)
217.160.142.99	24	RR	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - SourceFire (IP=99,DE)
217.160.180.174	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DE TO-S-2020-0056 Malicious Email Activity
217.160.182.191	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	DE TO-S-2019-1036 Malicious Email Activity
217.160.19.232	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	DE TO-S-2019-0604 Malicious Email Activity
217.160.223.40	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=40,DE)
217.160.223.84	24	alj	None	2018-11-27 06:00:00	2020-03-12 00:00:00	None	FILE-PDF Multiple products | updated by dbc with reason DE TO-S-2019-0488 Malicious Email Activity
217.160.28.161	24	DT	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - 6hr web attacks (IP=161,DE)
217.160.65.177	24	FT	None	2020-08-03 00:00:00	2020-11-01 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - sourcefire (IP=177,DE)
217.163.11.49	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	GB TO-S-2020-0065 Malicious Web Application Activity
217.163.28.35	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DE TO-S-2020-0056 Malware Activity
217.164.169.114	24	RW	None	2020-04-07 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=114,AE)
217.165.198.242	24	RR	None	2020-06-17 00:00:00	2020-09-15 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=242,AE)
217.165.220.246	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=246,AE)
217.165.236.152	24	RR	None	None	2020-07-07 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=152,AE)
217.165.24.100	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=100,AE)
217.168.75.18	24	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=18,RU)
217.169.220.0	22	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	RS TO-S-2019-0926 Malicious Reconnaissance Activity
217.170.192.58	24	RR	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) - SourceFire (IP=58,NO)
217.170.205.107	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Immediate Inbound Network Block - TT# 20C00512 (IP=107,US)
217.170.206.0	24	nab	None	2020-08-21 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3571 CTR-20-1058 Network scanning (IP=206,NO)
217.174.249.247	24	MLJ	None	2018-06-03 05:00:00	2020-03-12 00:00:00	None	SQL 1 = 1 - possible sql | updated by dbc with reason GB TO-S-2019-0488 Malicious Email Activity
217.182.140.117	24	BMP	None	2020-03-17 00:00:00	2020-06-15 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=117,FR)
217.182.158.104	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	Failed password_Failed Logon (IP=4,GB)
217.182.164.10	24	YM	None	2018-04-04 05:00:00	2020-02-20 00:00:00	None	PUA-OTHER Coinhive TLS server hello attempt (IP=10,FR) | updated by dcg with reason FR TO-S-2018-1067 associated with spear ph
217.182.192.217	24	GM	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=217,FR)
217.182.193.61	24	RWB	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Invalid user - Failed Logon (IP=,TR) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=61,FR)
217.182.194.231	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	FR TO-S-2019-0610 Malicious Email Activity
217.182.194.95	24	KF	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	Illegal user (IP=95,GB)
217.182.199.126	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	DE TO-S-2020-0088 Malware Activity
217.182.199.13	24	KF	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=13,GB)
217.182.200.179	24	BMP	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SQL HTTP URI blind injection attempt - SourceFire (IP=179,PL)
217.182.207.27	24	EDBT	None	2017-09-30 05:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt (IP=27,FR) | updated by dbc with reason FR TO-S-2019-0351
217.182.217.122	24	RR	None	2018-08-22 05:00:00	2020-04-26 00:00:00	None	Illegal user (IP=122,GB) | updated by dbc with reason FR TO-S-2019-0626.01 Malware Activity
217.182.253.230	24	KF	None	2019-11-23 00:00:00	2020-02-21 00:00:00	None	Failed password (IP=230,GB)
217.182.38.131	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	FR TO-S-2019-0747 Malware Activity
217.182.65.93	32	GM	None	2020-07-27 00:00:00	2020-10-27 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03568 (IP=93,FR)
217.182.65.93	24	KF	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=93,GB)
217.182.70.125	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Invalid user - Failed Logons (IP=125,FR)
217.182.71.16	24	RR	None	2018-01-17 06:00:00	2020-04-17 00:00:00	None	Illegal user (IP=16,GB) | updated by dcg with reason FR TO-S-2018-0811 associated with malicious web application and malware
217.182.74.96	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_Failed Logon (IP=96,PL)
217.182.77.18	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=18,PL)
217.182.79.245	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=245,PL)
217.19.154.218	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password (IP=218,IT)
217.194.6.96	24	GM	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=96,IT)
217.195.198.35	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	TR TO-S-2019-0781 Malicious Email Activity
217.199.175.216	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	GB TO-S-2019-1036 Malicious Email Activity
217.20.180.233	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=233,UA)
217.208.165.73	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=73,SE)
217.208.221.105	24	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=105,SE)
217.208.26.149	32	RW	None	2020-03-10 00:00:00	2020-04-10 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02115 (IP=149,SE)
217.209.109.18	24	RW	None	2020-03-09 00:00:00	2020-06-09 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr web attacks (IP=18,SE)
217.211.19.2	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=2,SE)
217.215.246.242	32	KF	None	2020-03-08 00:00:00	2020-06-06 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02061 (IP=242,US)
217.215.73.21	32	RW	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01856 (IP=21,SE)
217.218.21.2	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Invalid user -Failed Logons (IP=2,IR)
217.218.249.127	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=127,IR)
217.226.50.116	24	BMP	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Authentication Failed - 6hr Logon (IP=116,DE)
217.23.74.198	24	RR	None	2018-07-04 05:00:00	2020-01-17 00:00:00	None	Authentication Failed (IP=198,RU) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=198,RU) | 2020-01-17 | 2018-10-02
217.243.172.58	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=58,DE)
217.25.32.0	20	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	SE TO-S-2019-0972 Malware Activity
217.26.0.0	20	dcg	None	2018-07-05 05:00:00	2020-02-20 00:00:00	None	RU TO-S-2018-0908 associated with Malicious Web Application Activity | updated by dbc with reason RU TO-S-2018-1158 Malicious
217.26.213.71	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=71,RS)
217.29.20.40	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=40,KG)
217.29.220.199	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=199,ZA)
217.29.63.235	24	CR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=235,RU)
217.31.187.105	32	RB	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02005 (IP=105,SE)
217.45.204.44	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	GB TO-S-2019-0608 Malware Activity
217.55.199.159	24	RW	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=159,EG)
217.58.149.69	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - 6hr web attacks (IP=69,IT)
217.58.167.45	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - SourceFire (IP=45,IT)
217.58.35.193	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt_Web attacks (IP=93,IT)
217.58.61.49	24	KF	None	2020-01-26 00:00:00	2020-06-29 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=49,IT) | updated by KF Block expiration extended with reason Known Attack Tool User/ BOT: Mirai Echobot Activity Detected - TT# 310320-00006 (IP=49,IT)
217.61.0.205	32	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	DE TO-S-2019-0985 Application Vulnerability Exploit
217.61.105.168	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=168,DE)
217.61.113.54	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	GB TO-S-2019-0972 Malware Activity
217.61.121.48	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logon (IP=,IT)
217.61.130.111	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=111,ES)
217.61.14.223	24	RR	None	2019-02-10 00:00:00	2020-01-27 00:00:00	None	Failed password for invalid user (IP=223,DK) | updated by CR Block was inactive. Reactivated on 20191029 with reason Failed password 6 hr Failed Logon (IP=223,IT)
217.61.15.38	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password_Failed Logon (IP=38,IT)
217.61.175.112	24	RR	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=112,IT)
217.61.18.177	24	EDBT	None	2017-04-01 05:00:00	2020-01-26 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=177,IT) | updated by KF with reason Failed Password_6 Hr Failed Logons (IP=93,IT)
217.61.20.173	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	GB TO-S-2020-0088 Malicious Web Application Activity
217.61.20.209	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	GB TO-S-2020-0088 Malicious Web Application Activity
217.61.208.112	32	wmp	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HIVE Case #3479 COLS-NA-TIP-20-0246 (IP=112,ES)
217.61.220.99	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=99,DK)
217.63.99.3	24	KF	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=3,DK)
217.64.32.0	20	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	FI TO-S-2019-0938 Malicious Email Activity
217.65.17.117	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password - Failed Logons (IP=117,DE)
217.66.226.175	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=175,PS)
217.69.6.232	24	RB	None	2018-06-02 05:00:00	2020-07-29 00:00:00	None	ET SCAN Potential SSH Scan | updated by dbc with reason FR TO-S-2019-0852 Malicious Email Activity
217.72.11.88	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=88,RU)
217.74.65.205	32	dbc	None	2020-06-30 00:00:00	2020-09-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=205,PL)
217.74.65.205	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=205,PL)
217.74.65.207	32	dbc	None	2020-06-30 00:00:00	2020-09-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=207,PL)
217.76.150.93	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=93,PT)
217.76.42.78	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=78,RU)
217.77.49.89	24	RW	None	2020-01-07 00:00:00	2020-04-09 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=89,RU) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=89,RU)
217.79.178.53	24	DT	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=53,DE)
217.8.117.11	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - Sourcefire (IP=11,RU)
217.82.109.135	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=135,DE)
217.9.92.25	24	RR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - Failed Logons (IP=25,RU)
217.92.32.237	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=237,DE)
218.0.220.145	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt - SourceFire (IP=145,CN)
218.1.18.78	24	KF	None	2019-11-03 00:00:00	2020-02-02 00:00:00	None	Failed password_6 Hr Failed Logons (IP=78,CN) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=78,CN)
218.103.188.146	24	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Web Attacks (IP=146,HK)
218.104.204.133	24	EDBT	None	2017-12-10 06:00:00	2020-02-16 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=133,CN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=101,CN)
218.104.231.2	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Failed password for invalid user - Failed Logon (IP=2,CN)
218.107.154.74	24	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Invalid user - Failed Logons (IP=74,CN)
218.13.22.44	24	RR	None	2020-07-28 00:00:00	2020-10-26 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=44,CN)
218.144.26.175	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	KR TO-S-2019-0800 Malware Activity
218.146.168.239	24	RR	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Illegal user - Failed Logons (IP=239,KR)
218.146.64.160	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=160,KR)
218.147.99.252	24	RR	None	2017-11-24 06:00:00	2020-01-21 00:00:00	None	Illegal user (IP=252,KR) | updated by GM with reason Failed password - Failed Logons (IP=252,KR)
218.148.2.244	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6hr web attacks (IP=244,KR)
218.149.106.172	24	RB	None	2019-01-11 06:00:00	2020-01-26 00:00:00	None	Illegal user (IP=172,KR) | updated by RWB Block was inactive. Reactivated on 20191028 with reason Failed password for invalid user - sourcefire (IP=172,KR)
218.150.220.214	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=214 KR)
218.151.100.195	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=195,KR)
218.153.168.50	24	CR	None	2020-05-11 00:00:00	2020-08-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6 hr Web Attacks (IP=50,KR)
218.155.189.208	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=208,KR)
218.156.120.193	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=193,KR)
218.156.26.85	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=85,KR)
218.157.36.45	32	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00496 (IP=45,KR)
218.159.222.152	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	Authentication Failed (IP=152,KR)
218.159.223.107	24	RW	None	2020-01-07 00:00:00	2020-04-09 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=107,KR) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=107,KR)
218.161.0.0	17	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	TW TO-S-2020-0012 Malware Activity
218.164.1.16	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=16,TW)
218.164.110.166	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=37,TW)
218.164.171.226	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=226,TW)
218.164.21.37	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=10,TW)
218.164.71.10	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=53,TW)
218.166.11.53	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=193,TW)
218.17.185.31	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logon (IP=31,CN)
218.17.221.58	24	RR	None	2017-11-23 06:00:00	2020-01-23 00:00:00	None	Illegal user (IP=58,CN) | updated by CR with reason Illegal user (IP=58,CN) | updated by RR with reason Illegal user - Failed Logons (IP=58,CN)
218.17.58.75	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=75,CN)
218.173.133.193	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=29,TW)
218.173.55.29	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=225,TW)
218.18.101.84	24	GLM	None	2018-12-20 06:00:00	2020-01-30 00:00:00	None	Illegal user (IP=84,CN) | updated by RW Block was inactive. Reactivated on 20191030 with reason Failed password - 6hr Failed Logon(IP=84,CN)
218.188.16.72	32	RR	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03459 (IP=72,HK)
218.188.16.84	32	RR	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03460 (IP=84,HK)
218.191.239.218	24	CW	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_web attacks (IP=18,HK)
218.197.16.152	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=152,CN)
218.2.105.133	24	RW	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	Illegal user - 6hr Failed Logon (IP=133,CN)
218.2.198.54	32	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - 6hr Failed Logon (IP=54,CN) | updated by RW Block was inactive. Reactivated on 20191015 with reason Illegal user - 6hr Failed Logon (IP=54,CN)
218.2.208.248	24	BMP	None	2020-01-09 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=248,CN) | updated by KF with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=248,CN)
218.2.99.82	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=82,CN) | updated by DT Block expiration extended with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=220,CN)
218.20.227.30	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	APP-DETECT failed FTP login attempt (1:13360:7)_SourceFire (IP=30,CH)
218.201.115.106	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=106,CN)
218.201.82.182	24	RW	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=146,IN)
218.202.234.66	24	RB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	Failed password_6 hr Failed Logons (IP=66,CN)
218.204.252.42	24	RB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=42,CN)
218.204.253.227	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=227,CN)
218.206.186.33	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=33,CN)
218.207.20.109	32	RW	None	2020-07-01 00:00:00	2020-08-01 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03352 (IP=109,CN)
218.208.81.229	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Drupal 8 remote code execution attempt - sourcefire (IP=,MY)
218.21.170.249	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=249,CN)
218.21.171.55	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=55,CN)
218.211.169.103	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=103,TW)
218.219.246.124	24	RR	None	2019-01-19 00:00:00	2020-02-21 00:00:00	None	Failed password for invalid user (IP=124,JP) | updated by KF Block was inactive. Reactivated on 20191123 with reason Failed password (IP=124,JP)
218.221.117.241	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=241,JP)
218.232.135.95	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=95,KR)
218.232.187.243	32	KF	None	2019-08-29 00:00:00	2020-12-23 00:00:00	None	Immediate Inbound Network Block - TT# 19C03038 (IP=243,US) | updated by JKC Block was inactive. Reactivated on 20191223 with reason HK TO-2020-0212 network threat activity
218.234.206.1	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=1,KR)
218.234.5.51	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	KR TO-S-2019-0658 Malicious Email Activity
218.235.29.87	24	RR	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logons (IP=87,KR)
218.24.106.222	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=222,CN)
218.244.224.0	19	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	CN TO-S-2019-0351 Malware Activity
218.244.44.0	22	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	CN TO-S-2019-0400 Malware Activity
218.248.33.6	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
218.248.39.195	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
218.25.54.11	24	ABC	None	2016-11-29 06:00:00	2020-01-09 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=11 CN) | updated by jkc with reason ET POLICY Suspicious inbound to mySQL | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=21
218.250.192.103	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	Failed password - Web Attacks (IP=103,HK)
218.253.193.235	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=235,HK)
218.255.75.156	32	BMP	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03244 (IP=156,HK)
218.255.75.156	24	KF	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01765 (IP=156,HK)
218.27.78.13	24	DT	None	2020-07-23 00:00:00	2020-10-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=13,CN)
218.28.238.165	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Invalid user - Failed Logons (IP=165,CN)
218.29.79.210	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Illegal user - Failed Logons (IP=210,CN)
218.31.6.21	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=21,CN)
218.32.21.138	24	EDBT	None	2017-05-29 05:00:00	2020-04-08 00:00:00	None	ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack (IP=138,TW) | updated by dbc with reason TW TO-S-2019-
218.32.211.113	24	RR	None	2020-08-22 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt (1:54794:2) - SourceFire (IP=113,TW)
218.32.244.15	24	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=15,TW)
218.35.45.116	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=,TW)
218.39.101.231	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	KR TO-S-2019-0351 Malware Activity
218.4.169.82	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password_6 hr Failed Logons (IP=82,CN)
218.56.34.172	24	GM	None	2020-01-08 00:00:00	2020-04-08 00:00:00	None	Illegal user - Failed Logons (IP=172,CN)
218.59.129.186	24	RR	None	2016-10-24 05:00:00	2020-03-08 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=186,CN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=110,CN)
218.60.22.20	24	RW	None	2020-05-19 00:00:00	2020-08-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=20,CN)
218.60.22.20	32	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02787 (IP=20,CN)
218.60.25.80	32	DT	None	2020-08-15 00:00:00	2020-11-13 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03718 (IP=80,CN)
218.60.41.227	24	GLM	None	2018-08-17 05:00:00	2020-02-23 00:00:00	None	Illegal user (IP=227,CN) | updated by BP with reason Failed password - Failed Logons (IP=227,CN)
218.61.16.133	24	BMP	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=133,CN)
218.61.188.42	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=42,CN)
218.61.195.24	24	RW	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=24,CN)
218.61.5.68	24	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	Illegal user - Failed Logons (IP=69,CN)
218.63.30.129	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - Failed Logons (IP=129,CN)
218.63.37.49	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	Authentication Failed - Failed Logons (IP=49,CN)
218.65.105.120	32	RR	None	2020-05-16 00:00:00	2020-08-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability(CVE-2019-16759) - TT# 20C02804 (IP=120,CN)
218.66.104.120	24	CW	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	HTTP: SQL Injection Attempt Detected_web attacks (IP=20,CN)
218.69.91.84	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password - 6hr Logon (IP=84,CN)
218.7.110.129	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=129,CN)
218.70.144.41	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=41,CN)
218.75.0.0	17	jky	None	2017-08-17 05:00:00	2020-02-16 00:00:00	None	CN TO-S-2017-1441 Recon activity | updated by jky with reason CN TO-S-2017-1427 Recon activity | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=86,CN)
218.75.207.11	24	djs	None	2014-10-09 05:00:00	2020-01-19 00:00:00	None	Setup.php access (ip=11,CN) | updated by KF with reason INDICATOR-SCAN SSH brute force login attempt_6 Hr Failed Logons (IP=11,CN)
218.75.216.20	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=20,CN)
218.76.223.50	32	BMP	None	2020-06-13 00:00:00	2020-12-23 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03153 (IP=50,CN) | updated by BMP Block was inactive. Reactivated on 20200923 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759
218.76.223.50	32	BMP	None	2020-06-13 00:00:00	2020-12-23 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03153 (IP=50,CN) | updated by BMP Block was inactive. Reactivated on 20200923 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759
218.76.52.78	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=78,CN)
218.76.52.78	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=78,CN)
218.76.52.78	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=78,CN)
218.76.52.78	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=78,CN)
218.76.52.78	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=78,CN)
218.78.10.183	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=183,CN)
218.78.15.23	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=23,CN)
218.78.53.37	24	GM	None	2019-11-12 00:00:00	2020-02-12 00:00:00	None	Invalid user - Failed Logons (IP=37,CN)
218.78.54.80	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=80,CN)
218.84.234.178	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=178,CN)
218.86.94.87	24	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=87,CN)
218.86.95.80	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=80,CN)
218.89.107.200	32	CR	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03450 (IP=200,CN)
218.92.0.0	16	dbc	None	2018-09-19 05:00:00	2020-02-26 00:00:00	None	CN TO-S-2018-1149 Malicious Web Application Activity | updated by RB with reason Failed password_6 hr Failed Logons (IP=148,CN) | 2020-02-26 | 2019-09-19
218.92.0.131	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=131,CN)
218.92.0.138	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_6 Hr Failed Logons (IP=138 CN)
218.92.0.148	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=148,CN)
218.92.0.160	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=160,CN)
218.92.0.163	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=163,CN)
218.92.0.164	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=164,CN)
218.92.0.168	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=168,CN)
218.92.0.175	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=175,CN)
218.92.0.180	24	KF	None	2019-10-04 00:00:00	2020-02-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_6 Hr Failed Logons (IP=180,CN) | updated by KF Block expiration extended with reason Failed password (IP=180,CN)
218.92.0.184	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed (IP=184,CN)
218.92.0.193	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=193,CN)
218.93.239.44	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Illegal user - 6hr Logon (IP=44,CN)
218.93.242.190	24	BMP	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=190,CN)
218.95.182.135	24	DT	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=135,CN)
218.95.183.34	24	RR	None	None	2020-07-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=34,CN)
218.95.211.1	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=1,CN)
219.114.12.19	24	RR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=19,JP)
219.117.235.154	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - Failed Logons (IP=154,JP)
219.129.33.114	24	RR	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=114,CN) | updated by RW Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=146,IN)
219.135.102.84	24	RW	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=84,CN)
219.141.176.186	24	RB	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	Illegal user_6 hr Failed Logons (IP=186,CN)
219.141.190.195	24	RB	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Timeout before authentication for_6 hr Failed Logons (IP=195 CN)
219.142.106.179	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=179,CN)
219.142.140.2	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Failed password - 6hr Logons (IP=2,CN)
219.145.173.7	24	KF	None	2020-03-07 00:00:00	2020-06-05 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=7,CN)
219.148.37.34	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	Failed password for invalid user_Failed Logon (IP=34,CN)
219.150.128.0	17	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CN TO-S-2019-0952 Malware Activity
219.152.171.128	24	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=128,CN)
219.154.126.132	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=132,CN)
219.154.81.75	24	RW	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=75,CN)
219.154.97.111	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=111,CN)
219.155.127.135	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=135,CN)
219.155.176.109	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=109,CN)
219.155.178.229	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=229,CN)
219.155.181.40	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=40,CN)
219.155.182.52	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=52,CN)
219.155.183.225	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=225,CN) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
219.155.218.247	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=247,CN)
219.155.227.109	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=109,CN)
219.155.96.41	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=41,CN)
219.155.99.105	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=105,CN)
219.156.181.4	24	BMP	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=4,CN)
219.156.225.234	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=234,CN)
219.157.135.4	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6hr web attacks (IP=4,CN)
219.233.79.162	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Illegal user - Failed Logons (IP=162,CN)
219.239.27.158	24	RB	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Illegal user_6 hr Failed Logons (IP=158,UA)
219.240.39.215	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	KR TO-S-2019-0577 Malicious Email Activity
219.65.122.2	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
219.68.170.14	24	EDBT	None	2018-04-08 05:00:00	2020-02-19 00:00:00	None	ET SCAN Potential SSH Scan (IP=14 TW) | updated by RB with reason SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt_6 hr web attacks (IP=139,TW) | 2020-02-19 | 2018-07-07
219.68.171.57	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=57,TW)
219.76.153.39	24	RR	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=39,HK)
219.76.247.105	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=105,HK)
219.76.251.217	24	GM	None	2020-06-10 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=217,HK)
219.77.152.240	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_SourceFire (IP=40,HK)
219.83.162.23	24	20200120	None	None	2020-01-20 00:00:00	None	Illegal user - Fail Logins (IP=23,CN) | updated by RWB Block was inactive. Reactivated on 20191022 with reason Illegal user - Fail Logins (IP=23,CN)
219.84.192.0	19	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	TW TO-S-2019-0839 Malicious Email Activity
219.85.50.49	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=49,TD)
219.89.127.122	24	CW	None	2020-01-05 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_SourceFire (IP=22,NZ) | updated by CW Block expiration extended with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_SourceFire (IP=22,NZ)
219.90.65.0	24	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	IN TO-S-2019-0952 Malicious Email Activity
219.91.222.148	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password_Faield Logon (IP=48,IN)
219.91.57.26	24	BMP	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=26,TW)
219.92.166.83	24	RB	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_6 hr web attacks (IP=83,MY)
219.92.168.244	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=244,MY)
219.92.25.65	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=65,MY)
219.92.252.157	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=157,MY)
219.92.26.107	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=107,MY)
219.92.68.135	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=135,MY)
219.92.90.157	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=157,MY)
219.93.106.33	24	CR	None	2018-10-16 05:00:00	2020-04-07 00:00:00	None	Illegal user (IP=33,MY)   | updated by RW Block was inactive. Reactivated on 20200107 with reason Authentication Failed - 6hr Failed Logon(IP=33,MY)
219.94.192.71	24	RW	None	2019-12-17 00:00:00	2020-03-17 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=71,JP)
219.94.95.83	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Invalid user - Failed Logon (IP=,GB)
220.117.241.220	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	KR TO-S-2019-0816 Malware Activity
220.117.241.223	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	KR TO-S-2019-0864 Malicious Email Activity
220.117.241.232	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	KR TO-S-2020-0088 Malicious Email Activity
220.119.203.83	24	GM	None	2019-10-18 00:00:00	2020-01-18 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=83,KR)
220.120.106.254	24	RB	None	2018-02-24 06:00:00	2020-02-05 00:00:00	None	ET SCAN Potential SSH Scan (IP=254,KR) | updated by RR with reason Illegal user (IP=254,KR) | updated by RWB Block was inactive. Reactivated on 20191107 with reason Failed password for invalid user - Failed Logon (IP=254,KR)
220.122.247.160	24	GM	None	2020-01-10 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - Web Attacks (IP=160,KR)
220.126.116.188	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - Failed Logons (IP=188,KR)
220.130.10.13	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=13,TW)
220.130.190.13	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=13,TW)
220.130.222.156	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password_6 hr Failed Logons (IP=156,TW)
220.133.225.29	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,TW)
220.133.227.150	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Web Attacks(IP=150,TW)
220.133.95.68	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=68,TW)
220.134.106.87	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt_Web attacks (IP=87,TW)
220.135.116.228	24	CR	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=228,TW)
220.135.120.122	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password_6 hr Failed Logons_CPC (IP=9 ID) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
220.135.135.63	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=63,TW)
220.135.22.121	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=121,TW)
220.135.250.95	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=95,TW)
220.135.86.102	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=102,TW)
220.137.5.225	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=228,TW)
220.142.163.228	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=156,TW)
220.142.83.44	24	RR	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=44,TW)
220.143.28.156	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=156,TW)
220.144.209.43	24	RR	None	2020-01-20 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=43,JP) | updated by RWB with reason Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,JP)
220.149.241.72	24	RR	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	Illegal user - Failed Logons (IP=72,KR)
220.156.164.166	24	CW	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	Illegal User_Failed Logon (IP=66,NC)
220.158.161.224	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=224,IN)
220.161.66.134	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password (IP=134,CN)
220.162.165.28	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=28,CN)
220.165.9.187	32	RB	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03106 (IP=187,CN)
220.167.105.172	24	KF	None	2020-05-31 00:00:00	2020-08-29 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=172,CN)
220.167.113.231	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=231,CN)
220.168.22.188	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=188,CN)
220.168.31.74	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=74,CN)
220.168.39.241	24	RB	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=241 CN)
220.170.143.137	24	CR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 hr web attacks (IP=137,CN)
220.170.193.1	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password_Failed Logon (IP=1,CN)
220.176.160.119	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=119,CN)
220.179.138.9	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=9,CN)
220.179.68.246	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logon (IP=246,CN)
220.180.104.130	24	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	APP-DETECT failed FTP login attempt - Web Attacks (IP=130,CN)
220.180.238.9	24	CR	None	2019-12-27 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=9,CN)
220.182.9.74	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=74,CN)
220.184.99.23	24	BMP	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=CN,23)
220.187.195.147	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=147,CN)
220.197.219.214	24	RB	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=214,CN)
220.200.161.255	24	CR	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=255,CN)
220.200.164.156	24	CR	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=156,CN)
220.200.167.17	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=17,CN)
220.201.161.54	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=54,CN)
220.225.103.131	24	BMP	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=131,IN)
220.225.40.146	24	GM	None	2019-12-16 00:00:00	2020-03-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=146,IN)
220.237.131.112	24	BMP	None	2020-01-31 00:00:00	2020-05-25 00:00:00	None	Authentication Failed - 6hr Failed Logons (IP=112,AU) | updated by RB Block expiration extended with reason Authentication Failed_6 hr Failed Logons (IP=112,AU)
220.243.133.61	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=61,CN)
220.243.178.128	24	RR	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Failed password - Failed Logons (IP=128,)
220.244.109.225	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=225,AU)
220.244.61.190	24	GM	None	2020-06-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=190,UA)
220.244.98.26	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=26,AU)
220.247.168.42	24	GM	None	2020-09-12 00:00:00	2020-12-12 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Web Attacks (IP=42,ID)
220.247.222.58	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=58,LK)
220.248.20.74	24	RW	None	2020-07-19 00:00:00	2020-10-19 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=74,CN)
220.248.30.58	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
220.248.58.58	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Illegal user_6 hr Failed Logons (IP=58,CN)
220.250.63.150	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=150,CN)
220.76.107.50	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Failed password - 6hr Logons (IP=50,KR)
220.76.122.212	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	KR TO-S-2019-0626.01 Malicious Email Activity
220.76.205.178	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=178,KR)
220.76.77.121	24	KF	None	2020-02-02 00:00:00	2020-05-04 00:00:00	None	Illegal user (IP=121,KR) | updated by KF Block expiration extended with reason Illegal user (IP=121,KR) | updated by RB Block expiration extended with reason Illegal user_6 hr Failed Logons_CPC (IP=121,KR)
220.80.122.233	24	RW	None	2020-07-24 00:00:00	2020-10-24 00:00:00	None	KR SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=233,KR)
220.85.233.145	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=145,KR)
220.92.137.39	24	CR	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	APP-DETECT failed FTP login attempt_6 hr failed logon (IP=39,KR)
220.92.153.250	24	RR	None	2020-01-23 00:00:00	2020-06-12 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - SourceFire (IP=250,KR) | updated by BMP Block expiration extended with reason SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - SourceFire (IP=250,KR)
220.94.205.226	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=226,KR)
220.94.32.178	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt_Web attacks (IP=78,KR)
221.11.20.167	24	RR	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt (1:40446:3) - SourceFire (IP=167,CN)
221.11.60.156	24	FT	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=156,CN)
221.12.175.78	24	GM	None	2020-07-12 00:00:00	2020-10-12 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attack (IP=78,CN)
221.12.19.202	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=202,CN)
221.12.63.69	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Illegal user - 6hr Logons (IP=69,CN)
221.120.236.50	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=50,PK)
221.122.125.68	24	RW	None	2020-03-26 00:00:00	2020-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=68,CN)
221.122.59.121	24	RB	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Illegal user_6 hr Failed Logons (IP=121,CN)
221.122.67.66	24	RB	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Invalid user_6 hr Failed Logons (IP=66,CN)
221.124.159.63	32	RW	None	2020-04-03 00:00:00	2020-05-03 00:00:00	None	FTKNOX_HRC_IPS Signature: Known Attack Tool User Agent - TT# 20C02336 (IP=63,HK)
221.124.197.186	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=186,HK)
221.125.165.59	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Failed password for invalid user -Failed Logons (IP=59,HK)
221.127.32.98	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (1:44688:3) (IP=98,HK)
221.13.12.196	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=196,CN)
221.13.12.244	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt - SourceFire (IP=244,CN)
221.13.12.63	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt - SourceFire (IP=63,CN)
221.13.203.135	24	CR	None	2019-01-09 06:00:00	2020-01-29 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (IP=135,CN) | updated by RB with reason SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt_6 hr web attacks (IP=135 CN) | 2020-01-29 | 2019-04-09
221.13.204.46	24	KF	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (IP=46,CN)
221.13.74.246	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - SourceFire (IP=246,CN)
221.14.105.229	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=229,CN)
221.144.19.147	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=147,KR)
221.144.61.3	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Authentication Failed - 6hr Logons (IP=3,KR)
221.144.61.3	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Illegal user - 6hr Logons (IP=3,KR)
221.146.226.234	24	JC	None	2015-03-13 05:00:00	2020-01-04 00:00:00	None	TCP HOST SWEEPS (IP=234 , KR) | updated by RR with reason APP-DETECT failed FTP login attempt (IP=104,KR) | updated by RB with reason APP-DETECT failed FTP login attempt_6 hr Failed Logons (IP=98 KR) | 2020-01-04 | 2019-07-21
221.148.45.1	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Failed password - Failed Logons (IP=1,KR)
221.15.96.95	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=,CN)
221.151.112.217	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=217,KR)
221.157.203.236	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - 6hr web attacks (IP=236,KR)
221.159.172.233	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=233,KR)
221.160.177.85	24	RB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=85,KR)
221.161.31.8	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=8,KR)
221.178.125.16	24	KF	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=16,CN)
221.178.127.224	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=224,CN)
221.178.54.73	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=,CN)
221.182.216.202	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Illegal user_6 hr Failed Logons (IP=202,CN)
221.194.137.28	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=28,CN)
221.2.158.54	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=54,CN)
221.201.195.5	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
221.201.200.160	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=160,CN)
221.203.29.45	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=45,CN)
221.204.11.23	24	JC	None	2015-03-12 05:00:00	2020-03-08 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=23 , CN) | updated by RR with reason ET POLICY Suspicious inbound to MSSQL | updated by RR with reason Failed password - Failed Logons (IP=1,CN)
221.204.12.149	24	20200120	None	None	2020-01-20 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - WebAttacks (IP=149,CN) | updated by RWB Block was inactive. Reactivated on 20191022 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attemp
221.204.170.238	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=238,CN)
221.207.10.59	24	CR	None	2019-06-17 00:00:00	2020-03-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attack (IP=59,CN) | updated by RR with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=59,CN)
221.210.211.29	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6hr web attacks (IP=29,CN)
221.212.111.66	24	RB	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=66,CN)
221.213.150.171	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=171,CN)
221.213.151.7	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=7,CN)
221.214.240.21	24	RR	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Failed password for invalid user - Failed Logons (IP=21,CN)
221.216.212.35	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=35,CN)
221.217.49.147	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=,CN)
221.217.50.2	24	CW	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	Authentication Failed_Failed Logon (IP=2,CN)
221.225.110.136	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	APP-DETECT failed FTP login attempt_Failed Logon (IP=36,CN)
221.225.182.229	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=229,CN)
221.225.83.148	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=148,CN)
221.226.15.104	24	BMP	None	2020-01-09 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=104,CN) | updated by KF with reason SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=104,CN)
221.228.159.3	24	RR	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=3,CN)
221.231.86.236	32	RB	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03774 (IP=236,CN)
221.236.53.167	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=67,CN)
221.237.182.153	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Attempted User Privilege Gain - SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=,CN)
221.238.227.43	32	RB	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01828 (IP=43,CN)
221.239.86.19	24	RB	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Illegal user_6 hr Failed Logons (IP=19,CN)
221.4.48.252	24	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_SourceFire (IP=252 CN)
221.4.60.164	24	RB	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Illegal user_6 hr Failed Logons (IP=164,CN)
221.6.22.203	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password for invalid user - Failed Logons (IP=203,CN)
221.7.213.133	24	GLM	None	2018-07-16 05:00:00	2020-04-30 00:00:00	None	Illegal user (IP=133,CN) | updated by GM Block was inactive. Reactivated on 20200131 with reason Failed password - Web Attacks (IP=133,CN)
222.102.27.18	24	ABC	None	2015-08-28 05:00:00	2020-02-14 00:00:00	None	Bro-observed Port Scanning (IP=18,Korea, Republic of) | updated by RR with reason TELNET: Password Brute Force (IP=16,KR) | 20 | updated by RB with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=16,K
222.114.43.115	24	RR	None	2020-07-29 00:00:00	2020-10-27 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=115,KR)
222.117.173.170	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Logon (IP=170,KR)
222.117.222.209	24	BMP	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=209,KR)
222.120.192.106	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=106,KR)
222.121.231.183	24	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Illegal user - Fail Logins (IP=183,KR)
222.122.31.133	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=133,KR)
222.122.84.56	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	KR TO-S-2019-0816 Malicious Email Activity
222.124.187.67	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=67,ID)
222.127.1.115	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=115,PH)
222.127.163.193	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Authentication Failed - Failed Logons (IP=193,PH)
222.127.86.1	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=1,PH)
222.128.172.119	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Invalid user - Failed Logon (IP=119,CN)
222.128.93.67	24	RR	None	2018-12-13 06:00:00	2020-02-06 00:00:00	None	Failed password for invalid user (IP=67,CN) | updated by GM with reason Failed password - Failed Logons (IP=67,CN)
222.129.142.110	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=110,CN)
222.133.167.168	24	EDBT	None	2018-02-04 06:00:00	2020-04-16 00:00:00	None	ET SCAN Potential SSH Scan (IP=168,CN) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=87,CN)
222.136.148.122	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=122,CN)
222.137.102.68	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=68,CN)
222.138.101.142	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=142,CN)
222.138.143.52	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=52,CN)
222.138.182.231	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=231,CN)
222.138.185.221	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=221,CN)
222.138.239.137	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	APP-DETECT failed FTP login attempt (1:13360:7)_SourceFire (IP=137,CN)
222.139.222.136	24	FT	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=136,CN)
222.139.222.227	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=227,CN)
222.139.225.51	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=51,CN)
222.139.83.153	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=153,CN)
222.139.84.243	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=243,CN)
222.139.88.63	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Web Attacks (IP=63,CN)
222.140.15.15	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=15,CN)
222.140.161.128	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=128,CN)
222.141.113.209	24	RB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=209,CN)
222.142.113.226	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=226,CN)
222.142.137.225	24	RB	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=225,CN)
222.142.194.167	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=167,CN)
222.142.203.65	24	RW	None	2019-10-02 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6 hr web attacks (IP=65,CN)
222.142.236.127	24	RR	None	2020-01-03 00:00:00	2020-04-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=127,CN)
222.142.247.6	24	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=6,CN)
222.153.154.219	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=219,NZ)
222.158.101.91	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=91,JP)
222.163.37.129	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=29,CN)
222.165.133.199	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=199,LK)
222.170.63.27	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=27,CN)
222.170.73.37	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password (IP=37,CN)
222.171.81.7	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=7,CN)
222.172.23.141	24	20200120	None	None	2020-01-20 00:00:00	None	APP-DETECT | updated by 20200120 Block was inactive. Reactivated on RWB with reason APP-DETECT failed FTP login attempt - Fail Logins (IP=141,CN) | updated by RWB Block was inactive. Reactivated on 20191022 with reason APP-DETECT failed FTP login atte
222.175.125.66	24	RR	None	2019-04-29 00:00:00	2020-01-09 00:00:00	None	Authentication Failed (IP=66,CN) | updated by RR with reason Authentication Failed - Failed Logons (IP=66,CN)
222.180.162.1	24	JC7	None	2014-10-06 05:00:00	2020-01-26 00:00:00	None	ET POLICY Suspicious inbound to | updated by KF with reason Failed Password_6 Hr Failed Logons (IP=8,CN)
222.180.173.77	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	SQL SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=77,CN)
222.180.173.77	32	BMP	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03474 (IP=77,CN)
222.180.199.98	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=98,CN)
222.185.0.0	16	sym	None	2014-08-17 05:00:00	2020-03-13 00:00:00	None	Subnet update related to increased activity (CN) | updated by ged with reason ET POLICY Suspicious inbound to MSSQL port 1433 | updated by CR with reason HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability_CIRT Web Attacks -
222.186.130.200	32	wmp	None	2020-08-11 00:00:00	2020-11-11 00:00:00	None	HIVE Case #3542 CTO-20-221 (IP=200,CN)
222.186.151.175	24	RR	None	2020-05-09 00:00:00	2020-08-07 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (IP=175,CN)
222.186.169.192	24	RW	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=146,IN)
222.186.169.194	24	BP	None	2019-11-15 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=194,CN) | updated by KF Block expiration extended with reason Failed (IP=194,CN)
222.186.173.154	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=154,CN)
222.186.173.180	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed (IP=180,CN)
222.186.173.215	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=215,CN)
222.186.173.226	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed (IP=226,CN)
222.186.173.238	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=238,CN)
222.186.175.147	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed (IP=147,CN)
222.186.175.148	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=148,CN)
222.186.175.155	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=155,CN)
222.186.175.202	24	KF	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Failed password - 6 Hr Failed Logons (IP=202,CN)
222.186.175.217	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed (IP=217,CN)
222.186.175.220	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed (IP=220,CN)
222.186.180.147	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=147,CN)
222.186.180.17	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=17,CN)
222.186.180.6	24	KF	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Failed password - 6 Hr Failed Logons (IP=6,CN)
222.186.192.147	24	DT	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=147,CN)
222.186.24.46	24	KF	None	2020-05-23 00:00:00	2020-08-21 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C02898 (IP=46,CN)
222.186.24.46	24	KF	None	2020-05-23 00:00:00	2020-08-21 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C02898 (IP=46,CN)
222.187.0.0	16	sym	None	2014-08-17 05:00:00	2020-04-11 00:00:00	None	Subnet update related to increased activity (CN) | updated by ABC with reason ET SCAN Potential SSH Scan (IP=226,China) | up | updated by CW with reason Timeout before authentication for (IP=71,CN)
222.188.0.0	16	sym	None	2014-08-17 05:00:00	2020-04-18 00:00:00	None	Subnet update related to increased activity (CN) | updated by ABC with reason Suspicious inbound to mySQL (IP=126,CN) | upda | updated by KF with reason APP-DETECT failed FTP login attempt (1:13360:7)_SourceFire (IP=156,CN) | updated by KF with rea
222.188.149.62	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=62,CN) | not blocked because This is a home router
222.188.26.55	24	RW	None	2020-06-12 00:00:00	2020-09-12 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=55,CN)
222.190.143.206	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=206,CN)
222.209.207.16	24	CR	None	2019-11-28 00:00:00	2020-02-28 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=16,CN)
222.209.214.79	24	CR	None	2019-12-27 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=79,CN)
222.209.83.72	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=72,CN)
222.21.80.116	24	GLM	None	2018-08-17 05:00:00	2020-01-21 00:00:00	None	Illegal user (IP=116,CN) | updated by GM with reason Illegal user - Failed Logons (IP=250,CN)
222.211.180.159	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	APP-DETECT failed FTP login attempt_Failed Logon (IP=59,CN)
222.216.2.216	24	CR	None	2019-10-18 00:00:00	2020-01-18 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=216,CN)
222.219.129.71	24	BMP	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=71,CN)
222.220.238.129	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=129 CN)
222.220.68.4	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=4,CN) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
222.222.141.171	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=171,CN)
222.223.152.221	24	RR	None	None	2020-06-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=221,CN)
222.223.188.51	24	RB	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=51,CN)
222.223.238.146	24	RB	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Illegal user_6 hr Failed Logons (IP=146,CN)
222.228.19.12	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=12,JP)
222.232.29.235	24	CW	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	Authentication Failed_Failed Logon (IP=35,KR)
222.236.198.50	24	CR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	Failed password - 6 hr Failed Logon (IP=50,KR)
222.236.46.5	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	KR TO-S-2020-0056 Malware Activity
222.239.78.88	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Illegal user_Failed Logon (IP=88,KR)
222.239.91.58	24	jky	None	2016-10-19 05:00:00	2020-08-22 00:00:00	None	KR TO-S-2017-0113 Malicious CNE activity | updated by JKC with reason WPC REGIONAL Fireeye multiple alerts MPS (IP=38, KR) | updated by dbc with reason KR TO-S-2019-0926 Malicious Reconnaissance Activity
222.240.105.72	24	CR	None	2020-01-06 00:00:00	2020-04-06 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=72,CN)
222.240.236.178	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=178,CN)
222.240.33.84	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=84,CN)
222.242.223.75	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=75,CN)
222.244.126.231	24	BMP	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=231,CN)
222.244.167.76	24	RB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=76,CN)
222.244.219.117	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=117,CN)
222.244.234.17	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=17,CN)
222.244.246.83	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=83,CN)
222.245.224.61	24	KF	None	2020-04-18 00:00:00	2020-07-17 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=61,CN)
222.245.33.171	24	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=171,CN)
222.245.38.243	24	BMP	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=243,CN)
222.245.46.145	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=145,CN)
222.245.47.199	24	CR	None	2019-12-21 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=199,CN)
222.247.103.160	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=160,CN)
222.247.108.29	24	KF	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=29,CN)
222.247.11.49	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=49,CN)
222.247.114.75	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=75,CN)
222.247.179.114	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=114,CN)
222.247.201.167	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=167,CN)
222.247.9.111	24	RW	None	2019-12-25 00:00:00	2020-03-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=111,CN) | updated by RWB Block expiration extended with reason Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection
222.249.173.26	24	RR	None	2020-09-19 00:00:00	2020-12-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=26,CN)
222.252.0.0	14	dbc	None	2018-10-23 05:00:00	2020-02-19 00:00:00	None	VN TO-S-2019-0067.01 Malware Activity | updated by RW with reason Illegal user - 6hr Failed Logon (IP=241,VN) | updated by BP with reason Authentication Failed - 6hr Failed Logon (IP=11,VN)
222.252.16.140	24	MLJ	None	2017-11-08 06:00:00	2020-04-30 00:00:00	None	ET SCAN Potential SSH Scan (IP=140,VN) | updated by GM Block was inactive. Reactivated on 20200131 with reason Failed password - Web Attacks (IP=140,VN)
222.252.17.51	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=51,VN)
222.252.25.241	24	RW	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	Illegal user - 6hr Failed Logon (IP=241,VN)
222.252.30.11	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=11,VN)
222.252.30.117	24	RR	None	2018-08-14 05:00:00	2020-02-19 00:00:00	None	Illegal user (IP=117,VN) | updated by BP Block was inactive. Reactivated on 20191119 with reason Authentication Failed - 6hr Failed Logon (IP=117,VN)
222.64.90.69	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=69,KR)
222.65.0.0	16	dbc	None	2016-10-26 05:00:00	2020-04-19 00:00:00	None	CN TO-S-2017-0089 Malware Callbacks - Malware Binary | updated by KF with reason SERVER-WEBAPP D-Link DSL-2750B routers login. | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=232,CN)
222.66.0.0	16	dbc	None	2016-10-26 05:00:00	2020-03-25 00:00:00	None	CN TO-S-2017-0089 Malware Callbacks - Malware Binary | updated by CW with reason Illegal user_Failed Logon (IP=02,CN)
222.71.0.0	16	dbc	None	2016-10-26 05:00:00	2020-02-11 00:00:00	None	CN TO-S-2017-0089 Malware Callbacks - Malware Binary | updated by CR with reason Failed password (IP=10,CN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=229,CN)
222.74.0.0	16	dbc	None	2016-10-26 05:00:00	2020-02-13 00:00:00	None	CN TO-S-2017-0089 Malware Callbacks - Malware Binary | updated by GM with reason Illegal user_CIRT Failed logons (IP=26,CN) | updated by RR with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=141,CN)
222.74.186.134	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=134,CN)
222.76.212.13	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=13,CN)
222.78.194.182	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=182,CN)
222.80.0.0	15	dbc	None	2016-10-26 05:00:00	2020-04-17 00:00:00	None	CN TO-S-2017-0089 Malware Callbacks - Malware Binary | updated by RR with reason SERVER-WEBAPP D-Link DSL-2750B routers login. | updated by RR with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=1,
222.81.2.28	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=28,CN)
222.82.228.98	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Illegal user - Failed Logons (IP=98,CN)
222.82.228.98	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Illegal user - Failed Logons (IP=98,CN)
222.83.110.68	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Invalid user - Failed Logon (IP=68,CN)
222.84.187.222	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=222,CN)
222.84.187.222	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
222.92.0.0	14	dbc	None	2016-10-26 05:00:00	2020-04-09 00:00:00	None	CN TO-S-2017-0089 Malware Callbacks - Malware Binary | updated by GLM with reason Illegal user (IP=69,CN) | updated by KF wi | updated by RB with reason Timeout before authentication for_6 hr Failed Logons (IP=210,CN) | 2019-09-12 | 2019-05-09 | u
222.92.139.158	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
222.92.200.50	32	GM	None	2020-08-18 00:00:00	2020-11-18 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C03734 (IP=50,CN)
222.93.104.213	24	GM	None	2019-04-14 00:00:00	2020-04-03 00:00:00	None	APP-DETECT failed FTP login attempt (IP=213,CN) | updated by RB with reason Illegal user_6 hr Failed Logons (IP=209,CN) | 2020-04-03 | 2019-06-14
222.94.163.113	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=113,CN)
222.94.212.116	24	RR	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (1:41697:2) - SourceFire (IP=116,CN)
222.98.37.25	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password - Failed Logons (IP=25,KR)
223.100.140.217	24	GM	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=217,CN)
223.100.160.5	32	GM	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C03748 (IP=5,CN)
223.100.164.221	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=221,CN)
223.100.24.248	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Illegal user - 6hr Logons (IP=248,CN)
223.104.16.109	24	RR	None	2017-07-27 05:00:00	2020-02-08 00:00:00	None	APP-DETECT failed FTP login attempt (IP=109,CN) | updated by RB with reason SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=138,CN) | 2020-02-08 | 2017-10-25
223.112.218.250	24	CW	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	Illegal user_Failed Logon (IP=50,CN)
223.113.103.183	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=183,CN)
223.113.74.54	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=54,CN)
223.130.16.68	24	BMP	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=68,PH)
223.130.23.98	24	RW	None	2019-10-25 00:00:00	2020-01-25 00:00:00	None	SERVER-APACHE Apache Tomcat remote JSP file upload attempt - Sourcefire (IP=98,ID)
223.130.6.246	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	IN TO-S-2019-0604 Malicious Email Activity
223.146.123.129	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=129,CN)
223.146.14.219	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=19,CN)
223.149.0.212	24	BMP	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=212,CN)
223.149.1.126	24	RW	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=126,CN)
223.149.105.231	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=231,CN)
223.149.106.241	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=241,CN)
223.149.107.246	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=246,CN)
223.149.109.144	24	KF	None	2020-01-07 00:00:00	2020-04-06 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=144,CN)
223.149.111.70	24	RB	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=70,CN)
223.149.140.117	24	RR	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=117,CN)
223.149.143.207	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=207,CN)
223.149.151.168	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=168,CN)
223.149.157.151	24	RR	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=151,CN)
223.149.160.178	24	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=178,CN)
223.149.161.31	24	RB	None	2020-01-10 00:00:00	2020-04-12 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks_ (IP=31,CN) | updated by BMP Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=31,CN)
223.149.162.166	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=166,HK)
223.149.168.104	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=104,CN)
223.149.176.178	24	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=178,CN)
223.149.177.121	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=121,CN)
223.149.179.18	24	RB	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=18,CN)
223.149.180.133	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=133,CN)
223.149.182.205	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=205,CN)
223.149.185.20	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=20,CN)
223.149.186.223	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=223,CN)
223.149.187.59	24	RB	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_6 hr web attacks (IP=59 CN)
223.149.2.7	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=7,CN)
223.149.20.128	24	RR	None	2019-12-11 00:00:00	2020-03-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=128,CN)
223.149.200.180	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=80,CN)
223.149.201.82	24	RB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=82,CN)
223.149.202.38	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=38,CN)
223.149.203.249	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=249,CN)
223.149.204.106	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=106,CN)
223.149.205.113	24	KF	None	2019-12-11 00:00:00	2020-03-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=113,CN)
223.149.206.32	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=32,CN)
223.149.21.26	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=26,CN)
223.149.228.8	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=8,CN)
223.149.229.240	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=240,CN)
223.149.232.218	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=218,CN)
223.149.235.25	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=25,CN)
223.149.240.227	24	GM	None	2019-12-24 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=227,CN)
223.149.241.201	24	CW	None	2020-01-05 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=1,CN) | updated by CW Block expiration extended with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=1,CN)
223.149.242.87	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Web attacks (IP=87,CN)
223.149.243.167	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=167,CN)
223.149.244.228	24	CR	None	2020-01-01 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=228,CN)
223.149.245.6	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=6,CN)
223.149.246.159	24	GM	None	2019-12-24 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=159,CN)
223.149.247.42	24	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=42,CN)
223.149.250.192	24	CW	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt _SourceFire (IP=92,CN)
223.149.251.239	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=239,CN)
223.149.253.86	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=86,CN)
223.149.254.54	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=54,CN)
223.149.255.14	24	RW	None	2019-12-17 00:00:00	2020-03-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=14,CN)
223.149.3.1	24	CW	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=1,CN)
223.149.36.218	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=218,CN)
223.149.37.122	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=122,CN)
223.149.39.38	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=38,CN)
223.149.48.198	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=198,CN)
223.149.49.204	24	KF	None	2019-12-11 00:00:00	2020-03-10 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=204,CN)
223.149.5.58	24	BMP	None	2020-03-15 00:00:00	2020-06-13 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=58,CN)
223.149.52.179	24	RR	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=179,CN)
223.149.53.32	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=32,CN)
223.149.55.5	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=5,CN)
223.149.6.9	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=9,CN)
223.150.225.216	24	RR	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=216,CN)
223.150.226.247	24	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=247,CN)
223.150.229.248	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=248,CN)
223.150.231.152	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=52,CN)
223.150.246.255	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=255,CN)
223.151.175.195	24	KF	None	2020-04-18 00:00:00	2020-07-17 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=195,CN)
223.152.102.213	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=213,CN)
223.152.102.39	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=39,CN)
223.152.109.154	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=154,CN)
223.152.134.130	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=130,CN)
223.152.174.192	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=92,CN)
223.152.180.239	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=239,CN)
223.152.183.118	24	RB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=118,CN)
223.152.185.6	24	RR	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=6,CN)
223.152.197.138	24	RB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=138,CN)
223.152.214.216	24	CW	None	2020-01-05 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=16,CN) | updated by CW Block expiration extended with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=16,CN)
223.152.215.33	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=33,HK)
223.152.39.200	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=200,CN)
223.152.57.198	24	CW	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=98,CN)
223.152.92.16	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=16,CN)
223.152.94.211	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=211,CN)
223.152.95.58	24	BMP	None	2020-03-21 00:00:00	2020-06-19 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=58,CN)
223.152.99.57	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=57,CN)
223.154.41.49	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=49,CN)
223.155.123.15	24	CR	None	2020-01-20 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=15,CN)
223.155.124.226	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=226,CN)
223.155.125.160	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=60,CN)
223.155.133.245	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=245,CN)
223.155.152.54	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=54,CN)
223.155.154.50	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=50,CN)
223.155.162.127	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=127,CN)
223.155.164.12	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=12,CN)
223.155.176.177	24	CR	None	2019-12-27 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=177,CN)
223.155.178.174	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=174,CN)
223.155.180.80	24	BMP	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=80,CN)
223.155.181.157	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=157,CN)
223.155.182.255	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=55,CN)
223.155.212.14	24	BMP	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=14,CN)
223.155.22.43	24	RR	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=43,CN)
223.155.223.34	24	BMP	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=34,CN)
223.155.239.100	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=0,CN)
223.155.32.169	24	RW	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=169,CN)
223.155.33.121	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shellarbitrary command execution attempt (IP=121,CN)
223.155.35.185	24	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=185,CN)
223.155.36.8	24	BMP	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=8,CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=8,CN)
223.155.38.16	24	CR	None	2019-12-27 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=16,CN)
223.155.39.104	24	RW	None	2019-12-19 00:00:00	2020-03-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=104,CN)
223.155.40.61	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=61,CN)
223.155.41.61	24	RW	None	2019-12-17 00:00:00	2020-03-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=61,CN)
223.155.42.10	24	RR	None	2019-12-20 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=10,CN) | updated by BP Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=10,CN)
223.155.43.172	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=72,CN)
223.155.45.23	24	RW	None	2019-12-17 00:00:00	2020-03-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=23,CN)
223.155.46.144	24	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	SQL HTTP URI blind injection attempt (IP=144,GB)
223.155.47.79	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=79,CN)
223.155.82.93	24	CW	None	2020-01-05 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=93,CN) | updated by CW Block expiration extended with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=93,CN)
223.155.84.49	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=49,CN)
223.155.86.194	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=194,CN)
223.155.87.104	24	CR	None	2020-01-06 00:00:00	2020-04-06 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=104,CN)
223.155.93.82	24	RR	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=82,CN)
223.165.6.200	24	GM	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=200,ID)
223.166.75.38	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt - SourceFire (IP=38,CN)
223.17.92.211	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_6 hr web attacks (IP=211,HK)
223.171.32.55	24	RR	None	2018-12-13 06:00:00	2020-02-08 00:00:00	None	Failed password for invalid user (IP=55,KR) | updated by GM with reason Failed password - Failed Logons (IP=56,KR)
223.171.46.146	24	RR	None	2018-12-21 06:00:00	2020-02-25 00:00:00	None	Illegal user (IP=146,KR) | updated by RW Block was inactive. Reactivated on 20191125 with reason Authentication Failed - 6hr Failed Logon(IP=146,KR)
223.176.15.101	24	BMP	None	2020-07-10 00:00:00	2020-10-08 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - SourceFire (IP=101,IN)
223.176.4.157	24	RB	None	2020-07-08 00:00:00	2020-10-08 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr failed logon (IP=157,IN)
223.176.5.71	24	RR	None	2020-07-09 00:00:00	2020-10-07 00:00:00	None	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt (1:49967:2) - SourceFire (IP=71,IN)
223.179.153.143	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=143,IN)
223.18.212.215	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=215,HK) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=215,HK)
223.187.212.20	24	RR	None	2020-07-09 00:00:00	2020-10-07 00:00:00	None	SERVER-WEBAPP Apache Tomcat FileStore directory traversal attempt - Web Attack (IP=20,IN)
223.187.218.34	24	RW	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=34,IN)
223.187.220.69	24	RR	None	2020-07-09 00:00:00	2020-10-07 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attack (IP=69,IN)
223.190.20.50	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=50 IN)
223.190.53.142	24	GM	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=142,CN)
223.190.70.132	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,IN)
223.194.43.60	24	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Authentication Failed - Failed Logons (IP=60,KR)
223.196.87.34	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - Failed Logons (IP=34,IN)
223.198.23.128	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=128,CN)
223.199.154.5	24	RR	None	2019-04-29 00:00:00	2020-01-10 00:00:00	None	APP-DETECT failed FTP login attempt (IP=5,CN) | updated by GM with reason APP-DETECT failed FTP login attempt - Failed Logons (IP=21,CN)
223.204.248.139	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	TH TO-S-2019-0658 Malware Activity
223.204.87.204	24	RB	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=204 TH)
223.221.9.36	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt-Sourcefire (IP=36,CN)
223.224.0.0	12	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	IN TO-S-2019-0972 Malware Activity
223.240.104.222	24	RR	None	None	2020-07-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=222,CN)
223.240.84.196	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=196,CN)
223.240.88.127	24	RR	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=127,CN)
223.244.236.232	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=32,CN)
223.244.87.132	24	BP	None	2019-11-20 00:00:00	2020-02-20 00:00:00	None	Authentication Failed (IP=132,CN)
223.247.194.119	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password for invalid user (IP=119,CN)
223.247.196.15	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=15,CN)
223.25.101.74	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=74,ID)
223.255.0.0	18	tpr	None	2014-09-03 05:00:00	2020-04-17 00:00:00	None	TO-S-2014-1013/Hostile Country | updated by dlb with reason ET POLICY Suspicious inbound to mySQL port 3306 (IP=67, CN) | upd
223.26.138.11	24	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=11,KR)
223.28.244.202	24	RR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=202,KR)
223.31.159.10	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Invalid user - Failed Logons (IP=10,IN)
223.38.11.106	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	KR TO-S-2019-0351 Malware Activity
223.38.24.135	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	KR TO-S-2019-0351 Malware Activity
223.4.70.106	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=106,CN)
223.62.219.242	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	KR TO-S-2019-0351 Malware Activity
223.65.206.214	24	RR	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=214,CN)
223.71.167.61	24	GM	None	2019-11-13 00:00:00	2020-02-13 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=61,CN)
223.71.42.104	24	KF	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=104,CH)
223.72.225.194	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Illegal user - 6hr Logons (IP=194,CN)
223.75.128.52	24	RB	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=52,CN)
223.75.51.13	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password - Failed Logon (IP=13,CN)
223.80.97.23	24	RR	None	2019-05-15 00:00:00	2020-03-06 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6 hr Web attacks (IP=23,CN) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SoureFire (IP=23,CN)
223.83.254.246	32	RB	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=246,CN)
223.83.254.250	24	CR	None	2020-08-29 00:00:00	2020-11-29 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=250,CN)
223.95.78.250	24	CR	None	2019-11-28 00:00:00	2020-02-28 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=250,CN)
227.177.167.107	32	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	Unaffiliated TO-S-2019-0839 Malicious Email Activity
23.100.95.234	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=234,US)
23.101.147.117	32	wmp	None	2020-07-07 00:00:00	2020-08-20 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=117,US) | unblock Storms.ngs.noaa.gov is hosted by this IP.
23.101.238.185	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	AU TO-S-2019-0608 Malware Activity
23.105.163.103	32	RR	None	2020-06-23 00:00:00	2020-09-21 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=103,US)
23.106.122.109	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	SG TO-S-2019-1036 Malware Activity
23.106.122.127	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=127,SG)
23.106.122.176	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	SG TO-S-2019-1036 Malware Activity
23.106.123.134	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	SG TO-S-2019-1036 Malware Activity
23.106.123.50	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	SG TO-S-2019-1036 Malware Activity
23.106.124.218	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	SG TO-S-2019-0952 Malicious Email Activity
23.106.160.238	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=238,US)
23.106.215.76	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malware Activity
23.106.85.216	32	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Known Attack Tool User Agent / 20451: HTTP: OpenVAS Vulnerability Scanner - TT# 20C00996 (IP=216,US)
23.111.228.220	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
23.111.228.228	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
23.111.228.4	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
23.111.69.21	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=21,CA)
23.122.154.251	32	FT	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	HTTP: Web Server HashDoS Attack II - TT# 20C03747 (IP=251,US)
23.129.64.189	32	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Possible SQLi attempt / HTTP: Blind SQL Injection - Timing - TT# 20C00546 (IP=189,DE)
23.144.160.5	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
23.153.112.21	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=21,US)
23.160.193.60	32	RR	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=60,US)
23.186.192.100	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	CA TO-S-2020-0190 Malicious Email Activity
23.19.226.69	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malware Activity
23.19.227.241	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
23.19.67.29	32	RR	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=29,US)
23.19.71.74	32	RW	None	2019-12-17 00:00:00	2020-03-17 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=74,US)
23.19.87.219	32	RR	None	2018-06-30 05:00:00	2020-09-12 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (IP=219,US) | updated by CR Block was inactive. Reactivated on 20200612 with reason Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C03145 (IP=219,US)
23.213.117.64	32	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt - sourcefire (IP=64,US)
23.215.10.60	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	US TO-S-2019-0613 Malware Activity
23.22.60.159	32	KF	None	2020-03-15 00:00:00	2020-06-13 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=159,US)
23.220.96.148	32	RW	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	Possible SQLi attempt / HTTP: Blind SQL Injection - Timing - TT# 20C02783_1 (IP=148,US)
23.223.52.8	32	RWB	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Unknown Traffic - INFORMATIONAL : CIRT : Possible Cosmic Duke APT - sourcefire (IP=8,US)
23.223.53.155	32	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	FILE-FLASH Adobe Flash Player mp4 size memory corruption attempt - SourceFire (IP=155,US)
23.224.160.159	32	GM	None	2020-03-21 00:00:00	2020-06-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=159,US)
23.224.45.82	32	KF	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=82,US)
23.225.161.8	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=8,US)
23.225.168.4	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=4,US)
23.225.172.10	32	RR	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=10,US)
23.225.175.45	32	BMP	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=45,US)
23.225.188.21	32	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=21,US)
23.225.191.32	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=32,US)
23.225.195.28	32	RW	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Hive case 1154 Web app attack
23.225.221.162	32	CR	None	2018-10-09 05:00:00	2020-09-13 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (IP=162,US)Â  | updated by dbc with reason US TO-S-2019-0985 Application Vulnerability Exploit
23.226.128.106	32	BMP	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr Web Attacks (IP=106,US)
23.226.129.105	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
23.226.131.167	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
23.227.161.30	32	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=30,US)
23.227.194.58	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
23.227.201.184	24	ABC	None	2018-02-01 06:00:00	2020-04-26 00:00:00	None	ET SCAN Potential VNC Scan 5900-5920 (IP=184,GB) | updated by dbc with reason US TO-S-2019-0626.01 Malware Activity
23.227.207.175	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=175,GB)
23.227.38.32	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	CA TO-S-2020-0006 Malicious Email Activity
23.228.113.251	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=251,US)
23.228.67.70	32	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=70,US)
23.228.74.58	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=58,US)
23.228.86.244	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	US TO-S-2019-0816 Malicious Email Activity
23.229.148.137	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
23.229.155.195	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
23.229.159.201	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=201,US)
23.229.186.35	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
23.229.188.40	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
23.229.196.200	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
23.229.204.69	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=69, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
23.229.205.4	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=4,US)
23.229.215.136	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	US TO-S-2019-0634 Malicious Web Application Activity
23.229.219.9	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
23.229.233.233	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
23.229.235.196	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
23.229.244.228	32	CR	None	2019-12-04 00:00:00	2020-01-04 00:00:00	None	26332: HTTP: JavaScript createImageBitmap Method Usage - TT# 20C01083 (IP=228,US)
23.23.228.136	32	CW	None	2019-09-29 00:00:00	2020-06-23 00:00:00	None	Unauthorized Access Attempt-TT# 19C03516 (IP=36,US) | updated by RR Block was inactive. Reactivated on 20200325 with reason BOT: Fort Disco bot traffic detected - TT# 20C02222 (IP=136,US)
23.230.247.5	32	dbc	None	2019-03-28 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0551.02 Malicious Email Activity
23.233.1.117	32	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Immediate Inbound Network Block - TT# 20C00936 (IP=117,US)
23.234.10.186	32	RR	None	2020-04-19 00:00:00	2020-07-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=186,US)
23.234.14.159	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=159,US)
23.234.54.180	32	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	Immediate Inbound Network Block - TT# 20C00138 (IP=180,US)
23.234.54.206	32	BMP	None	2020-06-14 00:00:00	2020-09-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=206,US)
23.235.147.132	32	RWB	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=132,US)
23.235.157.129	24	ABC	None	2019-10-15 00:00:00	2020-01-13 00:00:00	None	Command Injection Attempt (IP=129,no ISC data)
23.235.199.13	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=13,US)
23.235.211.52	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
23.235.217.105	32	RWB	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Misc Activity - FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - sourcefire (IP=105,US)
23.235.231.154	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	US TO-S-2020-0012 Malicious Email Activity
23.235.247.82	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
23.236.138.205	32	RB	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	Self report / 4370 Web Scraping - TT# 20C02206 (IP=205,CA)
23.236.224.146	24	RW	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=146,CA)
23.236.62.147	32	wmp	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	HIVE Case #3340 COLS-NA-TIP-20-0218 (IP=147,US)
23.236.64.0	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	US TO-S-2019-0634 Malware Activity
23.236.77.175	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	US TO-S-2019-0634 Malware Activity
23.236.77.177	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	US TO-S-2019-0634 Malware Activity
23.237.178.82	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=82,US)
23.237.55.10	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=10,US)
23.238.115.210	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=210,US)
23.238.72.172	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
23.239.21.208	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	AU TO-S-2019-0613 Malware Activity
23.239.67.40	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=40,US)
23.239.7.14	24	klb	None	2015-01-21 06:00:00	2020-10-25 00:00:00	None	ET SCAN Potential SSH Scan (IP=14 US | updated by dbc with reason US TO-S-2020-0065 Malicious Web Application Activity
23.242.172.51	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=51,US)
23.244.206.58	24	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6hr web attacks (IP=58,US)
23.244.32.31	32	ABC	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	Generic ArcSight scan attempt (IP=31,US)
23.244.61.17	32	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	Known Attack Tool User Agent V2/UDS-WhatWeb_RC8766 - TT# 20C02498 (IP=17,US)
23.244.63.189	32	RWB	None	2019-10-24 00:00:00	2020-01-23 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - WebAttacks (IP=189,US) | updated by CW Block expiration extended with reason Command Injection Attempt (IP=189,US)
23.244.76.74	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Command Injection Attempt (IP=74,US)
23.245.144.141	32	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=141,US)
23.247.114.194	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=194,US)
23.247.2.45	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=45,US)
23.249.20.142	24	RB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt_Sourcefire (IP=142,JP)
23.251.32.106	32	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - Sourcefire (IP=106,US)
23.251.32.107	24	KF	None	2020-05-23 00:00:00	2020-08-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02895 (IP=107,CN)
23.251.55.191	24	ABC	None	2015-08-31 05:00:00	2020-02-15 00:00:00	None	Bro-observed Port Scanning (IP=191,United States) | updated by klb with reason ET POLICY Suspicious inbound to MSSQL port 1433
23.251.56.209	32	KF	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=209,US)
23.252.160.7	32	RW	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr Web Attack (IP=7,US)
23.252.160.93	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	GB TO-S-2019-0658 Malware Activity
23.252.160.94	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	GB TO-S-2019-0658 Malware Activity
23.252.160.95	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	GB TO-S-2019-0658 Malware Activity
23.252.160.96	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	GB TO-S-2019-0658 Malware Activity
23.253.112.21	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
23.253.200.154	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	US TO-S-2020-0187 Malicious Email Activity
23.253.200.84	32	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=84,US)
23.254.144.248	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
23.254.161.120	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
23.254.164.181	32	RB	None	2019-12-27 00:00:00	2020-10-13 00:00:00	None	Unauthorized Access-Probe/TCP: SYN Port Scan - TT# 20C01255 (IP=181,US) | updated by wmp Block was inactive. Reactivated on 20200713 with reason HIVE Case #3322 CTO-20-193 (IP=181,US)
23.254.164.248	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malicious Email Activity
23.254.164.48	32	CR	None	2019-12-27 00:00:00	2020-10-13 00:00:00	None	Known Attack Tool User Agent/28744: HTTP: MASSCAN Tool Usage - TT# 20C01251 (IP=48,US) | updated by wmp Block was inactive. Reactivated on 20200713 with reason HIVE Case #3322 CTO-20-193 (IP=48,US)
23.254.202.206	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
23.254.252.114	32	BMP	None	2020-04-14 00:00:00	2020-07-15 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr Web Attacks (IP=114,US) | updated by GM Block expiration extended with reason SQL HTTP URI blind injection attempt - Web Attacks (IP=114,US)
23.254.253.92	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=92,US)
23.27.112.100	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
23.27.112.158	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Web Application Activity
23.27.112.18	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
23.27.112.226	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
23.27.112.40	32	ABC	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=40,US)
23.27.112.45	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
23.27.112.69	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=69,US)
23.27.112.71	32	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Generic ArcSight scan attempt (IP=71,US)
23.27.127.13	32	JKC	None	2019-02-13 00:00:00	2020-10-25 00:00:00	None	Mcafee IPS php driveby attack (IP=13, US) | updated by dbc with reason US TO-S-2020-0065 Malicious Web Application Activity
23.27.127.133	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
23.27.127.237	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
23.27.127.56	32	RR	None	2019-08-26 00:00:00	2020-11-05 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=56,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0088 Malicious Web Application Activity
23.27.127.73	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malware Activity
23.30.83.122	32	RW	None	2020-04-11 00:00:00	2020-07-11 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - 6hr web attacks (IP=122,US)
23.44.6.139	32	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	FILE-FLASH Adobe Flash Player mp4 size memory corruption attempt - SourceFire (IP=139,US)
23.59.250.174	32	RB	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	Self report / 4370 Web Scraping - TT# 20C02207 (IP=174,US)
23.6.99.127	32	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - sourcefire (IP=127,US)
23.61.174.185	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=185,US)
23.63.227.230	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	US TO-S-2019-0613 Malware Activity
23.63.254.16	32	RWB	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Attempted User Privilege Gain - FILE-OTHER Adobe Acrobat Reader jp2 double free attempt - SourceFire (IP=16,US)
23.78.101.122	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt - SourceFire (IP=122,NL)
23.82.10.248	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C02808 (IP=248,US)
23.82.14.10	32	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=10,US)
23.83.133.6	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	US TO-S-2019-0613 Malware Activity
23.83.209.75	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=75,CA)
23.83.214.9	32	wmp	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=9,CA)
23.83.215.33	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=33,CA)
23.88.177.32	32	KF	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=32,US)
23.88.53.250	32	RWB	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Attempted User Privilege Gain - SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - sourcefire (IP=250,US)
23.89.201.123	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
23.90.23.218	32	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=218,US)
23.91.100.127	32	DT	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks - (IP=127,US)
23.91.67.74	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
23.91.70.59	24	RR	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=59,US)
23.92.22.225	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
23.92.36.3	32	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	Unauthorized Scanning - Automated Block Report (IP=3,US)
23.94.138.199	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
23.94.156.200	32	DT	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=200,US)
23.94.16.72	32	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=72,US)
23.94.38.157	32	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=157,US)
23.95.0.119	32	RW	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (IP=119,US)
23.95.101.145	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
23.95.110.153	32	DT	None	2020-09-18 00:00:00	2020-12-18 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - Web Attacks (IP=153,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP elFinder PHP connector arbitrary PHP file upload attempt - Sourcefire (IP=153,US)
23.95.120.130	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
23.95.202.44	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
23.95.231.200	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=200,US)
23.95.236.169	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	NL TO-S-2019-0926 Malicious Email Activity
23.95.236.178	32	dbc	None	2019-07-29 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malicious Email Activity
23.95.236.184	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
23.95.4.194	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malicious Email Activity
23.95.68.126	32	GM	None	2020-09-17 00:00:00	2020-12-17 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - Web Attacks (IP=126,US)
23.95.89.67	32	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=67,US)
23.96.122.145	32	RW	None	2020-07-25 00:00:00	2020-08-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03554 (IP=145,US)
23.96.41.197	32	RR	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=197,US)
23.96.63.60	32	RR	None	2020-05-30 00:00:00	2020-08-27 00:00:00	None	16892 HTTP Drupal Core SQL Injection Vulnerability - TT# 20C02997 (IP=60,US)
23.97.0.85	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168
23.97.180.45	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Failed password -Failed Logons (IP=45,NL)
23.98.152.191	32	RW	None	2020-09-02 00:00:00	2020-12-02 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=191,US)
23.99.129.185	32	RW	None	2020-05-23 00:00:00	2020-06-23 00:00:00	None	Known Attack Tool User Agent V2/ Muieblackcat Security Scanner - TT# 20C02900 (IP=185,US)
23.99.135.205	32	RW	None	2020-05-01 00:00:00	2020-08-01 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Potential Muieblackcat Scanner Double-URI - TT# 20C02587 (IP=205,US)
23.99.195.80	32	BMP	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	Known Attack Tool User Agent V2/ 20086 HTTP Muieblackcat Security Scanner - TT# 20C02595 (IP=80,US)
23.99.213.227	32	RB	None	2020-07-08 00:00:00	2020-10-08 00:00:00	None	Known Attack Tool User Agent V2 / 20086: HTTP: Muieblackcat Security Scanner - TT# 20C03392 (IP=227,US)
23.99.226.119	32	RB	None	2020-06-30 00:00:00	2020-09-28 00:00:00	None	Known Attack Tool User Agent V2 / 20086: HTTP: Muieblackcat Security Scanner - TT# 20C03344 (IP=119,US)
24.11.26.77	32	GM	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent - TT# 020420-00040 (IP=77,US)
24.126.37.92	32	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	Illegal user - Failed Logons (IP=92,US)
24.128.137.155	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02389 (IP=155,US)
24.129.155.6	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=6,US)
24.133.111.138	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	TR TO-S-2020-0006 Malicious Email Activity
24.134.22.121	24	RR	None	None	2020-06-22 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=121,DE)
24.134.34.173	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	Failed password_Failed Logon (IP=73,DE)
24.141.229.84	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02392 (IP=84,CA)
24.146.62.34	24	BMP	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=34,CA)
24.150.167.168	24	BMP	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=168,CA)
24.151.41.106	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C00115 (IP=106,US)
24.155.230.247	32	BMP	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	HTTP: Adobe Acrobat JavaScript getIcon Method Buffer Overflow - TT# 20C03857 (IP=247,US)
24.16.132.64	32	RW	None	2020-07-25 00:00:00	2020-10-25 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=64,US)
24.162.16.148	32	GM	None	2020-04-24 00:00:00	2020-07-24 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=148,US)
24.169.87.178	32	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (1:52277:1) (IP=178,US)
24.171.178.68	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=68,US)
24.171.248.116	24	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=116,PR)
24.172.249.178	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=178,US) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=178,US)
24.179.31.240	32	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=240,US)
24.181.124.30	32	BMP	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=30,US)
24.191.114.63	32	BMP	None	2020-09-23 00:00:00	2020-12-23 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=63,US)
24.2.152.7	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
24.200.171.161	24	RR	None	2018-12-24 06:00:00	2020-04-19 00:00:00	None	Authentication Failed (IP=161,CA) | updated by dbc with reason CA TO-S-2019-0608 Malware Activity
24.203.196.238	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,CA)
24.217.116.164	32	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep(IP=164,US)
24.227.190.138	32	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Possible SQLi attempt/HTTP: Blind SQL Injection - Timing - TT# 20C00795 (IP=138,US)
24.229.156.211	32	KF	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Authentication Failed (IP=211,US)
24.229.228.31	32	CR	None	2020-06-12 00:00:00	2020-09-12 00:00:00	None	Known Attack Tool User Agent V2 / UDS-Nikto_RC8766 - TT# 20C03143 (IP=31,US)
24.229.9.67	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
24.232.0.0	22	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	AR TO-S-2020-0006 Malicious Email Activity
24.232.0.91	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	AR TO-S-2020-0006 Malicious Email Activity
24.248.222.158	32	KF	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=158,US)
24.27.5.145	32	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_SourceFire (IP=45,US)
24.41.149.22	24	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=22,PR)
24.56.78.10	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=10,US)
24.61.224.93	32	RR	None	2017-12-09 06:00:00	2020-01-24 00:00:00	None	Authentication Failed (IP=93,US) | updated by RR with reason Authentication Failed (IP=93,US) | updated by CW Block was inactive. Reactivated on 20191026 with reason Illegal user_Failed Logon (IP=93,US)
24.66.108.107	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Authentication Failed (IP=107,CA)
24.85.239.4	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	CA TO-S-2019-0972 Malicious Web Application Activity
24.91.199.228	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
24.93.200.253	32	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - Web Attacks (IP=253,US)
25.167.59.104	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	GB TO-S-2019-0816 Malware Activity
252.240.5.109	32	RR	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	HTTP: Apache Struts 2 remote code execution vulnerability (CVE-2016-4438) - TT# 20C03478 (IP=109,US)
27.100.26.165	24	RR	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Failed password - Failed Logons (IP=165,)
27.102.0.0	16	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason KR TO-S-2020-0212.01 Malware Activity
27.102.106.100	32	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	KR TO-S-2020-0077 Malicious Web Application
27.102.113.237	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	KR TO-S-2019-0658 Malware Activity
27.102.113.238	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	KR TO-S-2019-0658 Malware Activity
27.102.115.249	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	KR TO-S-2019-0723 Malicious Email Activity
27.102.118.37	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	KR TO-S-2019-0358 Malicious Web Application Activity
27.102.127.75	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	KR TO-S-2019-0723 Malicious Email Activity
27.102.127.80	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	KR TO-S-2019-0723 Malicious Email Activity
27.102.128.157	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	KR TO-S-2019-0723 Malicious Email Activity
27.102.66.189	24	RR	None	2017-06-10 05:00:00	2020-06-07 00:00:00	None	ET SCAN Potential SSH Scan (IP=189,KR) | updated by dbc with reason KR TO-S-2019-0723 Malicious Email Activity
27.102.67.189	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	KR TO-S-2019-0831 Malicious Email Activity
27.104.167.162	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	SG TO-S-2019-0608 Malware Activity
27.104.187.96	24	CR	None	2019-01-04 06:00:00	2020-04-19 00:00:00	None	Failed password for invalid user (IP=96,SG) | updated by dbc with reason SG TO-S-2019-0608 Malware Activity
27.106.50.85	24	RR	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=85,IN)
27.106.60.179	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Failed password for invalid user - Failed Logon (IP=179,IN)
27.109.17.18	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=18,IN)
27.109.196.13	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=13,MO)
27.109.196.130	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=130,MO)
27.109.201.83	24	FT	None	2020-08-28 00:00:00	2020-11-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=83,MO)
27.109.207.182	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=182,MA)
27.109.216.148	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=148,MO)
27.110.219.115	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Immediate Inbound Network Block - TT# 20C00518 (IP=115,US)
27.113.39.60	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=60,KR)
27.115.115.218	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
27.115.124.10	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=10,CN)
27.115.13.245	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=245,CN)
27.116.38.166	24	RR	None	None	2020-07-09 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=166,AU)
27.116.59.0	24	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AF TO-S-2020-0109.01 Malicious Email Activity
27.120.99.17	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	JP TO-S-2019-0769 Malicious Email Activity
27.121.64.122	24	sjl	None	2016-05-18 05:00:00	2020-04-26 00:00:00	None	Malicious.URL (IP=122 AU) | updated by djs with reason USAA Phishing url maid=8536 (ip=75,AU) | updated by jky with reason U
27.121.66.13	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	AU TO-S-2019-0734.01 Malicious Email Activity
27.121.66.195	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	AU TO-S-2019-0631 Malicious Email Activity
27.121.68.17	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	AU TO-S-2019-1002 Malicious Email Activity
27.122.118.162	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	AU TO-S-2019-0608 Malicious Email Activity
27.123.254.130	24	RR	None	2020-09-20 00:00:00	2020-12-19 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=130,BG)
27.124.32.5	24	ABC	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Generic ArcSight scan attempt (IP=5,SG)
27.124.36.57	24	RB	None	2019-07-13 00:00:00	2020-02-01 00:00:00	None	HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=57 KH) | updated by RB with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution- TT# 20C00925 (IP=26,HK) | 2020-02-01 | 2019-10-11
27.124.40.206	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=206,IN)
27.124.41.203	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=203,KH)
27.124.43.196	32	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	Immediate Inbound Network Block - TT# 20C00158 (IP=196,US)
27.124.47.221	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Command Injection Attempt (IP=221,XX)
27.124.5.238	24	CR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=238,IN)
27.124.6.104	24	RW	None	2020-04-11 00:00:00	2020-07-11 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=104,HK)
27.128.161.138	24	KF	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Failed password_6 Hr Failed Logons (IP=138,CN) | updated by RW with reason Authentication Failed - 6hr Failed Logon(IP=138,CN)
27.128.162.98	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=98,CN)
27.128.164.82	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=82,CN)
27.128.167.98	24	CR	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=98,CN)
27.128.168.153	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=153,CN)
27.128.226.176	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Failed password for invalid user - Failed Logons (IP=176,CN)
27.128.229.22	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password (IP=22,CN)
27.128.234.169	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=169,CN)
27.13.56.154	24	GM	None	2020-03-08 00:00:00	2020-06-08 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=154,CN)
27.134.249.143	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	JP TO-S-2019-0723 Malicious Email Activity
27.14.208.8	24	KF	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=8,CN)
27.145.62.186	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=186,TH)
27.147.160.0	19	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	BD TO-S-2019-0508 Malware Activity
27.147.236.171	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Authentication Failed - Failed Logons (IP=171,BD)
27.15.181.87	24	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=87,CN)
27.15.80.203	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt - SourceFire (IP=203,CN)
27.150.169.22	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=22,CN)
27.152.138.4	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt - Web Attacks (IP=4,CN)
27.154.225.186	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user - Failed Logon (IP=186,CN)
27.154.242.142	24	RB	None	2019-05-08 00:00:00	2020-03-03 00:00:00	None	Illegal user (IP=142,CN) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=142,CN)
27.155.99.161	24	RR	None	2018-12-08 06:00:00	2020-01-23 00:00:00	None	Failed password for invalid user (IP=161,CN) | updated by RR with reason Illegal user - Failed Logons (IP=173,CN)
27.184.201.236	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=236,CN)
27.184.93.71	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - SourceFire (IP=71,CN)
27.187.116.218	24	ABC	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=218,CN)
27.187.119.185	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=185,CN)
27.187.120.218	24	GLM	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	UDP: Host Sweep (IP=218,CN)
27.187.121.40	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	UDP: Host Sweep - ARCSight Sauron (IP=40,CN)
27.188.42.169	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=169,CN)
27.188.45.240	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=240 CN)
27.189.251.228	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=228,CN)
27.194.8.12	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=12,CN)
27.195.247.132	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=132,CN)
27.197.150.72	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=72,CN)
27.199.159.60	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=60,CN)
27.211.81.6	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=6,CN)
27.216.245.215	24	RR	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=215,CN)
27.217.167.203	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=203,CN)
27.218.60.61	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=61,CN)
27.219.241.57	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=57,CN)
27.221.210.200	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=200,CN)
27.223.89.238	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=238,CN)
27.254.0.0	16	jky	None	2018-03-21 05:00:00	2020-03-11 00:00:00	None	FR TO-S-2018-0586 Malware activity | updated by dcg with reason TH TO-S-2018-0911 associated with Malware Activity | update
27.254.85.84	24	RR	None	2020-08-06 00:00:00	2020-11-04 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=84,TH)
27.255.79.105	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=105,KR)
27.33.78.172	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	AU TO-S-2020-0088 Malicious Email Activity
27.34.27.154	24	KF	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	HTTP: PHP File Inclusion Vulnerability (IP=154,NP)
27.34.51.163	24	RW	None	2019-12-17 00:00:00	2020-03-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=163,NP)
27.36.147.175	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=175,CN)
27.42.166.171	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=171,CN)
27.45.230.35	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=35,CN)
27.47.129.36	24	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	Illegal user - Failed Logons (IP=36,CN)
27.47.152.159	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Illegal user_6 hr Failed Logons_CPC (IP=159 CN)
27.47.192.80	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Illegal user - 6hr Logons (IP=80,CN)
27.47.25.242	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Illegal user - 6hr Logons (IP=242,CN)
27.5.142.231	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=231,IN)
27.5.217.220	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=220,IN)
27.5.219.11	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=11,IN)
27.5.230.37	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=37,IN)
27.5.44.202	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=202,IN)
27.50.160.35	32	RR	None	2020-06-11 00:00:00	2020-09-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03140 (IP=35,CN)
27.50.160.35	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=35,CN)
27.50.161.168	24	CR	None	2020-03-01 00:00:00	2020-06-01 00:00:00	None	APP-DETECT failed FTP login attempt - 6 hr failed logons (IP=168,CN)
27.50.177.53	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=53,CN)
27.50.24.83	24	RR	None	2018-12-22 06:00:00	2020-04-03 00:00:00	None	Illegal user (IP=83,ID) | updated by GM with reason Illegal user - Failed Logons (IP=83,ID)
27.50.50.128	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=128,HK)
27.62.250.115	24	KF	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	APP-DETECT failed FTP login attempt (1:13360:7) - SourceFire (IP=115,IN)
27.64.251.245	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=245,VN)
27.71.225.91	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password for invalid user - Failed Logons (IP=91,VN)
27.71.253.26	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=26,VN)
27.71.9.100	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=100,VN)
27.72.104.175	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep(IP=175,VN)
27.72.133.17	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	VN TO-S-2019-0409 Malicious Email Activity
27.72.81.57	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=57,VN)
27.72.88.106	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=106,VN)
27.74.251.241	24	GM	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	Command Injection (IP=241,VN)
27.74.88.45	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=45,VN)
27.74.92.117	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=17,VN)
27.75.101.178	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=178,VN)
27.75.51.191	24	RW	None	2020-05-14 00:00:00	2020-08-14 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=191,VN)
27.77.218.66	24	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=66,VN)
27.8.102.69	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=69,CN)
27.8.107.105	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=105,CN)
27.8.96.251	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=251,CN)
27.92.117.238	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	JP TO-S-2019-0608 Malware Activity
27.96.91.0	24	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	IN TO-S-2019-0508 Malware Activity
27.97.40.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
27.97.67.39	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
27.98.206.5	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=5,HK)
27.98.206.5	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=5,HK)
3.0.209.206	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=206,JP)
3.1.40.0	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Illegal user - 6hr Logons (IP=0,SG)
3.129.57.202	32	GM	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03527 (IP=202,US)
3.132.212.98	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=98,US)
3.133.59.206	32	RB	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	HTTP: GetSimple CMS File Upload - TT# 20C01023 (IP=206,US)
3.135.199.84	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=84,US)
3.14.152.228	32	Illegal	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	user - Failed Logons (IP=228,US)
3.14.65.84	32	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C02951 (IP=84,US)
3.15.107.234	32	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=234,US)
3.15.155.35	32	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Illegal User_Failed Logon (IP=35,US)
3.15.155.62	32	GL	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3735 TO-S-2020-0775 (IP=62,US)
3.15.160.231	32	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password - Failed Logons (IP=231,US)
3.15.196.251	32	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=251,US)
3.17.76.238	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=238,US)
3.208.248.126	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=126,US)
3.216.80.202	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=202,US)
3.217.206.146	32	Malicious	None	2019-10-17 00:00:00	2020-01-17 00:00:00	None	Email Activity - Hive case #879 (IP=146,US)
3.218.120.132	32	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=132,US)
3.22.117.35	24	ABC	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	SQL Injection- ARCSight Sauron (IP=35,US)
3.222.255.180	32	wmp	None	2020-07-29 00:00:00	2020-10-29 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=180,US)
3.227.132.208	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=208,US)
3.228.174.251	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=251,US)
3.23.167.222	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=222,US)
3.231.44.85	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=85,US)
3.232.129.214	32	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	Known Attack Tool User Agent V2 / UDS-WhatWeb_RC8766 - TT# 20C03038 (IP=214,US)
3.233.234.238	32	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=238,US)
3.235.153.77	32	DT	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	Known Attack Tool User Agent V2/ UDS-WhatWeb_RC8766 - TT# 20C02750 (IP=77,US)
3.235.234.174	32	GM	None	2020-09-09 00:00:00	2020-12-08 00:00:00	None	Known Attack Tool User Agent V2 / UDS-WhatWeb_RC8766 - TT# 20C03868 (IP=174,US)
3.35.125.50	32	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - sourcefire (IP=50,US)
3.6.86.228	24	DT	None	2020-06-08 00:00:00	2020-09-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire - (IP=228,IN)
3.8.102.111	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	GB TO-S-2019-0608 Malware Activity
3.80.132.166	32	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=166,US)
3.80.145.83	32	DT	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=83,US)
3.80.146.87	32	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=87,US)
3.80.154.92	32	BMP	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=92,US)
3.80.219.188	32	BMP	None	2020-07-07 00:00:00	2020-10-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=188,US)
3.80.237.126	32	CR	None	2020-05-13 00:00:00	2020-06-13 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02747 (IP=126,US)
3.80.243.150	32	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=150,US)
3.80.243.32	32	BMP	None	2020-07-23 00:00:00	2020-10-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=32,US)
3.80.254.212	24	RW	None	2020-09-27 00:00:00	2020-12-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=212,US)
3.80.30.99	32	RW	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=99,US)
3.80.78.221	32	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=221,US)
3.81.119.235	32	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=235,US)
3.81.14.89	24	RW	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=89,US)
3.81.52.144	32	DT	None	2020-09-05 00:00:00	2020-12-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=144,US)
3.81.84.104	32	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=104,US)
3.82.17.229	32	RW	None	2020-05-13 00:00:00	2020-08-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=229,US)
3.82.214.200	32	BMP	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=200,US)
3.82.61.99	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=99,US)
3.83.103.1	32	BP	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=1,US)
3.83.159.150	32	GM	None	2020-04-28 00:00:00	2020-07-28 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and CVE-2017-12617) - TT# 20C02568 (IP=150,US)
3.83.177.151	32	CR	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=151,US)
3.83.249.73	32	RW	None	2020-03-10 00:00:00	2020-06-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=73,US)
3.84.102.255	32	RW	None	2020-04-24 00:00:00	2020-07-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=255,US)
3.84.243.228	32	BMP	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=228,US)
3.84.57.48	32	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=48,US)
3.84.69.176	32	RW	None	2020-03-20 00:00:00	2020-06-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=32,US)
3.85.169.78	32	BMP	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=78,US)
3.85.219.26	32	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=26,US)
3.85.228.240	32	RW	None	2020-05-13 00:00:00	2020-08-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=240,US)
3.85.233.53	32	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=53,US)
3.86.159.94	32	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Sourcefire (IP=94,US)
3.86.159.94	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - 6hr web attacks (IP=94,EG)
3.86.248.226	32	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=226,US)
3.86.51.176	32	DT	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=176,US)
3.86.54.3	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=3,US)
3.86.54.64	32	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=64,US)
3.86.76.27	32	DT	None	2020-07-12 00:00:00	2020-10-12 00:00:00	None	Known Attack Tool User Agent V2 / UDS-WhatWeb_RC8766 - TT# 20C03437 (IP=27,US)
3.87.170.104	32	DT	None	2020-10-02 00:00:00	2020-01-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=104,US)
3.87.178.11	32	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=11,US)
3.87.197.127	32	BMP	None	2020-05-16 00:00:00	2020-08-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=127,US) | updated by BMP Block expiration extended with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
3.87.225.158	32	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=158,US)
3.87.237.191	32	RW	None	2020-05-31 00:00:00	2020-09-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=191,US) | updated by RW Block expiration extended with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
3.87.26.146	32	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=146,US)
3.87.75.18	32	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=18,US)
3.88.104.101	32	DT	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=101,US)
3.88.127.60	32	RW	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=60,US)
3.88.140.53	32	RW	None	2020-05-31 00:00:00	2020-09-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=53,US) | updated by RW Block expiration extended with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt -
3.88.223.149	32	RW	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=149,US)
3.88.242.188	32	DT	None	2020-07-12 00:00:00	2020-10-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=188,US)
3.88.249.106	32	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=106,US)
3.88.49.48	32	GM	None	2020-07-12 00:00:00	2020-10-12 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03445 (IP=48,US)
3.88.62.214	32	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=214,US)
3.88.87.104	32	DT	None	2020-09-18 00:00:00	2020-12-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=104,US)
3.88.9.78	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=78,US)
3.88.91.27	32	BMP	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=27,US)
3.89.111.28	32	RW	None	2020-05-13 00:00:00	2020-08-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=28,US)
3.89.144.130	32	RW	None	2020-07-19 00:00:00	2020-10-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=130,US)
3.89.149.47	32	DT	None	2020-08-15 00:00:00	2020-11-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=47,US)
3.89.150.211	32	DT	None	2020-09-12 00:00:00	2020-12-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=211,US)
3.89.20.25	32	BMP	None	2020-04-18 00:00:00	2020-07-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=25,US)
3.89.227.66	32	DT	None	2020-09-16 00:00:00	2020-12-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=66,US)
3.89.247.66	32	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=66,US)
3.89.25.31	32	BMP	None	2020-06-13 00:00:00	2020-09-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=31,US)
3.89.3.168	32	GM	None	2020-05-01 00:00:00	2020-08-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=168,US)
3.89.60.134	32	CR	None	2020-06-15 00:00:00	2020-09-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=134,US)
3.89.9.187	32	CR	None	2020-03-23 00:00:00	2020-06-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=187,US)
3.89.97.190	32	RW	None	2020-04-17 00:00:00	2020-07-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=190,US)
3.90.69.207	32	RR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	Known Attack Tool User Agent V2 / UDS-WhatWeb_RC8766 - TT# 20C03042 (IP=207,US)
3.91.145.29	32	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=29,US)
3.91.201.221	32	BMP	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=221,US)
3.91.225.139	32	DT	None	2020-08-29 00:00:00	2020-11-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=139,US)
3.91.236.80	24	BMP	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=US,80)
3.91.27.56	32	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Failed password - Failed Logons (IP=56,US)
3.91.96.105	32	DT	None	2020-04-28 00:00:00	2020-07-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=105,US)
3.92.130.126	32	RW	None	2020-05-13 00:00:00	2020-08-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=126,US)
3.92.173.59	32	RW	None	2020-05-04 00:00:00	2020-08-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=59,US)
3.92.193.35	32	RW	None	2020-05-20 00:00:00	2020-08-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=35,US)
3.92.244.181	32	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=181,US)
3.92.33.108	32	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=108,US)
3.92.33.130	32	BMP	None	2020-07-07 00:00:00	2020-10-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=130,US)
3.92.44.200	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=200,US)
3.93.199.150	32	DT	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=150,US)
3.94.247.221	32	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=221,US)
3.94.83.183	32	RW	None	2020-07-18 00:00:00	2020-10-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=183,US)
3.94.9.221	32	KF	None	2020-05-31 00:00:00	2020-08-29 00:00:00	None	FIREEYE Web: Infection Match - Numerous Alerts (IP=22,US)
3.94.9.221	24	RW	None	2020-05-31 00:00:00	2020-08-31 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=208,TR)
3.95.188.222	24	GM	None	2020-04-15 00:00:00	2020-07-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=222,CN)
3.95.193.115	32	BMP	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=115,US)
3.95.21.168	32	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=168,US)
3.95.33.156	32	CR	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=156,US)
31.12.67.62	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	BE TO-S-2019-1036 Malicious Email Activity
31.13.206.100	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=100,BG)
31.13.85.16	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	BR TO-S-2019-0382 Malware Activity
31.131.18.22	24	RWB	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	Web Application Attack - SQL HTTP URI blind injection attempt - SourceFire (IP=22,UA)
31.131.23.237	24	GM	None	2020-06-18 00:00:00	2020-08-18 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=237,UA)
31.131.26.0	24	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	IN TO-S-2020-0047 Malicious Email Activity
31.131.26.101	32	dbc	None	2019-10-11 00:00:00	2020-10-11 00:00:00	None	UA TIPPER Sharkseer-TIP-19-2415 TO-S-2020-0024 Site hosting TrickBot Executable
31.14.135.117	24	KF	None	2019-11-23 00:00:00	2020-02-21 00:00:00	None	Failed password (IP=117,IT)
31.14.191.233	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=233,IT)
31.14.40.251	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=251,US)
31.14.40.89	24	BMP	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	SERVER-WEBAPP ACTi ASOC command injection attempt - 6hr Web Attacks (IP=89,RO)
31.145.213.3	24	DT	None	2020-07-28 00:00:00	2020-10-26 00:00:00	None	SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt - Web Attacks (IP=3,TR)
31.145.214.160	24	RR	None	2020-06-19 00:00:00	2020-09-17 00:00:00	None	SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt - Web Attacks (IP=160,TR)
31.145.27.182	24	CR	None	2018-12-10 06:00:00	2020-09-28 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=182,TR) | updated by RR Block was inactive. Reactivated on 20200630 with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=182,TR)
31.15.10.10	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	CZ TO-S-2019-1036 Malicious Email Activity
31.154.128.0	17	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
31.155.205.25	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=25,TR)
31.155.228.235	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=235,TR)
31.156.100.173	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=173,IT)
31.16.207.236	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	Authentication Failed (IP=236,DE)
31.163.131.130	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=130,RU)
31.163.187.130	24	GM	None	2020-06-25 00:00:00	2020-08-25 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=130,RU)
31.163.200.179	32	GM	None	2020-04-02 00:00:00	2020-07-02 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 010420-00039 (IP=179,RU)
31.165.11.9	24	BMP	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=9,CH)
31.168.224.0	20	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
31.169.73.195	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	TR TO-S-2019-0488 Malicious Email Activity
31.170.123.72	32	wmp	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=72,GB)
31.171.152.122	24	RW	None	2019-12-19 00:00:00	2020-03-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=122,AL)
31.171.155.42	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	AL TO-S-2019-0608 Malware Activity
31.181.252.79	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
31.181.81.77	24	BMP	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=77,RU)
31.182.214.218	24	BMP	None	2020-08-28 00:00:00	2020-11-26 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFre (IP=218,PL)
31.186.8.162	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	TR TO-S-2019-0571 Malicious Email Activity
31.186.8.164	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	TR TO-S-2019-0571 Malicious Email Activity
31.186.80.0	24	GLM	None	2016-10-27 05:00:00	2020-08-15 00:00:00	None	PROTOCOL-DNS squid proxy dns PTR record response denial of service attempt (IP=80,PL) | updated by MLJ with reason PROTOCOL-D | updated by dbc with reason PL TO-S-2019-0890.01 Malware Activity
31.186.82.140	24	MLJ	None	2017-07-06 05:00:00	2020-08-15 00:00:00	None	APP-DETECT failed FTP login attempt (IP=140,PL) | updated by dbc with reason PL TO-S-2019-0890.01 Malware Activity
31.186.83.235	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	PL TO-S-2019-0890.01 Malware Activity
31.186.86.51	24	CR	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=51,PL)
31.186.96.245	24	RB	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr failed logon (IP=100,RU)
31.192.227.223	24	RW	None	2020-09-16 00:00:00	2020-12-16 00:00:00	None	SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt - Sourcefire (IP=223,SE)
31.193.1.27	24	MLJ	None	2018-01-15 06:00:00	2020-05-10 00:00:00	None	ET SCAN Potential SSH Scan (IP=27,GB) | updated by dbc with reason GB TO-S-2019-0658 Malware Activity
31.193.131.180	24	djs	None	2015-11-16 06:00:00	2020-05-06 00:00:00	None	Adobe ColdFusion admin interface access attempt (ip=180,GB) | updated by dbc with reason GB TO-S-2019-0640.01 Malicious Email Activity
31.193.192.203	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=203,LT)
31.193.196.39	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=39,LT)
31.196.187.61	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - SourceFire (IP=61,IT)
31.197.102.187	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=187,IT)
31.199.241.17	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - Web Attacks (IP=17,IT)
31.20.92.192	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=192,NL)
31.202.128.2	24	ged	None	2016-02-18 06:00:00	2020-08-22 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt (IP=2, UA) | updated by dbc with reason UA TO-S-2019-0926 Malware Activity
31.202.97.15	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	Authentication Failed_Failed Logon (IP=15,UA)
31.206.19.178	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	TR TO-S-2019-0608 Malware Activity
31.206.21.182	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	TR TO-S-2019-0608 Malware Activity
31.207.33.121	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	FR TO-S-2019-0488 Malicious Email Activity
31.207.33.28	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	FR TO-S-2019-0577 Malicious Web Application Activity
31.207.47.75	24	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	TCP: SYN Host Sweep (IP=75,NL)
31.208.166.61	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=61,SE)
31.208.74.177	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password for invalid user - Failed Logons (IP=177,SE)
31.209.56.126	24	RR	None	2020-09-14 00:00:00	2020-12-13 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=126,SE)
31.210.171.223	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=223,NL)
31.210.91.208	24	RW	None	2020-04-11 00:00:00	2020-07-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=11,HK)
31.210.96.221	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	TR TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason TR TO-S-2020-0212.01 Malicious Email Activity
31.214.157.153	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=153,NL)
31.214.245.168	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=168,no ISC data)
31.215.102.137	24	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=137,AE)
31.215.111.201	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=1,AE)
31.215.134.100	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed - 6hr Logon (IP=100,AE)
31.216.145.106	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	LU TO-S-2019-0468 Malware Activity
31.216.147.130	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	LU TO-S-2019-0571 Malicious Web Application Activity
31.218.62.235	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AE TO-S-2020-0109.01 Malicious Email Activity
31.219.121.235	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AE TO-S-2020-0109.01 Malicious Email Activity
31.22.4.101	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=101,GB)
31.220.105.185	32	RW	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr web attacks (IP=185,US)
31.220.16.179	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=179,GB)
31.220.2.100	24	GM	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=100,DE)
31.220.21.123	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	UK TO-S-2019-0734.01 Malicious Email Activity
31.220.43.139	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malicious Web Application Activity
31.220.43.139	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity
31.223.101.55	24	DT	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt - Sourcefire (IP=55,TR)
31.223.3.165	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=165,TR)
31.223.35.41	32	RB	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C04015 (IP=41,TR)
31.223.5.193	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=193,TR)
31.223.93.213	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=213,TR)
31.24.200.23	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=23,IR)
31.25.100.207	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	NL TO-S-2019-0723 Malicious Email Activity
31.27.167.218	24	RW	None	2019-12-25 00:00:00	2020-03-30 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=218,IT) | updated by RWB Block expiration extended with reason Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attemp
31.28.192.0	19	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
31.3.102.25	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=25,NL)
31.30.70.88	24	GM	None	2020-06-18 00:00:00	2020-08-18 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=88,CZ)
31.30.91.115	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
31.31.196.173	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=173,RU)
31.31.196.218	24	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=218,RU)
31.31.198.107	32	GM	None	2020-07-11 00:00:00	2020-10-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03424 (IP=107,RU)
31.31.198.12	32	JKC	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	Malicious IP Case # 3063 - IOC_ISO CTOs 20-164, 20-165 (IP=12, RU)
31.31.198.23	24	RW	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=23,RU)
31.31.72.215	32	wmp	None	2020-08-24 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3614 COLS-NA-TIP-20-0265 (IP=215,CZ)
31.37.235.88	24	RR	None	2020-06-15 00:00:00	2020-09-13 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=88,FR)
31.40.143.10	24	RW	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=10,RU)
31.40.254.151	32	RW	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SQL use of concat function with select - likely SQL injection - 6hr web attacks (IP=151,US)
31.41.216.81	24	RB	None	2019-01-05 06:00:00	2020-08-06 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=81,UA) | updated by dbc with reason UA TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason UA TO-S-2019-0864 Malware Activity
31.42.3.76	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=76,PL)
31.5.173.222	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=222,RO)
31.50.44.226	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	GB TO-S-2019-0409 Malicious Email Activity
31.51.194.218	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=18,GB)
31.53.200.34	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	GB TO-S-2019-0972 Malware Activity
31.54.193.100	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Invalid user - Failed Logon (IP=100,GB)
31.54.235.139	24	MLJ	None	2017-12-11 06:00:00	2020-04-18 00:00:00	None	ET SCAN Potential SSH Scan (IP=139,GB) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=139,GB)
31.7.225.17	24	RW	None	2020-01-16 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=17,RU) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=17,RU)
31.71.236.10	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	GB TO-S-2019-0890.01 Malware Activity
32.114.249.30	32	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Illegal user_Failed Logon (IP=30,US)
32.209.110.79	32	RW	None	2020-04-07 00:00:00	2020-07-07 00:00:00	None	HTTP: test-cgi Directory Listing - 6hr web attacks (IP=79,US)
32.209.190.88	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
32.238.150.154	32	RW	None	2020-08-01 00:00:00	2020-09-01 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03602 (IP=154,US)
34.102.176.152	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=152,US)
34.121.100.113	32	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT# 20C03854 (IP=113,CA)
34.121.155.61	32	RR	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT# 20C04017 (IP=61,US)
34.121.47.20	32	FT	None	2020-09-18 00:00:00	2020-12-18 00:00:00	None	Known Attack Tool User Agent V2 // BOT: Muieblackcat Traffic - TT# 20C03932 (IP=20,US)
34.122.40.71	32	GM	None	2020-09-05 00:00:00	2020-12-05 00:00:00	None	Known Attack Tool User Agent V2/BOT: Muieblackcat Traffic Detected I - TT # 20C03841 (IP=71,US)
34.123.115.182	32	FT	None	2020-09-19 00:00:00	2020-12-19 00:00:00	None	Known Attack Tool User Agent V2/BOT: Muieblackcat Traffic Detected I - TT# 20C03945 (IP=182,US)
34.123.141.87	32	FT	None	2020-09-02 00:00:00	2020-12-02 00:00:00	None	Known Attack Tool User Agent V2/BOT: Muieblackcat Traffic - TT# 20C03817 (IP=87,US)
34.123.167.136	32	DT	None	2020-09-12 00:00:00	2020-12-12 00:00:00	None	Known Attack Tool User Agent V2 // BOT: Muieblackcat Traffic Detected I - TT # 20C03884 (IP=81,DE)
34.192.88.201	32	wmp	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	HIVE Case #947 FE NX Riskware (IP=201,US)
34.193.98.4	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=4,US)
34.195.43.10	32	wmp	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	HIVE Case #3110 COLS-NA-TIP-20-0193 (IP=10,US)
34.201.134.206	32	RW	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=206,US)
34.201.134.90	32	CR	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=90,US)
34.203.195.119	32	RW	None	2020-07-26 00:00:00	2020-10-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=119,US)
34.203.213.56	32	RW	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=56,US)
34.203.234.212	32	DT	None	2020-07-05 00:00:00	2020-10-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=212,US)
34.203.246.154	32	DT	None	2020-09-05 00:00:00	2020-12-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=154,US)
34.204.166.164	32	BMP	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	HTTP: Apache Tomcat HTTP PUT Remote Code Execution - TT# 20C01569 (IP=164,US)
34.204.45.83	32	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=83,US)
34.204.56.10	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=10,US)
34.205.44.147	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=147,US)
34.207.11.241	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=241,US)
34.207.132.198	32	RW	None	2020-09-02 00:00:00	2020-12-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=198,US)
34.207.146.205	32	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=205,US)
34.207.163.96	32	RW	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=96,US)
34.207.239.8	32	RW	None	2020-06-05 00:00:00	2020-09-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=8,US)
34.207.66.16	32	BMP	None	2020-05-11 00:00:00	2020-08-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=16,US)
34.207.67.204	32	RW	None	2020-04-12 00:00:00	2020-07-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=204,US)
34.212.96.103	32	wmp	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3493 COLS-NA-TIP-20-0250 (IP=103,US)
34.215.10.85	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3290 COLS-NA-TIP-20-0214 (IP=85,US)
34.217.116.122	32	GLM	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	ABC Generic ArcSight scan attempt (IP=122,US)
34.224.96.249	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=249,US)
34.226.138.88	32	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=88,US)
34.226.198.153	32	DT	None	2020-09-16 00:00:00	2020-12-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=153,US)
34.227.102.141	32	BMP	None	2020-06-05 00:00:00	2020-09-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=141,US)
34.227.108.250	32	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=250,US)
34.227.117.48	32	BMP	None	2020-05-01 00:00:00	2020-07-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=48,US)
34.227.227.53	32	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=53,IN)
34.228.157.255	32	RW	None	2020-08-08 00:00:00	2020-11-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=255,US)
34.228.18.217	32	BMP	None	2020-03-22 00:00:00	2020-06-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=217,US)
34.228.189.205	32	DT	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=205,US)
34.228.214.146	32	DT	None	2020-09-16 00:00:00	2020-12-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=146,US)
34.228.215.208	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=208,US)
34.228.241.172	32	RW	None	2020-08-09 00:00:00	2020-11-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=172,US)
34.228.245.23	32	CR	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=23,US)
34.228.41.119	32	RW	None	2020-06-12 00:00:00	2020-09-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=119,US)
34.228.60.24	32	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=24,US)
34.228.60.248	24	RW	None	2020-06-16 00:00:00	2020-09-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=248,US)
34.229.110.45	32	DT	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	Known Attack Tool User Agent V2 / UDS-WhatWeb_RC8766 - TT# 20C03448 (IP=45,US)
34.229.112.166	32	RW	None	2020-08-08 00:00:00	2020-09-08 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03666 (IP=166,US)
34.229.136.91	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=91,US)
34.229.157.255	32	DT	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=255,US)
34.229.21.204	32	RW	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=204,US)
34.229.212.28	32	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C02028 (IP=28,US)
34.229.213.167	32	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=167,US)
34.229.241.122	32	BMP	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=122,US)
34.229.242.58	32	DT	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=58,US)
34.229.43.124	32	RW	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=124,US)
34.229.54.234	24	RW	None	2020-04-19 00:00:00	2020-07-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=146,IN)
34.229.73.11	32	CR	None	2020-06-15 00:00:00	2020-09-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=11,US)
34.230.33.37	32	BMP	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=37,US)
34.230.60.152	32	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=152,US)
34.230.76.253	32	CR	None	2020-08-29 00:00:00	2020-11-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=253,US)
34.230.79.245	32	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=245,US)
34.231.39.98	32	wmp	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	HIVE Case #3071 COLS-NA-TIP-20-0188 (IP=98,US)
34.234.69.58	32	DT	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire - (IP=58,US)
34.234.97.245	32	RW	None	2020-05-31 00:00:00	2020-09-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=245,US) | updated by RW Block expiration extended with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
34.235.117.203	32	RW	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=203,US)
34.235.136.129	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=129,US)
34.235.38.38	32	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	SQL Injection (IP=38,US)
34.238.173.109	24	RW	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - Sourcefire (IP=146,IN)
34.238.38.209	32	BMP	None	2020-05-11 00:00:00	2020-08-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=209,US)
34.239.119.227	32	DT	None	2020-05-19 00:00:00	2020-08-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=227,US)
34.239.184.50	32	DT	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=50,US)
34.239.95.80	32	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Hive Case 1867 - Malicious.LIVE.DTI.URL (IP=80,US)
34.244.175.96	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	IE TO-S-2019-0604 Malicious Email Activity
34.246.129.19	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=19,IE)
34.249.118.82	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=82,IE)
34.253.35.87	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	TR TO-S-2019-0358 Malware Activity
34.64.201.6	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=6,SG)
34.64.240.14	32	GM	None	2020-07-05 00:00:00	2020-10-05 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=14,US)
34.65.128.240	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=240,US)
34.65.24.93	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=93,US)
34.66.114.195	32	RR	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Failed password - Failed Logons (IP=195,US)
34.66.124.179	32	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=179,US)
34.66.126.159	32	KF	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	SQL Injection (IP=159,US)
34.66.187.141	32	FT Known	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	Attack Tool User Agent V2/BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C03628 (IP=141,US)
34.66.60.142	32	DT	None	2020-08-08 00:00:00	2020-11-08 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT# 20C03662 (IP=142,US)
34.67.150.148	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	Unauthorized Access-Probe- TT# 20C02810 (IP=5148,US)
34.67.203.52	32	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=52,US)
34.67.223.10	32	RW	None	2020-04-23 00:00:00	2020-07-23 00:00:00	None	SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt - Sourcefire (IP=10,US)
34.67.64.46	32	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Illegal user - 6hr Logons (IP=46,US)
34.68.107.2	32	RW	None	2020-08-01 00:00:00	2020-11-01 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat - Sourcefire (IP=2,US)
34.68.136.212	32	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=212,US)
34.68.209.61	32	DT	None	2020-09-11 00:00:00	2020-12-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=61,US)
34.68.240.68	32	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=68,US)
34.68.49.65	32	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	Illegal user - Failed Logons (IP=65,US)
34.68.59.230	32	BMP	None	2019-12-25 00:00:00	2020-01-24 00:00:00	None	Known Attack Tool User Agent / UDS-Paros_RC8766 - TT# 20C01234 (IP=230,US)
34.69.21.97	32	KF	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=97,US)
34.69.22.41	32	GM	None	2020-08-12 00:00:00	2020-11-12 00:00:00	None	Known Attack Tool User Agent V2/BOT: Muieblackcat Traffic Detected I - TT # 20C03698 (IP=41,US)
34.69.233.70	32	KF	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	Immediate Inbound Network Block - TT# 20C01295 (IP=70,US)
34.69.33.61	32	RW	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - 6hr web attacks (IP=61,US)
34.69.43.120	32	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=120,US)
34.69.48.89	32	ABC	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=89,US)
34.70.124.181	32	Failed	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	password - Failed Logons (IP=181,US)
34.70.147.3	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=3,US)
34.71.128.152	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=152,US)
34.71.132.177	32	FT	None	2020-09-19 00:00:00	2020-12-19 00:00:00	None	Known Attack Tool User Agent V2 // BOT: Muieblackcat Traffic - TT# 20C03941 (IP=177,US)
34.71.187.215	32	FT	None	2020-09-18 00:00:00	2020-12-18 00:00:00	None	Known Attack Tool User Agent V2/ BOT: Muieblackcat Traffic - TT# 20C03931 (IP=215,US)
34.71.196.75	32	GM	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT # 20C03686 (IP=75,US)
34.71.89.85	32	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT# 20C03853 (IP=85,CA)
34.72.26.221	32	FT	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03623 (IP=221,US)
34.76.11.35	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=35,CA)
34.76.135.224	32	GM	None	2020-01-16 00:00:00	2020-04-20 00:00:00	None	Illegal user - Failed Logons (IP=224,US) | updated by BMP Block expiration extended with reason Illegal user - 6hr Logon (IP=224,US)
34.76.204.175	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=175,CA)
34.76.216.127	24	RW	None	2020-08-08 00:00:00	2020-11-08 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=127,BE)
34.76.219.52	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=52,CA)
34.76.244.81	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=81,US)
34.76.30.222	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=222,US)
34.76.4.161	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=161,CA)
34.76.57.228	32	DT	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=228,US)
34.76.6.207	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SQL url ending in comment characters - possible sql injection attempt - Web Attacks (IP=207,US)
34.76.74.75	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=75,CA)
34.77.102.200	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=200,CA)
34.77.164.226	32	JKC	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	Malicious IP Case # 3063 - IOC_ISO CTOs 20-164, 20-165 (IP=226, US)
34.77.171.65	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=65,US)
34.77.192.73	32	BMP	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVASVulnerability Scanner - TT# 20C02647 (IP=73,US) | updated by GM Block expiration extended with reason SQL generic sql with comments injection attempt - GET parameter - Web Attacks (IP=73,US)
34.77.197.251	24	RW	None	2020-09-27 00:00:00	2020-12-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=251,BG)
34.77.205.80	32	JKC	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	Malicious IP Case # 3063 - IOC_ISO CTOs 20-164, 20-165 (IP=80, US)
34.77.210.187	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=187,CA)
34.77.220.220	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=220,CA)
34.77.241.208	32	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=208,US)
34.77.28.60	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=60,CA)
34.77.35.252	32	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (IP=252,US)
34.77.51.68	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP CGI Argument Injection Remote Vulnerability (CVE-2012-2335) - Web Attacks (IP=68,US)
34.77.58.34	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=34,CA)
34.78.105.126	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=126,CA)
34.78.126.110	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=110,CA)
34.78.167.89	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=89,CA)
34.78.180.25	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=25,CA)
34.78.189.98	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=98,US)
34.78.192.25	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=25,CA)
34.78.193.167	32	BMP	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	tp8200-agencyips-b2-belva-jrss-0432-2 - TT# 20C02645 (IP=167,US)
34.78.202.84	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - Web Attacks (IP=84,US)
34.78.211.173	24	RW	None	2020-09-27 00:00:00	2020-12-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=173,BG)
34.78.215.42	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=42,CA)
34.78.218.159	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=159,US)
34.78.23.248	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=248,CA)
34.78.243.53	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=53,CA)
34.78.29.77	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=77,US)
34.80.132.13	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=13,US)
34.80.150.41	32	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Failed password - Failed Logons (IP=41,US)
34.80.27.200	32	JKC	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	Malicious IP Case # 3063 - IOC_ISO CTOs 20-164, 20-165 (IP=200, US)
34.82.116.137	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=137,US)
34.83.244.121	32	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	UDP: Host Sweep (IP=121,US)
34.83.47.189	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=189,US)
34.85.102.54	32	GM	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	Illegal user - Failed Logons (IP=54,US)
34.87.102.196	32	BMP	None	2020-06-24 00:00:00	2020-09-22 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=196,US)
34.87.157.233	32	GM	None	2020-04-24 00:00:00	2020-07-24 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=233,US)
34.87.183.146	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=146,US)
34.87.48.220	32	ABC	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=220,US)
34.87.80.161	32	GM	None	2020-01-08 00:00:00	2020-04-08 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=161,US)
34.89.129.235	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=235,US)
34.89.129.76	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02667 (IP=76,US)
34.89.135.89	32	BMP	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2/20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02644 (IP=89,US)
34.89.138.105	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2/UDS-OpenVAS_RC8766 - TT# 20C02665 (IP=105,US)
34.89.141.71	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=71,CA)
34.89.142.169	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=169,CA)
34.89.143.127	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=127,CA)
34.89.144.251	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=251,CA)
34.89.145.68	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=68,CA)
34.89.147.146	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=146,US)
34.89.147.153	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=153,US)
34.89.147.189	32	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 - - TT# 20C02652 (IP=189,US)
34.89.149.84	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=84,CA)
34.89.156.162	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=162,CA)
34.89.156.162	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=162,US)
34.89.160.45	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=45,CA)
34.89.161.159	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=159,CA)
34.89.161.177	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02673 (IP=177,US)
34.89.161.51	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP Include - PHP Includedir Include Code Execution - Web Attacks (IP=51,US)
34.89.161.62	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02661 (IP=62,US)
34.89.164.51	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=51,CA)
34.89.165.160	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=160,CA)
34.89.166.42	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=42,US)
34.89.169.26	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=26,US)
34.89.176.84	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02655 (IP=84,US)
34.89.177.107	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=107,CA)
34.89.179.243	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=243,CA)
34.89.181.205	24	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=205,GB)
34.89.184.215	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=215,CA)
34.89.185.248	32	JKC	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	Malicious IP Case # 3063 - IOC_ISO CTOs 20-164, 20-165 (IP=248, US)
34.89.187.240	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=240,CA)
34.89.188.150	32	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=150,US)
34.89.188.159	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=159,CA)
34.89.190.198	24	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Web Attacks (IP=198,GB)
34.89.191.79	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=79,CA)
34.89.192.135	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02666 (IP=135,US)
34.89.192.163	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=163,CA)
34.89.196.241	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02653 (IP=241,US)
34.89.198.155	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=155,CA)
34.89.199.68	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=68,US)
34.89.200.151	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=151,US)
34.89.200.37	32	BMP	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02639 (IP=37,US)
34.89.200.39	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=39,CA)
34.89.201.137	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=137,CA)
34.89.201.149	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP Charts Arbitrary PHP Code Execution Vulnerability - Web Attacks (IP=149,US)
34.89.201.61	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SQL url ending in comment characters - possible sql injection attempt - Web Attacks (IP=61,US)
34.89.202.150	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=150,CA)
34.89.203.43	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=43,CA)
34.89.203.43	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - Web Attacks (IP=43,US)
34.89.205.219	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=219,US)
34.89.206.156	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=156,CA)
34.89.207.176	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=176,CA)
34.89.211.140	32	BMP	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 /20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02642 (IP=140,US)
34.89.211.217	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=217,US)
34.89.212.100	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: DataLife Engine preview.php PHP Code Injection Vulnerability - Web Attacks (IP=100,US)
34.89.213.124	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=124,CA)
34.89.219.59	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=59,CA)
34.89.221.182	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=182,CA)
34.89.222.131	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: DataLife Engine preview.php PHP Code Injection Vulnerability - Web Attacks (IP=131,US)
34.89.224.149	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=149,CA)
34.89.224.162	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02671 (IP=162,US)
34.89.229.237	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: DataLife Engine preview.php PHP Code Injection Vulnerability - Web Attacks (IP=237,US)
34.89.231.44	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=44,CA)
34.89.231.73	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: Firefuzzer SQL Injection Scanning II - Web Attacks (IP=73,US)
34.89.232.212	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=212,CA)
34.89.232.212	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=212,US)
34.89.233.225	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=225,CA)
34.89.236.75	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=75,CA)
34.89.237.193	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=193,CA)
34.89.238.60	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP CGI Argument Injection Remote Vulnerability (CVE-2012-2335) - Web Attacks (IP=60,US)
34.89.239.134	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=134,CA)
34.89.239.138	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Web Attacks (IP=138,US)
34.89.240.124	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP Include - PHP Includedir Include Code Execution - Web Attacks (IP=124,US)
34.89.241.22	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Web Attacks (IP=22,US)
34.89.243.5	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=5,US)
34.89.245.18	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=18,CA)
34.89.245.185	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2/20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02660 (IP=185,US)
34.89.247.82	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=82,US)
34.89.249.102	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=102,US)
34.89.252.88	32	RW	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	FOX-SRT - IOC - XServer/Agent -
34.89.254.16	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=16,CA)
34.89.255.240	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=240,US)
34.89.91.184	32	GM	None	2019-10-18 00:00:00	2020-01-18 00:00:00	None	Failed password - Failed Logons (IP=184,US)
34.90.108.22	32	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Failed password - Failed Logons (IP=22,US)
34.90.187.171	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=171,US)
34.90.236.82	24	GM	None	2020-09-25 00:00:00	2020-12-25 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=82,NL)
34.90.238.61	32	JKC	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	Malicious IP Case # 3063 - IOC_ISO CTOs 20-164, 20-165 (IP=61, US)
34.90.69.154	32	RR	None	2020-06-26 00:00:00	2020-09-25 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - TT# 20C03288 (IP=154,US)
34.91.141.67	32	RW	None	2020-05-23 00:00:00	2020-08-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=67,US)
34.91.83.160	32	RR	None	2020-09-10 00:00:00	2020-12-10 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03870 (IP=160,US)
34.91.83.160	24	GM	None	2020-09-09 00:00:00	2020-12-09 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat - Sourcefire (IP=160,NL)
34.92.12.73	32	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Illegal user_Failed Logon (IP=73,US)
34.92.145.16	32	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=16,US)
34.92.215.196	32	RR	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Generic ArcSight scan attempt (IP=196,US)
34.92.248.45	32	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=45,US)
34.93.149.4	32	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password - 6hr Logon (IP=4,US)
34.93.229.63	32	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=63,US)
34.94.111.91	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=91,US)
34.94.240.38	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=38,US)
34.94.93.161	32	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=161,US)
34.95.168.209	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=209,US)
34.95.176.237	32	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	ABC Generic ArcSight scan attempt (IP=237,US)
34.95.31.166	32	RW	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Generic ArcSight scan attempt (IP=166,US)
34.95.44.205	32	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=205,US)
34.96.95.188	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=188,US)
34.97.185.35	32	GM	None	2020-09-05 00:00:00	2020-12-05 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT # 20C03836 (IP=35,US)
34.97.189.128	32	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=128,US)
34.97.216.211	32	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=211,US)
34.97.59.112	32	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=112,US)
35.136.217.3	32	RR	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=3,US)
35.137.25.153	32	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=153,US)
35.153.180.65	32	RW	None	2020-08-08 00:00:00	2020-11-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=65,US)
35.153.181.136	32	DT	None	2020-06-14 00:00:00	2020-09-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=136,US)
35.155.19.9	32	wmp	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3493 COLS-NA-TIP-20-0250 (IP=9,US)
35.164.33.0	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=0,US)
35.170.182.241	32	BMP	None	2020-09-30 00:00:00	2020-12-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=241,US)
35.171.159.74	32	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - 20C01542 (IP=74,US)
35.171.16.186	32	CR	None	2020-03-23 00:00:00	2020-06-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=186,US)
35.171.162.132	32	DT	None	2020-05-16 00:00:00	2020-08-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=132,US)
35.171.165.143	32	BMP	None	2020-06-20 00:00:00	2020-09-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=143,US)
35.172.117.47	32	CR	None	2020-06-12 00:00:00	2020-09-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=47,US)
35.172.141.196	32	RW	None	2020-03-20 00:00:00	2020-06-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=196,US)
35.172.211.22	32	RW	None	2020-04-24 00:00:00	2020-07-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=22,US)
35.172.226.153	32	BMP	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=153,US)
35.173.177.0	32	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=0,US)
35.174.150.168	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=168,US)
35.174.164.36	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=36,US)
35.174.8.57	32	DT	None	2020-07-05 00:00:00	2020-10-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=57,US)
35.175.195.34	32	RW	None	2020-03-05 00:00:00	2020-06-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=34,US)
35.175.214.6	24	BMP	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=US,6)
35.176.121.53	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	GB TO-S-2019-0613 Malware Activity
35.177.146.230	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	GB TO-S-2019-0604 Malicious Email Activity
35.180.120.109	24	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=109,FR)
35.180.128.185	24	RR	None	2020-09-14 00:00:00	2020-12-13 00:00:00	None	SERVER-WEBAPP elFinder PHP connector arbitrary PHP file upload attempt - SourceFire (IP=185,FR)
35.182.226.3	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	CA TO-S-2019-0546 Malicious Email Activity
35.183.221.5	24	DT	None	2020-05-04 00:00:00	2020-08-04 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - SourceFire (IP=5,CA)
35.184.174.184	32	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Generic ArcSight scan attempt (IP=184,US)
35.184.179.199	32	DT	None	2020-08-08 00:00:00	2020-11-08 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT# 20C03661 (IP=199,US)
35.184.195.68	32	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=68,US)
35.184.213.67	32	BMP	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	INDICATOR-COMPROMISE Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02881 (IP=67,US)
35.184.235.107	32	RB	None	2020-08-01 00:00:00	2020-10-30 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03598 (IP=107,US)
35.185.213.83	24	RW	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - Sourcefire (IP=146,IN)
35.185.213.83	32	GM	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - Sourcefire (IP=83,US)
35.185.87.193	32	BMP	None	2020-09-03 00:00:00	2020-12-03 00:00:00	None	FIREEYE Web: Infection Match - Hive Case 3721 (IP=193,US)
35.187.13.218	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=218,US)
35.187.173.200	32	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=200,US)
35.187.227.197	32	GM	None	2020-07-04 00:00:00	2020-10-04 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - Web Attacks (IP=197,US)
35.187.36.160	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=160,CA)
35.187.46.48	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP Charts Arbitrary PHP Code Execution Vulnerability - Web Attacks (IP=48,US)
35.188.140.95	32	Illegal	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	user - Failed Logons (IP=95,US)
35.188.159.200	32	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT # 20C03653 (IP=200,US)
35.188.167.205	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=205,US)
35.188.52.74	32	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	Known Attack Tool User Agent V2/BOT: Muieblackcat Traffic Detected I - TT # 20C03652 (IP=74,US)
35.189.105.242	32	JKC	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	Malicious IP Case # 3063 - IOC_ISO CTOs 20-164, 20-165 (IP=242, US)
35.189.155.41	24	RW	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	Illegal user - 6hr Failed Logon (IP=41,SG)
35.189.17.132	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=132,US)
35.189.207.239	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2/20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02664 (IP=239,US)
35.189.214.123	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP CGI Argument Injection Remote Vulnerability (CVE-2012-2335) - Web Attacks (IP=123,US)
35.189.219.229	32	RW	None	2019-10-28 00:00:00	2020-01-28 00:00:00	None	- 6hr Failed Logon (IP=229,US)
35.189.226.2	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=2,CA)
35.189.254.202	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=202,CA)
35.189.45.198	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=198,US)
35.192.187.147	32	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and CVE-2017-12617) - TT# 20C03033 (IP=147,US)
35.193.139.161	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=161,US)
35.193.168.252	32	GM	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT # 20C03685 (IP=252,US)
35.193.204.99	32	GM	None	2020-09-06 00:00:00	2020-12-06 00:00:00	None	Muieblackcat Scanner - TT # 20C03846 (IP=99,US)
35.193.41.128	32	wmp	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3493 COLS-NA-TIP-20-0250 (IP=128,US)
35.193.53.224	32	FT	None	2020-09-19 00:00:00	2020-12-19 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03937 (IP=224,US)
35.193.86.98	32	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=98,US)
35.194.147.239	32	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=239,US)
35.194.36.3	32	RW	None	2020-07-31 00:00:00	2020-10-29 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT# 20C03593 (IP=3,US)
35.194.51.97	32	GM	None	2020-09-05 00:00:00	2020-12-05 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT # 20C03838 (IP=97,US)
35.194.98.214	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0781 Malicious Email Activity
35.195.14.135	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=135,CA)
35.195.173.223	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=223,CA)
35.195.230.255	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=255,CA)
35.195.56.119	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=119,CA)
35.197.133.35	32	GM	None	2020-04-28 00:00:00	2020-07-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=35,US)
35.197.203.96	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=96,US)
35.197.227.71	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Authentication Failed_Failed Logon (IP=71,EU)
35.197.231.54	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=54,US)
35.198.100.155	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=155,CA)
35.198.101.135	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=135,CA)
35.198.101.135	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP Include - PHP Includedir Include Code Execution - Web Attacks (IP=135,US)
35.198.111.54	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=54,CA)
35.198.115.86	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=86,US)
35.198.116.121	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=121,CA)
35.198.119.106	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=106,CA)
35.198.121.107	32	RW	None	2020-06-05 00:00:00	2020-09-05 00:00:00	None	SQL use of concat function with select - likely SQL injection - Sourcefire (IP=107,US)
35.198.121.51	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=51,US)
35.198.124.142	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=142,US)
35.198.128.96	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=96,CA)
35.198.129.55	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=55,US)
35.198.129.91	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02668 (IP=91,US)
35.198.130.87	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=87,CA)
35.198.133.70	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=70,US)
35.198.136.71	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=71,CA)
35.198.136.81	32	BMP	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVASVulnerability Scanner - TT# 20C02646 (IP=81,US)
35.198.136.96	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=96,US)
35.198.138.128	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=128,US)
35.198.139.255	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=255,CA)
35.198.142.125	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=125,CA)
35.198.147.35	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=35,CA)
35.198.148.151	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=151,CA)
35.198.148.151	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=151,US)
35.198.156.141	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=141,US)
35.198.157.247	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=247,CA)
35.198.159.34	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=34,CA)
35.198.161.38	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02656 (IP=38,US)
35.198.163.187	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=187,CA)
35.198.164.198	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=198,CA)
35.198.165.226	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=226,CA)
35.198.168.51	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=51,CA)
35.198.171.149	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=149,US)
35.198.172.124	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=124,US)
35.198.174.248	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=248,CA)
35.198.174.248	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=248,US)
35.198.175.173	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=173,CA)
35.198.175.253	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Web Attacks (IP=253,US)
35.198.175.82	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=82,US)
35.198.177.114	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=114,CA)
35.198.183.18	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=18,US)
35.198.183.218	32	JKC	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	Malicious IP Case # 3063 - IOC_ISO CTOs 20-164, 20-165 (IP=218, US)
35.198.245.254	32	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Generic ArcSight scan attempt (IP=254,US)
35.198.65.241	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=241,CA)
35.198.66.14	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP Charts Arbitrary PHP Code Execution Vulnerability - Web Attacks (IP=14,US)
35.198.68.17	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=17,CA)
35.198.71.38	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=38,CA)
35.198.75.34	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=34,CA)
35.198.78.145	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=145,CA)
35.198.81.109	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP Include - PHP Includedir Include Code Execution - Web Attacks (IP=109,US)
35.198.83.232	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=232,CA)
35.198.87.126	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=126,US)
35.198.88.123	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=123,US)
35.198.91.101	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=101,CA)
35.198.92.76	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=76,CA)
35.198.99.101	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=101,CA)
35.198.99.144	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: DataLife Engine preview.php PHP Code Injection Vulnerability - Web Attacks (IP=144,US)
35.199.110.180	32	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	Unauthorized Access-Probe/TCP: SYN Port Scan - TT# 20C01264 (IP=180,US)
35.199.22.228	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=228,US)
35.199.35.188	32	BMP	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - SourceFire (IP=188,US)
35.200.142.0	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=0,US)
35.200.166.157	32	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Illegal user - 6hr Logons (IP=157,US)
35.200.192.236	32	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6hr web attacks (IP=236,US)
35.201.171.166	32	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=166,US)
35.201.230.163	24	GM	None	2020-08-18 00:00:00	2020-11-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=163,TW)
35.202.160.95	32	FT	None	2020-09-02 00:00:00	2020-12-02 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03818 (IP=95,US)
35.202.183.69	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C00115 (IP=69,US)
35.202.185.236	32	FT	None	2020-09-02 00:00:00	2020-12-02 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic - TT# 20C03816 (IP=236,US)
35.202.247.102	32	RB	None	2020-08-01 00:00:00	2020-10-30 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT# 20C03597 (IP=102,US)
35.202.247.138	32	RB	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	HTTP: GetSimple CMS File Upload - TT# 20C01002 (IP=138,US)
35.202.74.243	32	FT	None	2020-09-18 00:00:00	2020-12-18 00:00:00	None	Known Attack Tool User Agent V2/BOT: Muieblackcat Traffic - TT# 20C03933(IP=243,US)
35.202.94.49	32	FT	None	2020-09-19 00:00:00	2020-12-19 00:00:00	None	Known Attack Tool User Agent V2 // BOT: Muieblackcat Traffic - TT# 20C03944 (IP=49,US)
35.203.70.192	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=192,US)
35.204.130.197	32	RB	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and CVE-2017-12617) - TT# 20C03822 (IP=197,US)
35.204.130.29	32	FT	None	2020-09-17 00:00:00	2020-12-16 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03922 (IP=29,NL)
35.204.90.46	32	RR	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=46,US)
35.205.103.21	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=21,CA)
35.205.108.151	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=151,CA)
35.205.108.151	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: DataLife Engine preview.php PHP Code Injection Vulnerability - Web Attacks (IP=151,US)
35.205.124.124	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=124,CA)
35.205.134.240	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=240,US)
35.205.164.151	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=151,CA)
35.205.177.222	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=222,CA)
35.205.177.222	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C02641 (IP=222,US)
35.205.186.115	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Web Attacks (IP=115,US)
35.205.225.231	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=231,CA)
35.205.251.90	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=90,CA)
35.205.254.187	32	BMP	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2/20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02640 (IP=187,US)
35.205.37.62	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=62,CA)
35.205.47.165	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=165,CA)
35.206.120.183	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=183,US)
35.206.156.221	32	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=221,US)
35.206.157.15	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	DE TO-S-2019-0608 Malware Activity
35.208.157.238	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=238,US)
35.208.195.229	32	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=229,US)
35.211.182.206	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=206,US)
35.214.132.157	32	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=157,US)
35.214.132.157	24	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=157,NL)
35.220.177.51	32	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=51,US)
35.221.144.241	32	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Authentication Failed_Failed Logon (IP=41,US)
35.222.186.83	32	FT	None	2020-09-17 00:00:00	2020-12-16 00:00:00	None	Known Attack Tool User Agent V2: BOT: Muieblackcat Traffic - TT# 20C03923 (IP=83,US)
35.222.195.156	32	RW	None	2020-08-01 00:00:00	2020-09-01 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03599 (IP=156,US)
35.222.57.231	32	RW	None	2019-10-23 00:00:00	2020-01-23 00:00:00	None	Failed password - 6hr Failed Logon (IP=231,US)
35.222.74.199	32	RW	None	2020-06-16 00:00:00	2020-09-16 00:00:00	None	Possible SQLi attempt / HTTP: Blind SQL Injection - Timing - TT# 20C03186 (IP=199,US)
35.223.108.174	32	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	Unauthorized Scanning (IP=174,US)
35.223.141.63	32	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=63,US)
35.223.145.46	32	BMP	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	FE Web Infection Match - Case # 2490 (IP=46,US)
35.223.149.81	32	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=81,US)
35.223.200.203	32	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=203,US)
35.223.207.176	32	FT	None	2020-09-19 00:00:00	2020-12-19 00:00:00	None	Known Attack Tool User Agent V2 // BOT: Muieblackcat Traffic - TT# 20C03942 (IP=176,US)
35.223.57.108	32	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=108,US)
35.224.104.2	32	CR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and CVE-2017-12617) - TT# 20C03047 (IP=2,US)
35.224.149.243	32	KF	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	Immediate Inbound Network Block - TT# 20C01285 (IP=243,US)
35.224.190.1	32	BMP	None	2019-12-30 00:00:00	2020-01-29 00:00:00	None	Known Attack Tool User Agent - TT# 20C01293 (IP=1,US)
35.224.209.115	32	RW	None	2020-08-08 00:00:00	2020-11-08 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat - Sourcefire (IP=115,US)
35.225.114.147	32	RB	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT# 20C03823 (IP=147,US)
35.225.122.90	32	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Failed password - Failed Logons (IP=90,US)
35.225.134.233	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Web (HTTP) Attacks (IP=233,US)
35.225.60.113	32	RB	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	HTTP: GetSimple CMS File Upload - TT# 20C01001 (IP=113,US)
35.225.62.82	32	FT	None	2020-09-19 00:00:00	2020-12-19 00:00:00	None	Known Attack Tool User Agent V2 // BOT: Muieblackcat Traffic - TT# 20C03940 (IP=82,US)
35.225.63.114	32	FT Known	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	Attack Tool User Agent V2/BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C03624 (IP=114,US)
35.225.73.23	32	RW	None	2020-08-08 00:00:00	2020-09-08 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03665 (IP=23,US)
35.226.154.230	32	FT	None	2020-09-17 00:00:00	2020-12-16 00:00:00	None	Known Attack Tool User Agent V2: BOT: Muieblackcat Traffic - TT# 20C03924 (IP=230,US)
35.226.160.123	32	FT	None	2020-07-30 00:00:00	2020-10-28 00:00:00	None	20200729 SERVER-WEBAPP Cisco UCS Director REST API directory traversal attempt - Web Attacks (IP=123,US)
35.226.174.228	32	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed logons (IP=228,US)
35.226.234.130	32	GM	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT # 20C03683 (IP=130,US)
35.226.253.45	32	CR	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP Cisco UCS Director REST API directory traversal attempt- 6 Hr Web Attacks (IP=45,US) | updated by KF Block expiration extended with reason HTTP: Apache Struts 2 remote code execution vulnerability - TT# 20C02740 (IP=45,US)
35.226.5.118	32	GM	None	2020-09-06 00:00:00	2020-12-06 00:00:00	None	Muieblackcat Scanner - TT # 20C03848 (IP=118,US)
35.228.113.90	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=90,US)
35.228.13.240	32	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	UDP: Host Sweep (IP=240,US)
35.228.228.200	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=200,US)
35.228.243.100	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=100,US)
35.229.108.250	32	BMP	None	2020-09-01 00:00:00	2020-12-01 00:00:00	None	FIREEYE Web: Infection Match - Case # 3750 (IP=250,US)
35.229.237.213	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=213,US)
35.229.237.39	32	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=39,US)
35.229.251.233	32	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=233,US) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
35.232.150.194	32	RR	None	2020-09-19 00:00:00	2020-12-19 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03947 (IP=194,US)
35.232.247.211	32	GM	None	2020-09-06 00:00:00	2020-12-06 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT # 20C03852 (IP=211,US)
35.233.230.103	32	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	Unauthorized Scanning- ARCSight Sauron (IP=103,US)
35.233.29.89	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=89,CA)
35.233.71.137	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02654 (IP=137,US)
35.233.80.157	32	RB	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2/UDS-OpenVAS_RC8766 - TT# 20C02678 (IP=157,US)
35.233.9.195	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=195,CA)
35.234.101.128	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=128,CA)
35.234.103.195	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2/20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02662 (IP=195,US)
35.234.107.243	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=243,CA)
35.234.108.221	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=221,CA)
35.234.113.194	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=194,US)
35.234.116.211	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=211,CA)
35.234.124.139	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP CGI Argument Injection Remote Vulnerability (CVE-2012-2335) - Web Attacks (IP=139,US)
35.234.127.235	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=235,US)
35.234.65.239	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=239,CA)
35.234.70.47	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=47,US)
35.234.75.38	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=38,US)
35.234.76.227	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - Web Attacks (IP=227,US)
35.234.79.40	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=40,CA)
35.234.81.116	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=116,CA)
35.234.88.142	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=142,CA)
35.234.89.69	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=69,US)
35.234.91.213	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and CVE-2017-12617) - TT# 20C02669 (IP=213,US)
35.234.91.251	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=251,CA)
35.234.92.63	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=63,US)
35.234.94.45	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=45,CA)
35.234.96.76	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=76,CA)
35.234.97.138	32	BMP	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2/20451 HTTP OpenVASVulnerability Scanner - TT# 20C02636 (IP=138,US)
35.234.98.123	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02663 (IP=123,US)
35.236.16.250	32	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=250,US)
35.236.244.55	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=55,US)
35.236.43.85	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=85,US)
35.238.10.149	32	GM	None	2020-09-06 00:00:00	2020-12-06 00:00:00	None	Muieblackcat Scanner - TT # 20C03849 (IP=149,US)
35.240.18.171	32	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Web Attacks (IP=171,US)
35.240.233.184	32	DT	None	2020-09-17 00:00:00	2020-12-17 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03918 (IP=184,CA)
35.240.84.84	32	BMP	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - SourceFire (IP=84,US)
35.241.122.133	32	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=133,US)
35.241.133.218	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=218,CA)
35.241.139.48	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=48,CA)
35.241.178.22	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=22,CA)
35.241.187.61	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Web Attacks (IP=61,US)
35.241.196.244	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Unauthorized Scanning (IP=244,US)
35.241.229.170	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=170,CA)
35.241.233.29	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=29,CA)
35.241.233.29	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - Web Attacks (IP=29,US)
35.241.82.182	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=182,HK)
35.242.192.116	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=116,US)
35.242.196.45	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=45,CA)
35.242.198.192	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=192,US)
35.242.200.246	32	BMP	None	2020-06-05 00:00:00	2020-09-04 00:00:00	None	Known Attack Tool User Agent V2 / 20451: HTTP: OpenVAS Vulnerability Scanner - TT# 20C03065 (IP=246,US)
35.242.202.220	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=220,US)
35.242.202.226	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=226,CA)
35.242.204.123	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=123,CA)
35.242.207.166	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP Charts Arbitrary PHP Code Execution Vulnerability - Web Attacks (IP=166,US)
35.242.209.199	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=199,US)
35.242.217.198	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=198,CA)
35.242.217.198	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=198,US)
35.242.218.123	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=123,US)
35.242.219.136	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=136,CA)
35.242.221.178	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=178,US)
35.242.223.122	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=122,CA)
35.242.224.92	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2/Name : UDS-OpenVAS_RC8766 - TT# 20C02659 (IP=92,US)
35.242.229.29	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=29,CA)
35.242.232.59	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=59,US)
35.242.233.176	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=176,CA)
35.242.235.97	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=97,CA)
35.242.236.97	32	RB	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2/20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02681 (IP=97,US)
35.242.239.84	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=84,CA)
35.242.240.203	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=203,CA)
35.242.241.99	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=99,CA)
35.242.242.235	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=235,US)
35.242.243.209	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=209,CA)
35.242.245.18	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=18,US)
35.242.250.195	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02670 (IP=195,US)
35.242.251.51	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=51,US)
35.244.2.82	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	NL TO-S-2019-0468 Malicious Email Activity
35.244.218.203	32	GM	None	2019-06-11 00:00:00	2020-01-30 00:00:00	None	Adware.Mindspark - HIVE - Case-368 (IP=203,US) | updated by GM with reason - Case # 1173 - FIREEYE Web: Riskware (IP=203,US)
35.244.34.5	24	RW	None	2020-07-25 00:00:00	2020-10-25 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=5,IN)
35.245.173.143	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	NL TO-S-2019-0608 Malware Activity
35.245.21.22	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	NL TO-S-2019-0608 Malware Activity
35.245.92.122	32	GM	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	ABC Generic ArcSight scan attempt (IP=122,US)
35.246.111.186	24	GM	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=186,GB)
35.246.128.214	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: DataLife Engine preview.php PHP Code Injection Vulnerability - Web Attacks (IP=214,US)
35.246.129.13	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=13,CA)
35.246.129.13	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02658 (IP=13,US)
35.246.130.173	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=173,CA)
35.246.132.157	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=157,CA)
35.246.133.64	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=64,CA)
35.246.136.15	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=15,CA)
35.246.144.162	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - Web Attacks (IP=162,US)
35.246.146.161	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=161,CA)
35.246.146.189	32	BMP	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVASVulnerability Scanner - TT# 20C02648 (IP=189,US)
35.246.148.43	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP Include - PHP Includedir Include Code Execution - Web Attacks (IP=43,US)
35.246.148.51	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=51,US)
35.246.149.14	32	BMP	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2/20451 HTTP OpenVASVulnerability Scanner - TT# 20C02635 (IP=14,US)
35.246.152.170	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=170,CA)
35.246.154.144	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=144,CA)
35.246.156.250	32	BMP	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2/UDS-OpenVAS_RC8766 - TT# 20C02638 (IP=250,US)
35.246.156.250	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=250,CA)
35.246.158.107	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=107,CA)
35.246.160.128	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=128,CA)
35.246.161.74	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=74,CA)
35.246.164.130	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: PHP Charts Arbitrary PHP Code Execution Vulnerability - Web Attacks (IP=130,US)
35.246.164.196	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=196,CA)
35.246.167.68	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=68,CA)
35.246.170.173	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=173,CA)
35.246.171.171	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=171,CA)
35.246.177.234	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=234,US)
35.246.178.194	32	BMP	None	2020-06-05 00:00:00	2020-09-04 00:00:00	None	Known Attack Tool User Agent V2 / 20451: HTTP: OpenVAS Vulnerability Scanner - TT# 20C03064 (IP=194,US)
35.246.182.155	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=155,CA)
35.246.186.195	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=195,CA)
35.246.186.195	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02674 (IP=195,US)
35.246.186.199	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=199,US)
35.246.189.229	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=229,CA)
35.246.195.151	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Web Attacks (IP=151,US)
35.246.198.32	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=32,CA)
35.246.199.62	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=62,US)
35.246.201.235	32	BMP	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2/UDS-OpenVAS_RC8766 - TT# 20C02643 (IP=235,US)
35.246.203.231	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=231,CA)
35.246.204.227	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=227,CA)
35.246.205.230	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	HTTP: DataLife Engine preview.php PHP Code Injection Vulnerability - Web Attacks (IP=230,US)
35.246.206.212	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=212,CA)
35.246.213.14	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=14,CA)
35.246.214.80	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=80,CA)
35.246.215.152	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=152,CA)
35.246.231.67	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=67,CA)
35.246.235.183	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=183,CA)
35.246.238.129	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=129,CA)
35.246.239.224	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=224,US)
35.246.240.62	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=62,CA)
35.246.244.125	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=125,US)
35.246.246.89	32	BMP	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2/UDS-OpenVAS_RC8766 - TT# 20C02637 (IP=89,US)
35.246.247.109	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=109,CA)
35.246.248.217	32	GM	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02657 (IP=217,US)
35.246.249.253	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=253,CA)
35.246.252.130	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Known Attack Tool User Agent V2 / 20451 HTTP OpenVAS Vulnerability Scanner - TT# 20C02792 (IP=130,US)
35.246.255.235	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02684 (IP=235,CA)
35.246.6.143	32	wmp	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=143,US)
35.246.68.131	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=131,US)
35.247.140.125	32	BMP	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6hr Web Attacks (IP=125,US)
35.247.157.92	32	RW	None	2020-04-18 00:00:00	2020-07-18 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=92,US)
35.247.238.164	32	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=164,US)
36.102.228.122	24	ABC	None	2018-02-01 06:00:00	2020-02-12 00:00:00	None	Generic ArcSight scan attempt (IP=122,CN) | updated by RR with reason Generic ArcSight scan attempt (IP=100,CN)
36.103.224.154	24	RR	None	2020-08-16 00:00:00	2020-11-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=154,CN)
36.103.229.37	24	RB	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=37,CN)
36.103.243.247	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	Failed password - Failed Logons (IP=247,CN)
36.103.245.149	24	BMP	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=149,CN)
36.103.245.23	32	BMP	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C04011 (IP=23,CN)
36.104.127.199	24	BMP	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=199,CN)
36.104.14.180	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_6 hr web attacks (IP=180,CN)
36.104.162.151	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=151,CN)
36.104.177.113	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=113,CN)
36.105.147.65	24	CW	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=65,CN)
36.105.176.2	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=2,CN)
36.105.178.136	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt -Web Attacks (IP=136,CN)
36.105.202.253	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_failed Logon (IP=53,CN)
36.105.33.167	24	MLJ	None	2017-06-20 05:00:00	2020-03-24 00:00:00	None	ET SCAN Potential SSH Scan (IP=167,CN) | updated by GM with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=13,CN)
36.105.9.138	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=138,CN)
36.106.21.131	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=131,CN)
36.107.25.49	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=49,CN)
36.108.150.25	24	GM	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=25,CN)
36.108.151.103	24	CR	None	2019-12-21 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=103,CN)
36.108.170.176	32	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=176,US)
36.109.208.95	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_failed Logon (IP=95,CN)
36.109.209.236	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=36,CN)
36.109.44.113	24	RR	None	2020-01-03 00:00:00	2020-04-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=113,CN)
36.110.102.114	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Illegal user - Failed Logons (IP=114,CN)
36.110.58.50	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=50,CN)
36.110.58.52	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=52,CN)
36.110.58.55	24	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=55,CN)
36.110.80.154	24	GM	None	2020-01-08 00:00:00	2020-04-08 00:00:00	None	Illegal user - Failed Logons (IP=154,CN)
36.111.146.106	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=106,CN)
36.111.146.206	24	RR	None	2018-12-19 06:00:00	2020-02-13 00:00:00	None	Failed password for invalid user (IP=206,CN) | updated by RR with reason Failed password - Failed Logons (IP=106,CN)
36.111.161.183	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=183 CN)
36.111.35.10	24	RR	None	2018-12-22 06:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=10,CN) | updated by RR with reason Invalid user - Failed Logons (IP=10,CN)
36.112.12.195	24	GLM	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=195,CN)
36.112.41.194	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=194,CN)
36.113.131.64	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=64,CN)
36.113.163.143	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=143,CN)
36.113.164.141	24	CW	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=41,CN)
36.113.195.137	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=137,CN)
36.113.196.151	24	RR	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=151,CN)
36.113.97.230	24	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=230,CN)
36.133.141.35	24	BMP	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=35,CN)
36.153.69.202	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=202,CN)
36.155.102.111	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password (IP=111,CN)
36.155.107.92	24	RW	None	2020-02-12 00:00:00	2020-05-13 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=92,CN) | updated by RB Block expiration extended with reason Illegal user_6 hr Failed Logons_CPC (IP=92,CN)
36.155.113.2	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Invalid user -Failed Logons (IP=2,CN)
36.156.24.29	24	GM	None	2019-10-07 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=29,CN)
36.170.35.253	24	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=253,CN)
36.189.242.35	24	RB	None	2019-06-24 00:00:00	2020-09-13 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=35,CN) | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=35,CN) | updated by KF Block was inactive. Reactiv
36.22.187.34	24	CR	None	2019-04-30 00:00:00	2020-03-05 00:00:00	None	Illegal user_6 hr Failed Logon Report (IP=34,CN) | updated by RW Block was inactive. Reactivated on 20191205 with reason Authentication Failed - 6hr Failed Logon(IP=34,CN)
36.224.219.156	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=4,TW)
36.225.17.173	24	RB	None	2020-06-11 00:00:00	2020-09-09 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode - Sourcefire (IP=173,TW)
36.225.181.144	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=144,Taiwan)
36.225.218.68	24	KF	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=68,TW) | not blocked because NO REFS TO MVPOWER FOUND IN USACE SHAREPOINT OR NAC
36.226.29.251	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=251,TW)
36.227.106.4	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=245,TW)
36.227.127.245	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=173,TW)
36.227.64.173	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=70,TW)
36.228.110.70	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=100,TW)
36.228.114.100	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=225,TW)
36.228.20.225	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=240,TW)
36.228.211.240	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=114,TW)
36.228.222.114	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=114,TW)
36.229.178.169	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=169,TW)
36.230.175.55	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=55,TW)
36.230.207.246	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=146,TW)
36.230.236.158	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - 6hr Logon (IP=158,TW)
36.230.67.121	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=121,TW)
36.230.89.223	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=223,TW)
36.231.125.86	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=86 TW)
36.231.20.65	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=65,TW)
36.232.100.49	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=49,TW)
36.232.168.116	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=116,TW)
36.232.246.62	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=62,TW)
36.232.69.137	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=137,TW)
36.233.131.105	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=105,TW)
36.233.51.60	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=60,TW)
36.234.180.235	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=235,TW)
36.235.214.134	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=134,TW)
36.235.254.119	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=119,TW)
36.236.128.142	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=142,TW)
36.236.132.28	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=28,TW)
36.237.132.15	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=15,TW)
36.237.18.152	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=152,TW)
36.237.194.74	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=74,TW)
36.237.195.60	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=60,TW)
36.237.211.13	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=13,TW)
36.237.5.104	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=104,TW)
36.24.83.175	24	RR	None	2020-01-03 00:00:00	2020-04-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=175,CN)
36.248.211.16	24	KF	None	2018-08-08 05:00:00	2020-04-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=16,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=71,CN)
36.248.211.71	32	BMP	None	2020-06-01 00:00:00	2020-09-01 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) TT# 20C03025 (IP=71,CN)
36.32.3.50	24	RB	None	2018-11-25 06:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt (IP=50,CN) | updated by RR with reason Generic ArcSight scan attempt (IP=245,CN)
36.33.216.174	24	KF	None	2020-03-16 00:00:00	2020-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=174,CN)
36.34.161.174	24	BMP	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr Web Attacks (IP=174,CN)
36.34.73.76	24	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=76,CN)
36.34.76.90	24	RR	None	2020-03-05 00:00:00	2020-06-03 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=90,CN)
36.35.75.91	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=91,CN)
36.39.68.34	24	EDBT	None	2017-10-29 05:00:00	2020-06-23 00:00:00	None	Failed password (IP=34,KR) | updated by RR Block was inactive. Reactivated on 20200325 with reason TCP: SYN Host Sweep (IP=34,KR)
36.41.184.69	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=69,CN)
36.43.65.157	24	GM	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=157,CN)
36.46.136.149	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=149,CN)
36.47.162.38	24	RR	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (1:41697:2) - SourceFire (IP=38,CN)
36.55.232.47	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=47,JP)
36.65.151.178	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	ID TO-S-2019-0658 Malware Activity
36.66.0.0	16	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	ID TO-S-2019-0952 Malware Activity
36.67.0.0	16	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	ID TO-S-2019-0952 Malware Activity
36.68.252.50	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=50,ID)
36.68.28.113	24	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Illegal user_6 hr Failed Logons (IP=113,ID)
36.68.70.216	24	RR	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	Illegal user - Failed Logons (IP=216,ID)
36.7.137.180	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=180,CN)
36.71.238.103	24	DT	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=103,ID)
36.72.124.250	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=250,ID)
36.72.31.71	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=71,ID)
36.72.80.240	24	DT	None	2020-07-29 00:00:00	2020-10-28 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=240,ID)
36.73.11.50	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=50,ID)
36.74.78.112	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=112,ID)
36.74.88.0	21	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,ID)
36.75.143.12	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=12,ID)
36.75.205.208	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=208,ID)
36.75.67.253	24	RR	None	2019-01-19 00:00:00	2020-02-14 00:00:00	None	Failed password for invalid user (IP=253,ID) | updated by RB with reason Failed password_6 hr Failed Logons (IP=12,ID) | 2020-02-14 | 2019-04-19
36.77.105.182	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=182,ID)
36.80.48.9	24	GLM	None	2018-09-14 05:00:00	2020-02-23 00:00:00	None	Illegal user (IP=9,ID) | updated by RR with reason Illegal user (IP=9,ID) | updated by BP Block was inactive. Reactivated on 20191123 with reason Authentication Failed - 6hr Failed Logon(IP=9,ID)
36.80.91.249	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=249,ID)
36.81.6.168	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=168,ID)
36.84.80.31	24	KF	None	2018-12-24 06:00:00	2020-02-23 00:00:00	None	Illegal user (IP=31,ID) | updated by BP Block was inactive. Reactivated on 20191123 with reason Authentication Failed - 6hr Failed Logon(IP=31,ID)
36.85.220.156	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=156,ID)
36.85.43.131	24	KF	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Illegal user - Failed Logins (IP=131,ID)
36.85.48.0	20	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	ID TO-S-2019-0781 Malware Activity
36.88.51.174	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - Failed Logons (IP=174,ID)
36.89.135.79	24	RB	None	2019-05-12 00:00:00	2020-04-26 00:00:00	None	Illegal user_6 hr Failed Logons (IP=79 ID) | updated by KF Block was inactive. Reactivated on 20200126 with reason Illegal user (IP=79,ID) | updated by KF Block expiration extended with reason Illegal user (IP=79,ID)
36.89.157.197	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=197,ID)
36.89.247.26	24	RB	None	2019-01-18 00:00:00	2020-01-31 00:00:00	None	Failed password for invalid user (IP=26,ID) | updated by RB with reason Failed password_6 hr Failed Logons (IP=26,ID) | 2020-01-31 | 2019-04-18
36.89.38.11	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=11,ID)
36.89.93.233	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password (IP=233,ID)
36.89.99.34	24	CR	None	2020-08-30 00:00:00	2020-11-30 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=34,ID)
36.90.71.64	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Generic ArcSight scan attempt (IP=64,ID)
36.91.12.35	24	GM	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt
36.91.145.29	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=29,ID)
36.91.152.234	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP= 234 , ID )
36.92.134.59	32	RR	None	2020-09-20 00:00:00	2020-12-19 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03955 (IP=59,ID)
36.92.189.114	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=114,ID)
36.92.21.50	24	KF	None	2019-06-24 00:00:00	2020-03-05 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=50,ID) | updated by GM with reason Invalid user - Failed logons (IP=50,ID)
36.92.210.90	24	RR	None	2020-07-19 00:00:00	2020-10-17 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=90,ID)
36.92.222.93	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=93,ID)
36.92.95.10	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=10,ID)
36.96.15.5	32	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=5,CN)
36.96.190.86	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=86,CN)
36.96.204.44	24	CW	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=44,CN)
36.96.97.151	24	BMP	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=151,CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=1
36.97.249.51	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=51,CN)
36.99.141.211	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=211,CN)
36.99.164.90	24	RW	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=90,CN)
36.99.35.226	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=226,CN)
37.0.150.23	24	RW	None	2020-07-25 00:00:00	2020-10-25 00:00:00	None	SERVER-WEBAPP Cisco ASA directory traversal attempt - Sourcefire (IP=23,HR)
37.1.145.23	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	NL TO-S-2019-0363.01 Malware Activity
37.1.220.17	24	FT	None	2020-09-02 00:00:00	2020-12-02 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - Sourcefire (IP=17,NL)
37.1.221.102	24	BMP	None	2020-04-18 00:00:00	2020-07-19 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - SourceFire (IP=102,NL)
37.10.71.200	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=200,GB)
37.104.246.41	24	BMP	None	2020-05-17 00:00:00	2020-08-15 00:00:00	None	Command Injection (IP=41,SA)
37.104.248.69	24	RW	None	2020-04-07 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=69,SA)
37.105.222.205	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=205,SA)
37.105.248.136	24	GM	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	Command Injection (IP=136,SA)
37.105.251.119	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=119,SA)
37.105.77.164	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=64,SA)
37.11.130.93	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	Authentication Failed - Failed Logons (IP=93,ES)
37.114.40.139	24	RR	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Failed password - Failed Logons (IP=139,DE)
37.119.230.22	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=22,IT)
37.12.140.215	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	ES TO-S-2019-0952 Malware Activity
37.120.147.166	32	RW	None	2020-08-08 00:00:00	2020-11-08 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - Sourcefire (IP=166,US)
37.120.152.218	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=218,BG)
37.120.206.68	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=68,RO)
37.120.33.30	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=30,DE)
37.120.54.182	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed - 6hr Logon (IP=182,DE)
37.122.208.68	24	wmp	None	2015-10-31 05:00:00	2020-03-12 00:00:00	None	information disclosure attempt (IP=68,GB) | updated by SYM with reason ET SCAN Potential SSH Scan (ip=236,GB) | updated by
37.123.99.201	24	djs	None	2014-08-08 05:00:00	2020-02-22 00:00:00	None	SSH Scans (ip=201,TR) | updated by dbc with reason TR TO-S-2019-0431 Malicious Email Activity
37.124.181.18	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Authentication Failed - Failed Logons (IP=18,SA)
37.13.64.194	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	ES TO-S-2019-0608 Malware Activity
37.135.222.203	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Authentication Failed - 6hr Logons (IP=203,ES)
37.139.0.226	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=226,NL)
37.139.10.136	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	NL TO-S-2019-0571 Malicious Email Activity
37.139.11.155	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	NL TO-S-2019-0358 Malicious Web Application Activity
37.139.13.105	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	NL TO-S-2019-0608 Malware Activity
37.139.2.218	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
37.139.20.56	24	RR	None	2019-01-19 00:00:00	2020-02-15 00:00:00	None	Failed password for invalid user (IP=56,NL) | updated by dbc with reason NL TO-S-2019-0409 Malicious Email Activity
37.139.21.75	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	NL TO-S-2019-0608 Malware Activity
37.139.26.125	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	NL TO-S-2019-0546 Malware Activity
37.139.29.166	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	NL TO-S-2019-0430 Malicious Email Activity
37.139.4.119	24	djs	None	2014-05-17 05:00:00	2020-02-06 00:00:00	None	SSH Scans (ip=119,NL) | updated by GM with reason Failed password - Failed Logons (IP=138,NL)
37.139.5.0	24	GLM	None	2016-11-06 05:00:00	2020-04-04 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (IP=115,NL) | updated by GM with reason SQL 1 = 1 - possible sql injection attempt (IP
37.139.9.20	24	RB	None	2019-01-18 00:00:00	2020-04-19 00:00:00	None	Failed password for invalid user (IP=20,NL) | updated by dbc with reason NL TO-S-2019-0608 Malware Activity
37.140.192.7	24	None	None	None	2020-05-26 00:00:00	None	| updated by sjl with reason spear-phishing (IP=51 RU) | updated by jky with reason RU TO-S-2017-080 Phishing | updated by | updated by RR with reason SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=155,RU)
37.142.138.52	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed - 6hr Logon (IP=52,IL)
37.142.40.0	21	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
37.144.0.0	14	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
37.151.154.156	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=156,KZ) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
37.157.194.134	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	CZ TO-S-2019-1036 Malicious Email Activity
37.159.137.186	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=186,IT)
37.162.58.191	32	dbc	None	2019-01-15 06:00:00	2020-01-15 06:00:00	None	IT TO-S-2019-0321 Malware Activity
37.17.170.210	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=210,HU)
37.17.224.146	32	wmp	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=146,DE)
37.17.224.9	24	sjl	None	2014-09-18 05:00:00	2020-04-29 00:00:00	None	APP-DETECT failed FTP login attempt (IP=9 DE) | updated by RB with reason SQL 1 = 1 - possible sql injection attempt (IP=63,DE
37.17.73.249	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Invalid user - Failed Logons (IP=116,BY)
37.18.176.66	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	CH TO-S-2019-0631 Malicious Email Activity
37.182.236.14	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	IT TO-S-2019-0608 Malware Activity
37.186.123.91	24	GLM	None	2018-12-20 06:00:00	2020-02-01 00:00:00	None	Illegal user (IP=91,AM) | updated by KF Block was inactive. Reactivated on 20191103 with reason Failed Password_6 Hr Failed Logons (IP=91,AM )
37.186.163.5	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_SourceFire (IP=5,IT)
37.187.104.135	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=135,FR)
37.187.113.144	24	CR	None	2019-12-04 00:00:00	2020-03-04 00:00:00	None	Invalid user - 6 hr failed logon (IP=144,FR)
37.187.127.13	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	Invalid user - Failed Logons (IP=13,FR)
37.187.131.0	24	sym	None	2014-03-27 05:00:00	2020-02-06 00:00:00	None	SSH Scan (ip=32,FR) | updated by GM with reason Failed password - Failed Logons (IP=203,FR)
37.187.134.139	32	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	Known Attack Tool User Agent/28744: HTTP: MASSCAN Tool Usage - TT# 20C01879 (IP=139,FR)
37.187.154.79	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=79,FR)
37.187.156.120	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=120,FR)
37.187.156.120	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=120,FR)
37.187.17.45	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Invalid user - Failed Logon (IP=45,FR)
37.187.181.202	24	djs	None	2015-08-17 05:00:00	2020-03-04 00:00:00	None	Bash CGI env variable injection attempt (ip=202,FR) | updated by GLM with reason SQL 1 = 1 - possible sql injection attempt (I | updated by RR with reason Invalid user -Failed Logons (IP=1,FR)
37.187.193.19	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	FR TO-S-2019-0608 Malware Activity
37.187.195.209	24	RR	None	2019-01-19 00:00:00	2020-02-27 00:00:00	None	Failed password for invalid user (IP=209,FR) | updated by RW Block was inactive. Reactivated on 20191127 with reason Authentication Failed - 6hr Failed Logon(IP=209,FR)
37.187.30.112	24	GLM	None	2018-10-20 05:00:00	2020-01-16 00:00:00	None	APP-DETECT failed FTP login attempt (IP=112,FR) | updated by RR with reason APP-DETECT failed FTP login attempt - Failed Logons (IP=112,FR)
37.187.46.74	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=74,FR)
37.187.53.157	24	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	INDICATOR-COMPROMISE PHP backdoor communication attempt - Sourcefire (IP=157,FR)
37.187.60.182	24	CR	None	2019-01-11 06:00:00	2020-03-02 00:00:00	None	Illegal user (IP=182,FR) | updated by BP Block was inactive. Reactivated on 20191203 with reason Failed password for invalid user - 6hr Logon (IP=182,FR)
37.187.64.220	24	CR	None	2019-03-19 00:00:00	2020-01-19 00:00:00	None	SQL use of sleep function with and - likely SQL injection (IP=220,FR) | updated by KF with reason Immediate Inbound Network Block - TT# 20C00506 (IP=220,US)
37.187.72.155	24	GLM	None	2017-03-05 06:00:00	2020-04-22 00:00:00	None	FTPP_FTP_RESPONSE_LENGTH_OVERFLOW (IP=155,FR) | updated by RR with reason APP-DETECT failed FTP login attempt (IP=203,FR) | updated by RW Block was inactive. Reactivated on 20200122 with reason Authentication Failed - 6hr Failed Logon(IP=155,FR)
37.187.74.179	24	RR	None	2017-01-30 06:00:00	2020-03-29 00:00:00	None	APP-DETECT failed FTP login attempt (IP=179,FR) | updated by GM with reason APP-DETECT failed FTP login attempt (IP=157,FR) | updated by KF with reason APP-DETECT failed FTP login attempt (1:13360:7) (IP=151,FR)
37.187.78.50	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=50,FR)
37.187.79.46	24	ged	None	2015-04-30 05:00:00	2020-02-13 00:00:00	None	SERVER-WEBAPP phpThumb fltr[] parameter remote command execution attempt (IP=46, FR) | updated by djs with reason WEBAPP RevSl | updated by GM with reason Invalid user - Failed Logons (IP=55,FR)
37.187.95.110	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=110,FR)
37.19.115.245	24	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_SourceFire (IP=245 IL)
37.190.241.95	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C00115 (IP=95,PL)
37.191.149.123	24	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=123,NO)
37.191.233.81	24	CR	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=81,NO)
37.192.163.119	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=119,RU)
37.193.108.101	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=101,RU)
37.194.56.34	24	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Web Attacks (IP=34,RU)
37.195.50.41	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Failed password - Failed Logons (IP=41,RU)
37.196.175.127	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	SE TO-S-2019-0608 Malware Activity
37.200.124.0	22	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	RU TO-S-2019-0400 Malicious Reconnaissance Activity
37.202.112.60	32	RB	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C01814 (IP=60,JO)
37.202.82.229	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=229,JO)
37.203.208.3	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password_Faield Logon (IP=3,FR)
37.205.159.206	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=206,IT)
37.205.207.125	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt_Web attacks (IP=25,IT)
37.207.247.58	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - 6hr web attacks (IP=58,IT) | not blocked because No refs to Nortek Linear eMerge E3 Access Controller found in USACE SharePoint or NAC
37.208.179.168	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=168,QA) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=168,QA)
37.208.39.59	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	BA TO-S-2019-1036 Malicious Email Activity
37.208.40.0	21	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	KZ TO-S-2020-0012 Malware Activity
37.210.111.3	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=3,QA)
37.210.153.66	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=66,QA)
37.210.155.208	24	DT	None	2020-06-17 00:00:00	2020-09-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=208,QA)
37.210.193.46	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=46,QA)
37.210.229.237	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Failed password for invalid user - Failed Logons (IP=237,QA)
37.210.74.230	24	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=230,QA)
37.210.83.124	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=124,QA)
37.211.121.192	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	QA TO-S-2020-0109.01 Malicious Email Activity
37.213.113.251	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Generic ArcSight scan attempt (IP=251,BY)
37.218.252.110	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	DE TO-S-2019-0551.02 Malicious Email Activity
37.220.0.54	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	GB TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malware Activity
37.220.6.104	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	GB TO-S-2019-0608 Malware Activity
37.220.6.115	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	GB TO-S-2019-0781 Malicious Email Activity
37.228.116.0	22	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	RU TO-S-2019-0734.01 Malicious Email Activity
37.228.252.145	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	IE TO-S-2019-0608 Malware Activity
37.230.112.0	21	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
37.230.113.85	32	jkc	None	2020-07-20 00:00:00	2020-10-21 00:00:00	None	hive case # 3387 CTO 20-199 Malicious IP (IP=85,RU)
37.233.64.0	20	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	SE TO-S-2019-0952 Malicious Email Activity
37.235.104.24	32	BMP	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	SQL use of sleep function in HTTP header - likely SQL injection attempt - SourceFire (IP=24,US)
37.235.53.12	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	ES TO-S-2019-0613 Malware Activity
37.24.173.224	24	KF	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=224,DE)
37.24.241.17	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=17,DE)
37.24.51.142	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Authentication Failed - Failed Logons (IP=142,DE)
37.24.8.99	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=99,DE) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
37.247.41.72	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	NL TO-S-2019-0358 Malicious Email Activity
37.252.64.0	19	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	AM TO-S-2020-0012 Malware Activity
37.26.0.38	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=38,AZ)
37.26.147.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
37.28.228.124	24	EDBT	None	2017-12-04 06:00:00	2020-01-01 00:00:00	None	ET SCAN Potential SSH Scan (IP=124,PT) | updated by GM with reason Illegal user - Failed logons (IP=94,PT)
37.29.81.4	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=4,RU)
37.3.133.50	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Illegal user - Failed Logons (IP=50,SE)
37.32.40.2	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=2,IR)
37.34.191.141	24	RR	None	2020-04-19 00:00:00	2020-07-19 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=141,KW) | updated by RR Block expiration extended with reason SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=141,KW)
37.34.234.156	24	BP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=156,KW)
37.34.59.197	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	NL TO-S-2019-0938 Malicious Email Activity
37.36.221.190	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=190,KW)
37.37.85.133	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=133,KW)
37.41.153.154	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
37.46.39.47	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=47,IS)
37.48.67.73	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Illegal user - 6hr Logons (IP=73,NL)
37.49.224.200	24	RW	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=200,EE)
37.49.226.111	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	TCP: SYN Host Sweep (IP=111,EE)
37.49.226.35	32	GM	None	2020-07-23 00:00:00	2020-10-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03467 (IP=35,NL)
37.49.227.202	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=202,NL)
37.49.229.181	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	UDP: Host Sweep (IP=181,NL)
37.49.229.67	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	NL TO-S-2019-1002 Malicious Email Activity
37.49.59.105	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	DE TO-S-2019-0608 Malware Activity
37.53.162.33	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=33,UA)
37.58.148.35	32	RR	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)FR - TT# 20C02699 (IP=35,FR)
37.59.1.74	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	FR TO-S-2019-1036 Malicious Email Activity
37.59.100.22	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=22,FR)
37.59.104.203	24	RR	None	2018-01-11 06:00:00	2020-04-19 00:00:00	None	Illegal user (IP=203,FR) | updated by dbc with reason FR TO-S-2019-0608 Malware Activity
37.59.107.189	24	djs	None	2014-08-13 05:00:00	2020-02-15 00:00:00	None	Callback c2 (maid=2374,ip=189,FI) | updated by dbc with reason FR TO-S-2019-0409 Malware Activity
37.59.109.89	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	FR TO-S-2019-0571 Malicious Email Activity
37.59.224.82	24	ABC	None	2019-01-08 06:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt(IP=82,France) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=39,FR)
37.59.37.69	24	GLM	None	2018-12-14 06:00:00	2020-01-31 00:00:00	None	Failed password (IP=69,FR) | updated by GM with reason Invalid user - Failed Logons (IP=69,FR)
37.59.43.131	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=131,FR)
37.59.43.136	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=136,FR)
37.59.43.216	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Illegal User_Failed Logon (IP=16,FR)
37.59.44.68	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=68,FR)
37.59.44.93	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=93,FR)
37.59.45.174	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=174,FR)
37.59.49.7	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=7,FR)
37.59.51.212	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=212,FR)
37.59.52.83	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=83,FR)
37.59.55.45	32	RR	None	2019-04-07 00:00:00	2020-09-02 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 19C01880 (IP=45,FR) | updated by dbc with reason FR TO-S-2019-0952 Malware Activity
37.59.6.106	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user_Failed Logon (IP=6,FR)
37.59.98.229	24	YM	None	2017-10-24 05:00:00	2020-02-08 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt (IP=229,FR) | updated by GM with reason Failed password - Failed Logons (IP=64,FR)
37.59.99.243	24	CR	None	2019-01-17 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user user (IP=243,FR) | updated by GM with reason Illegal user - Failed Logons (IP=243,FR)
37.60.44.0	22	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
37.61.232.157	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=157,GB)
37.72.0.205	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=205,ES)
37.72.168.145	32	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	NL TO-S-2019-0839 Malicious Email Activity
37.72.168.183	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	NL TO-S-2019-0831 Malicious Email Activity
37.72.18.156	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=156,ES)
37.78.106.187	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=187,RU)
37.78.111.156	24	GM	None	2020-05-25 00:00:00	2020-08-25 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=156,RU)
37.78.16.201	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=1,RU)
37.78.203.126	24	RW	None	2020-05-18 00:00:00	2020-08-18 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=126,RU)
37.78.240.78	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=78,RU)
37.9.51.131	24	BMP	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	SERVER-WEBAPP Zyxel NAS devicescommand injection attempt - Web Attacks (IP=131,RU)
37.9.64.0	18	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	RU TO-S-2020-0056 Malicious Reconnaissance Activity
37.98.224.105	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
38.101.136.70	32	RWB	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Misc Activity - FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - sourcefire (IP=70,US)
38.106.148.52	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=52,US)
38.107.250.152	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=152,US)
38.108.45.130	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=130,US)
38.109.112.232	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
38.113.165.187	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	CA TO-S-2019-0626.01 Malware Activity
38.122.127.226	32	ABC	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	Generic ArcSight scan attempt (IP=226,US)
38.124.193.244	32	BMP	None	2020-04-03 00:00:00	2020-06-03 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 020420-00081 (IP=244,US)
38.124.193.244	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=244,MX)
38.128.156.132	32	DT	None	2020-05-06 00:00:00	2020-08-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=123,US)
38.128.156.17	32	BMP	None	2020-05-01 00:00:00	2020-07-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=17,US)
38.128.156.181	32	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Attempted Information Leak - SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - sourcefire (IP=181,US)
38.128.156.237	32	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=237,US)
38.128.156.94	32	ABC	None	2019-01-08 06:00:00	2020-01-26 00:00:00	None	Generic ArcSight scan attempt (IP=94,United States) | updated by RWB Block was inactive. Reactivated on 20191028 with reason Attempted Information Leak - SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - sourcefire
38.132.101.188	32	RW	None	2020-07-17 00:00:00	2020-08-17 00:00:00	None	Self Report/Suspicious Activity - TT# 20C03489 (IP=188,US)
38.132.118.253	32	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Immediate Inbound Network Block - TT# 20C00930 (IP=253,US)
38.132.124.153	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
38.142.176.218	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malware Activity
38.21.240.148	32	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=148,US)
38.64.152.150	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=150,US)
38.65.116.244	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	US TO-S-2020-0012 Malware Activity
38.68.36.239	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=239,US)
38.76.122.2	32	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=2,US)
38.76.31.5	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=5,US)
38.99.125.4	32	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=4,US)
39.100.144.170	32	wmp	None	2020-07-29 00:00:00	2020-10-29 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=170,CN)
39.100.61.34	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=34,CN)
39.101.170.97	32	DT	None	2020-09-05 00:00:00	2020-12-05 00:00:00	None	HTTP: PHP-FPM Remote Code Execution Vulnerability (CVE-2019-11043) - TT # 20C03843 (IP=97,CN)
39.104.115.176	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=176,CN)
39.104.19.168	24	RR	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	Illegal user - Failed Logons (IP=168,CN)
39.104.235.66	32	RW	None	2020-08-07 00:00:00	2020-09-07 00:00:00	None	HTTP: PHP-FPM Remote Code Execution Vulnerability (CVE-2019-11043) - TT# 20C03647 (IP=66,CN)
39.105.121.125	24	FT	None	2020-09-11 00:00:00	2020-12-11 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1)- SourceFire (IP=125,CN)
39.105.124.67	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Illegal user - Failed Logons (IP=67,CN)
39.105.185.176	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=176,CN)
39.105.69.1	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Timeout before authentication for (IP=1,CN)
39.106.105.110	24	CR	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	HTTP: SQL Injection Attempt Detected - Sourcefire (IP=110,CN)
39.106.248.149	24	GM	None	2020-03-24 00:00:00	2020-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=149,CN)
39.109.104.200	24	KF	None	2019-11-02 00:00:00	2020-02-01 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=200,HK) | updated by KF Block expiration extended with reason Command Injection Attempt (IP=200,no ISC data)
39.109.112.0	24	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	HK TO-S-2019-0551.02 Malicious Email Activity
39.109.113.169	24	ABC	None	2018-04-01 05:00:00	2020-02-14 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=169,XX) | updated by RR with reason Illegal user (IP=234,HK) | updated
39.109.116.131	32	RW	None	2019-12-23 00:00:00	2020-01-23 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01220(IP=131,US)
39.109.117.196	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - 6hr Web Attacks (IP=196,HK)
39.109.117.233	24	KF	None	2020-03-09 00:00:00	2020-06-07 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability TT# 20C02081 (IP=233,HK)
39.109.12.111	24	KF	None	2020-06-20 00:00:00	2020-09-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=111,HK)
39.109.13.230	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user - Failed Logon (IP=230,HK)
39.109.17.132	24	RR	None	2017-07-07 05:00:00	2020-01-19 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=132,HK) | updated by KF with reason Generic ArcSight scan attempt (IP=36,no ISC data)
39.109.19.244	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=244 HK)
39.109.3.215	24	RR	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=215,HK) | not blocked because Target is an RWP address (outreach.lrh.usace.army.mil), back-end web server no longer exists, SOC disabled RWP front-e
39.112.151.34	24	RW	None	2020-04-17 00:00:00	2020-07-18 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=34,KR)
39.115.19.130	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=130,KR)
39.152.112.110	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=110,CN)
39.152.148.23	24	BMP	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=23,CN)
39.32.156.53	24	ABC	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=53,PK)
39.32.56.159	24	GM	None	2019-12-11 00:00:00	2020-03-11 00:00:00	None	Illegal user - Failed Logons (IP=159,PK)
39.33.34.0	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	Authentication Failed - 6hr
39.33.34.0	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=0,PK)
39.33.34.0	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=0,PK)
39.33.47.230	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=230,PK)
39.33.61.234	24	CR	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	APP-DETECT failed FTP login attempt - 6 hr failed logon (IP=234,PK)
39.35.124.192	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=192,PK)
39.35.80.155	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=155,PK)
39.36.210.119	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=119,PK)
39.36.27.3	24	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	Authentication Failed - Failed Logons (IP=3,PK)
39.36.75.148	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=148,PK)
39.36.89.123	24	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	Authentication Failed - Failed Logons (IP=123,PK)
39.37.151.247	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=247,PK)
39.37.204.42	24	BMP	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=42,PK)
39.37.221.177	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=177,PK)
39.38.18.226	24	BMP	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Authentication Failed - 6hr Failed Logons (IP=226,PK)
39.40.36.87	24	BLP	None	2016-09-19 05:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP admin.php access (IP=87,PK) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=112,PK)
39.40.63.205	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=205,PK)
39.41.121.103	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - Failed Logons (IP=103,PK)
39.41.155.205	24	GM	None	2020-09-28 00:00:00	2020-12-28 00:00:00	None	SQL union select - possible sql injection attempt - POST parameter - Web Attacks (IP=205,PK)
39.42.124.134	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=134,PK)
39.43.78.58	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6hr web attacks (IP=58,PK)
39.43.96.12	24	KF	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Authentication Failed (IP=12,PK)
39.44.117.209	24	RW	None	2020-09-16 00:00:00	2020-12-16 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - Sourcefire (IP=209,PK)
39.46.43.36	24	BMP	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=36,PK)
39.46.63.3	24	BMP	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=3,PK)
39.48.45.133	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=133,PK)
39.50.149.47	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=47,PK)
39.50.172.94	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=94,PK)
39.53.245.181	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=181,PK)
39.63.3.208	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=208,PK)
39.64.16.244	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Authentication Failed - Failed Logons (IP=244,CN)
39.64.162.64	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Authentication Failed - Failed Logons (IP=64,CN)
39.65.178.134	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=134,CN)
39.67.83.115	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=115,CN)
39.68.2.91	24	RW	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=91,CN)
39.71.2.215	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=215,CN)
39.71.82.40	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=40,CN)
39.76.248.133	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=133,CN)
39.82.239.60	24	RWB	None	2020-01-16 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=60,CN) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=60,CN)
39.82.34.24	24	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=24 CN)
39.82.81.237	24	RR	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	Authentication Failed - Failed Logons (IP=237,CN)
39.96.0.0	13	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	CN TO-S-2019-0723 Malicious Email Activity
39.98.110.234	32	wmp	None	2020-08-11 00:00:00	2020-11-11 00:00:00	None	HIVE Case #3542 CTO-20-221 (IP=234,CN)
39.98.185.29	24	GM	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=29,CN)
40.107.11.84	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=84,GB)
40.107.220.54	32	wmp	None	2020-07-08 00:00:00	2020-10-08 00:00:00	None	HIVE Case #3254 COLS-NA-TIP-20-0204 (IP=54,US)
40.107.223.40	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3560 COLS-NA-TIP-20-0259 (IP=40,US)
40.107.223.44	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3560 COLS-NA-TIP-20-0259 (IP=44,US)
40.107.236.87	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3560 COLS-NA-TIP-20-0259 (IP=87,US)
40.107.70.137	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=137,US)
40.112.129.217	32	RB	None	2020-02-03 00:00:00	2020-03-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C01591 (IP=217,US)
40.112.170.195	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=195,US)
40.113.131.37	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	NL TO-S-2019-0816 Malicious Email Activity
40.113.197.150	32	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=150,US)
40.113.203.2	32	KF	None	2020-05-01 00:00:00	2020-07-30 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat- TT# 20C02585 (IP=2,US)
40.113.236.96	24	RW	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	MALWARE-CNC or BOTNET HIT: MALWARE-CNC URI - known scanner tool muieblackcat (IP=96,RU)
40.113.241.164	32	BMP	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	Known Attack Tool User Agent V2/ HTTP Muieblackcat Security Scanner - TT# 20C02467 (IP=164,US)
40.114.226.249	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=249,NL)
40.115.188.36	24	RR	None	2020-08-11 00:00:00	2020-11-09 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=36,JP)
40.115.24.141	24	FT	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=141,NL)
40.117.131.149	32	BMP	None	2020-09-23 00:00:00	2020-12-23 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - TT# 20C03972 (IP=149,US)
40.118.203.142	32	BMP	None	2020-04-30 00:00:00	2020-07-29 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02578 (IP=142,US)
40.122.162.33	32	BMP	None	2020-05-02 00:00:00	2020-07-31 00:00:00	None	Known Attack Tool User Agent V2/Name : BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C02590 (IP=33,US)
40.122.29.232	32	RR	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	Known Attack Tool User Agent V2 / 20086 HTTP Muieblackcat Security Scanner - TT# 20C02504 (IP=232,US)
40.122.30.167	32	BMP	None	2020-05-16 00:00:00	2020-08-16 00:00:00	None	Known Attack Tool User Agent V2/20086: HTTP: Muieblackcat Security Scanner - TT# 20C02802 (IP=167,US)
40.122.40.119	32	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Potential Muieblackcat - TT# 20C02499 (IP=119,US)
40.122.40.119	24	RW	None	2020-04-11 00:00:00	2020-07-11 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat - Sourcefire (IP=119,US)
40.122.79.192	32	RR	None	2020-06-30 00:00:00	2020-09-28 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat -Web Attacks (IP=192,US)
40.125.141.17	32	dbc	None	2020-08-04 00:00:00	2020-08-04 00:00:00	None	HIVE Case #3470 CTO-20-210 R-4364 (IP=17,CN)
40.125.200.20	24	RB	None	2019-01-12 06:00:00	2020-03-21 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=20,CN) | updated by BMP Block was inactive. Reactivated on 20191222 with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=20,CN)
40.125.200.20	32	RB	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02832 (IP=20,CN)
40.125.205.230	24	EDBT	None	2018-03-19 05:00:00	2020-01-14 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=230,CN) | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=243,CN)
40.126.247.129	32	GM	None	2020-06-08 00:00:00	2020-08-08 00:00:00	None	Unauthorized Access-Probe - TT# 20C03096 (IP=129,US)
40.127.194.124	32	RW	None	2020-05-24 00:00:00	2020-06-24 00:00:00	None	Known Attack Tool User Agent V2 / 20086: HTTP: Muieblackcat Security Scanner - TT# 20C02903 (IP=124,US)
40.127.95.209	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	AU TO-S-2019-0608 Malware Activity
40.132.66.244	32	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=244,US)
40.65.105.169	32	KF	None	2020-06-05 00:00:00	2020-09-03 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03073 (IP=169,US)
40.65.124.251	32	RR	None	2020-05-28 00:00:00	2020-08-26 00:00:00	None	8316 HTTP Cross Site Scripting (String.fromCharCode) - TT# 20C02959 (IP=251,DE)
40.68.102.132	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=132,NL)
40.68.153.124	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=124,NL)
40.68.78.5	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=5,NL)
40.71.99.224	32	DT	None	2020-05-16 00:00:00	2020-08-16 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - Sourcefire (IP=224,US)
40.73.101.100	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=100,CN)
40.73.3.16	32	dbc	None	2020-08-04 00:00:00	2020-08-04 00:00:00	None	HIVE Case #3470 CTO-20-210 R-4364 (IP=16,CN)
40.73.65.160	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=160,CN)
40.73.97.99	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=99,CN)
40.74.232.209	32	DT	None	2020-08-29 00:00:00	2020-11-29 00:00:00	None	SQL generic convert injection attempt - GET parameter - Sourcefire (IP=209,US)
40.74.74.197	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=197,JP)
40.76.70.217	32	DT	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=217,US)
40.77.108.134	32	RW	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	Known Attack Tool User Agent V2 / 20086: HTTP: Muieblackcat Security Scanner - TT# 20C02758 (IP=134,US)
40.77.167.11	32	BMP	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - 6hr Web Attacks (IP=11,US)
40.77.167.121	32	GM	None	2020-07-29 00:00:00	2020-10-29 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=121,US)
40.77.167.190	32	GM	None	2020-08-11 00:00:00	2020-11-10 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Sourcefire (IP=190,US)
40.77.167.66	32	BMP	None	2020-09-24 00:00:00	2020-12-24 00:00:00	None	HTTP: SERVER-WEBAPP Ulterius web server directory traversal attempt - 6hr Web Attacks (IP=66,US)
40.77.59.108	32	RW	None	2020-06-10 00:00:00	2020-07-10 00:00:00	None	Known Attack Tool User Agent V2 / 20086 HTTP Muieblackcat Security Scanner - TT# 20C03126 (IP=108,US)
40.77.61.171	32	DT	None	2020-06-24 00:00:00	2020-07-24 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C03280 (IP=171,US)
40.77.96.248	32	RB	None	2020-06-27 00:00:00	2020-09-25 00:00:00	None	Known Attack Tool User Agent V2 / 20086: HTTP: Muieblackcat Security Scanner - TT# 20C03295 (IP=248,US)
40.80.145.209	32	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=209,US)
40.83.12.199	32	CR	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	Known Attack Tool User Agent V2 / 20086: HTTP: Muieblackcat Security Scanner - TT# 20C02883 (IP=199,US)
40.83.12.87	32	RR	None	2020-06-15 00:00:00	2020-09-13 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - - TT# 20C03174 (IP=87,US)
40.83.125.200	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	INDICATOR-SCAN PHP backdoor scan
40.83.171.103	32	GM	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	ABC Generic ArcSight scan attempt (IP=103,US)
40.83.222.49	32	JC	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat - 48 Hour Block (IP=49,US)
40.83.40.11	32	DT	None	2020-06-08 00:00:00	2020-09-06 00:00:00	None	Known Attack Tool User Agent V2/HTTP: SqlMap SQL Injection -Scanning I - TT# 20C03092 (IP=11,US)
40.84.22.121	32	RB	None	2020-09-21 00:00:00	2020-12-20 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03957 (IP=121,US)
40.85.136.111	32	GM	None	2020-06-08 00:00:00	2020-08-08 00:00:00	None	Unauthorized Access-Probe - TT# 20C03093 (IP=111,US)
40.86.223.86	24	RR	None	2020-08-22 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt (1:54794:2) - SourceFire (IP=86,CA)
40.86.92.187	32	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	HTTP: Known Attack Tool User Agent V2/20086 HTTP Muieblackcat Security Scanner - TT# 20C02700 (IP=187,US)
40.87.106.17	32	DT	None	2020-08-30 00:00:00	2020-11-30 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=17,US)
40.87.129.208	24	RR	None	2020-07-27 00:00:00	2020-10-25 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=208,IE)
40.87.156.131	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Illegal user - Failed Logons (IP=131,IE)
40.87.18.130	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Unauthorized Scanning (IP=130,US)
40.87.59.185	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=185,US)
40.90.176.37	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=37,SG)
40.92.89.20	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3560 COLS-NA-TIP-20-0259 (IP=20,IE)
41.101.22.157	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=157,DZ)
41.103.0.0	17	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	DZ TO-S-2019-0890.01 Command and Control Exploit
41.110.65.173	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=173,DZ)
41.136.173.219	24	RR	None	2017-04-18 05:00:00	2020-02-14 00:00:00	None	ET SCAN Potential SSH Scan (IP=219,MU) | updated by RB with reason SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt_Sourcefire (IP=9,MU) | 2020-02-14 | 2017-07-17
41.136.233.143	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
41.137.137.92	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user - Failed Logons (IP=92,MA )
41.138.60.169	24	ABC	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Generic ArcSight scan attempt (IP=169,NE)
41.138.88.3	24	KF	None	2018-10-18 05:00:00	2020-02-29 00:00:00	None	Illegal user (IP=3,BJ) | updated by CW Block was inactive. Reactivated on 20191201 with reason Failed password for invalid
41.139.132.238	24	RR	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	Illegal user - Failed Logons (IP=238,KE)
41.139.164.167	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=167,KE)
41.139.224.170	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=170,KE)
41.140.68.249	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=249,MA)
41.140.79.235	24	CR	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=235,MA)
41.140.9.220	24	RR	None	2020-07-26 00:00:00	2020-10-24 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=220,MA)
41.140.90.142	24	FT	None	2020-07-30 00:00:00	2020-10-28 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection - Web Attacks (IP=77,MA)
41.143.62.36	24	RW	None	2020-04-07 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=36,MA)
41.157.17.218	24	CR	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit)- Sourcefire (IP=218,ZA)
41.160.126.234	32	jkc	None	2020-07-20 00:00:00	2020-10-21 00:00:00	None	hive case # 3387 CTO 20-199 Malicious IP (Ip=234,ZA)
41.160.127.58	24	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=58,ZA)
41.160.127.58	24	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=58,ZA)
41.169.75.205	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Generic ArcSight scan attempt (IP=205,ZA)
41.176.226.184	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=184,EG)
41.180.68.214	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=214,ZA)
41.185.0.0	16	jky	None	2016-12-01 06:00:00	2020-02-15 00:00:00	None	ZA TO-S-2017-0241 Unauthorized access attempts | updated by jky with reason ZA TO-S-2017-0750 Malicious URL | updated by CR
41.185.13.153	32	DT	None	2020-09-11 00:00:00	2020-12-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03881 (IP=22,US)
41.185.7.209	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=209,ZA)
41.185.8.59	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=59,ZA)
41.188.155.74	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=74,TZ)
41.189.42.165	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	CI TO-S-2019-0658 Malware Activity
41.190.136.194	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=194,MU)
41.191.77.130	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=130,UG)
41.193.122.77	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Logons (IP=77,ZA)
41.201.8.30	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Illegal user - Failed Logons (IP=30,DZ)
41.203.156.2	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=2,NE)
41.203.16.251	24	DT	None	2020-05-04 00:00:00	2020-08-04 00:00:00	None	FILE-OTHER Adobe Acrobat Reader jp2 double free attempt - SourceFire (IP=251,ZA)
41.203.18.107	24	GM	None	2020-08-11 00:00:00	2020-11-10 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=107,ZA)
41.203.33.107	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=107,ZA) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=107,ZA)
41.204.161.217	24	RR	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Generic ArcSight scan attempt (IP=217,KE)
41.204.191.53	24	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Invalid user - Failed Logons (IP=53,KE)
41.204.192.0	19	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	ZA TO-S-2019-0358 Malicious Email Activity
41.205.117.48	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=48,EG) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
41.205.23.27	24	RR	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	SQL use of sleep function with and - likely SQL injection (1:41449:2) - SourceFire (IP=27,CM)
41.205.74.70	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=70,CM)
41.207.184.179	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=179,TG)
41.208.131.13	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=13,SN) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
41.208.150.114	24	RB	None	2017-10-19 05:00:00	2020-03-02 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt (IP=114,SN) | updated by RR with reason Illegal user (IP=114,SN) | | updated by BP Block was inactive. Reactivated on 20191203 with reason Failed password for invalid user - 6hr Logon (IP=114,S
41.211.116.32	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 Hr Failed Logons (IP=32,CM)
41.212.128.0	17	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	MU TO-S-2019-0420 Malware Activity
41.213.216.242	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Failed password - Failed Logons (IP=242,RE)
41.215.19.146	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	KE TO-S-2019-0409 Malicious Email Activity
41.216.186.114	32	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Possible SQLi attempt / HTTP: Blind SQL Injection - Timing - TT# 20C00593 (IP=114,KN)
41.216.186.131	24	RR	None	2020-01-11 00:00:00	2020-04-12 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=131,KN) | updated by BMP Block expiration extended with reason OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (
41.216.186.201	32	RW	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Generic ArcSight scan attempt (IP=201,US)
41.217.216.39	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=39,MY)
41.217.58.0	23	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,NG)
41.220.112.0	20	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	KE TO-S-2019-1036 Malicious Email Activity
41.220.128.10	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=10,TZ)
41.220.13.103	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=103,UG)
41.221.146.138	24	RR	None	2018-12-15 06:00:00	2020-01-21 00:00:00	None	Failed password for invalid user (IP=138,ZW) | updated by CW Block was inactive. Reactivated on 20191023 with reason Illegal User_Failed Logon (IP=38,ZW)
41.221.194.223	32	RR	None	2020-05-27 00:00:00	2020-12-29 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02932 (IP=223,CV) | updated by BMP Block was inactive. Reactivated on 20200930 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-1675
41.221.194.223	24	KF	None	2020-03-09 00:00:00	2020-06-07 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=223,CV)
41.222.196.57	24	RB	None	2019-01-10 06:00:00	2020-02-03 00:00:00	None	Illegal user (IP=57,CD) | updated by RWB Block was inactive. Reactivated on 20191105 with reason Failed password for invalid user - Failed Logon (IP=,MY)
41.223.127.5	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=5,MZ)
41.224.245.201	24	RR	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=201,TU)
41.224.59.78	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password (IP=78,TN)
41.226.248.221	24	RB	None	2019-01-12 06:00:00	2020-01-19 00:00:00	None	Illegal user (IP=221,TN) | updated by RR with reason Illegal user - Failed Logons (IP=221,TN)
41.226.255.106	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=106,TN)
41.228.249.213	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=213,TN)
41.228.4.205	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=205,TN)
41.230.18.222	24	GM	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=222,TN)
41.230.77.5	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=5,TN)
41.231.56.98	24	KF	None	2019-03-06 00:00:00	2020-05-14 00:00:00	None	Authentication Failed (IP=98,TN) | updated by GM Block was inactive. Reactivated on 20200214 with reason Authentication Failed - Failed Logons (IP=98,TN)
41.231.8.214	24	RW	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=10,HK)
41.236.147.194	32	RW	None	2020-08-08 00:00:00	2020-11-10 00:00:00	None	Possible SQLi attempt - TT# 20C03667 (IP=194,EG) | updated by FT Block expiration extended with reason HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 20C03696 (IP=194,EG)
41.242.17.172	24	CR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - CIRT Web Attack (IP=172,LY)
41.248.244.123	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=123,MO)
41.248.40.209	24	BMP	None	2020-07-15 00:00:00	2020-10-13 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - 6hr Web Attacks (IP=209,MA)
41.248.49.221	24	DT	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=221,MA)
41.249.176.178	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logon (IP=178,MA)
41.251.228.26	24	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=26,MA)
41.251.94.48	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=48,MA)
41.32.0.0	12	dbc	None	2018-09-20 05:00:00	2020-03-01 00:00:00	None	EG TO-S-2018-1158 Malicious Reconnaissance Activity | updated by RB with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=132,EG) | 2020-03-01 | 2019-09-20
41.32.153.42	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	SERVER-WEBAPP GPON Routerauthentication bypass and command injection attempt (IP=42,EG)
41.32.172.107	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=107,EG)
41.33.178.202	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password_6 hr Failed Logons (IP=202 EG)
41.34.119.176	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt _SourceFire (IP=76,EG)
41.34.195.188	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=188,EG)
41.34.80.35	24	RWB	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=35,EG)
41.35.112.241	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=241,EG)
41.35.112.241	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=241,EG)
41.35.138.85	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Failed Logon (IP=,EG)
41.35.20.22	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=22,EG)
41.35.204.240	24	KF	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=240,EG)
41.35.81.137	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt _SourceFire (IP=37,EG)
41.36.199.212	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=212,EG)
41.36.242.153	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=153,EG)
41.37.106.199	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=199,EG)
41.37.120.141	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=141,EG)
41.37.34.143	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=143,EG)
41.37.34.143	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=143,EG)
41.37.39.137	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=137,EG)
41.38.112.35	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=35,EG)
41.38.196.159	24	BMP	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01867 (IP=159,EG)
41.38.198.177	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Web Attacks(IP=224,EG)
41.38.235.84	24	CR	None	2018-08-22 05:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=84,EG) | updated by CW with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_SourceFire (IP=29,EG)
41.38.255.115	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=115,EG)
41.38.63.13	24	CR	None	2019-12-27 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=13,EG)
41.39.115.27	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=27,EG)
41.39.153.4	32	RR	None	2020-07-26 00:00:00	2020-10-24 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03563 (IP=4,EG)
41.40.134.81	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=81,EG)
41.40.166.224	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=224,EG)
41.40.176.67	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=67,EG)
41.40.234.160	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=160,EG)
41.40.86.9	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=9,EG)
41.40.9.25	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=25,EG)
41.41.128.125	24	KF	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01853 (IP=125,EG)
41.41.153.43	24	RB	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6 hr web attacks (IP=43,EG)
41.41.192.143	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=143,EG)
41.41.25.179	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=179,EG)
41.41.30.32	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=32,EG)
41.42.11.48	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=,EG)
41.42.133.102	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=102,EG)
41.42.248.74	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=74,EG)
41.42.250.206	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=206,EG)
41.43.133.99	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=99,EG)
41.43.149.7	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=7,EG)
41.43.243.93	24	RR	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=93,EG)
41.43.245.7	24	RR	None	2018-09-01 05:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=7,EG) | updated by GM with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=29,EG)
41.43.75.68	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=68,EG)
41.44.196.71	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=,EG)
41.44.213.107	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=107,EG)
41.44.58.168	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=168,EG)
41.45.103.175	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=175,EG)
41.45.12.249	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=249,EG)
41.45.216.214	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=214,EG)
41.45.223.7	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=7,CN)
41.45.86.202	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=202,EG)
41.45.86.202	24	RWB	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=202,EG)
41.45.86.202	24	BP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=202,EG)
41.46.192.185	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=185,EG)
41.46.205.200	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=200,EG)
41.46.218.193	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=,EG)
41.46.223.194	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=194,EG)
41.46.227.133	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=133,EG)
41.46.3.149	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=149,EG)
41.46.72.109	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=109,EG)
41.46.74.247	24	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=247,EG)
41.46.90.155	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=155,EG)
41.46.98.178	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=178,EG)
41.47.0.105	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=105,EG)
41.47.171.128	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=128,EG)
41.47.226.205	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=205,EG)
41.47.237.54	24	wmp	None	2018-09-05 05:00:00	2020-01-19 00:00:00	None	command injection attempt (IP=54,EG) | updated by KF with reason Authentication Failed_6 Hr Failed Logons (IP=35,EG)
41.47.246.155	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=155,EG)
41.47.248.33	24	CR	None	2020-03-23 00:00:00	2020-06-23 00:00:00	None	Known Attack Tool User Agent - 20C02203 (IP=33,EG)
41.47.27.207	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=207,EG)
41.57.124.21	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=21,ZW)
41.57.20.88	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Web attacks (IP=88,ZA)
41.59.90.66	32	DT	None	2020-09-22 00:00:00	2020-12-22 00:00:00	None	HTTP: Hydra Webshell Traffic Detected - TT # 20C03968 (IP=66,TZ)
41.60.0.0	16	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	KE TO-S-2019-0972 Malicious Web Application Activity
41.62.109.3	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=3,TN)
41.65.225.250	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=250,EG)
41.65.64.36	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password - 6hr Logon (IP=36,EG)
41.68.0.0	15	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	EG TO-S-2019-0634 Malicious Web Application Activity
41.71.70.34	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=34,ZA) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=34,ZA)
41.72.116.138	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=138,ZM)
41.72.219.102	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=102,KE)
41.73.252.236	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=236,NG)
41.74.201.213	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=213,ZA)
41.75.122.22	24	DT	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=22,MW)
41.77.112.0	21	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	MA TO-S-2019-0532 Malicious Email Activity
41.77.145.34	24	RR	None	2019-01-19 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user (IP=34,ZM) | updated by CW Block was inactive. Reactivated on 20191107 with reason Failed password for invalid user_Faield Logon (IP=34,MU)
41.77.72.18	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=18,UG)
41.78.201.48	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=48,ZA)
41.78.212.50	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,ZA)
41.78.243.213	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=213,GA)
41.79.224.105	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=105,BI)
41.80.36.61	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password for invalid user (IP=61,KE)
41.82.176.208	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=208,SN)
41.83.47.124	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=124,SE)
41.84.131.10	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password_6 hr Failed Logons (IP=10 KE)
41.86.112.32	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=32,ZA)
41.89.160.13	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=13,KE)
41.92.128.0	17	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	CM TO-S-2020-0065 Malware Activity
41.93.32.33	24	jkc	None	2016-07-23 05:00:00	2020-03-08 00:00:00	None	ET SCAN Potential SSH Scan (IP=33,TZ) | updated by RB with reason Failed password for invalid user(IP=26,TZ) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=88,TZ)
42.104.0.0	17	dbc	None	2018-09-20 05:00:00	2020-02-13 00:00:00	None	IN TO-S-2018-1158 Malicious Reconnaissance Activity | updated by RR with reason Failed password for invalid user - Failed Logons (IP=228,IN)
42.109.128.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
42.109.148.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
42.109.157.57	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
42.109.200.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
42.111.13.206	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
42.112.13.227	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=227,VN)
42.112.16.124	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=124,VN)
42.112.184.101	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=101,VN)
42.112.248.27	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=27,VN)
42.112.59.3	24	RR	None	2018-09-02 05:00:00	2020-01-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=3,VN) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=21,VN) | 2020-01-20 | 2018-12-01
42.113.10.141	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,VN)
42.113.11.6	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=6,VN)
42.113.182.127	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Authentication Failed - Failed Logons (IP=127,VN)
42.113.229.133	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=133,VN)
42.113.248.130	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=130,VN)
42.113.49.243	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=243,VN)
42.113.68.226	24	RW	None	2020-02-01 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=226,VN) | updated by KF Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=226,VN)
42.113.68.74	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=74,VN) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
42.113.69.4	24	RW	None	2020-02-02 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=4,VN) | updated by KF Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=4,VN)
42.113.96.239	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=239,VN)
42.114.125.173	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - Failed Logons (IP=173,VN)
42.114.166.245	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=245,VN)
42.114.181.141	24	RR	None	2020-02-04 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=141,VN) | updated by RR Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=141,VN)
42.114.183.150	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=,VN)
42.114.196.15	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=15,VN)
42.114.196.15	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=15,VN)
42.114.24.141	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=141,VN)
42.114.72.21	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=21,VN)
42.115.154.33	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=33,VN)
42.115.164.64	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=64,VN) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
42.115.164.93	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=93,VN)
42.115.193.192	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=192,VN)
42.115.20.173	24	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=173,KH)
42.115.250.89	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=89,VN)
42.115.33.152	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=152,VN)
42.115.49.200	24	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Authentication Failed - 6hr Logons (IP=200,VN)
42.115.52.139	24	RB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=139,KH)
42.115.67.150	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=150,VN)
42.115.68.140	24	CW	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=40,CB)
42.115.87.200	24	RB	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_6 hr web attacks (IP=200,KH)
42.116.115.28	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=28,VN)
42.116.130.130	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=130,VN)
42.116.135.141	24	MWH	None	2016-12-05 06:00:00	2020-04-21 00:00:00	None	ET CINS Active Threat Intelligence Poor Reputation IP & Misc Web Attack (IP=141) | updated by RWB with reason Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=,VN)
42.116.141.117	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	Illegal user_Failed Logon (IP=17,VN)
42.116.158.123	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=123,VN)
42.116.175.154	32	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00493 (IP=154,VN)
42.116.224.193	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=193,VN)
42.116.227.226	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=226,VN)
42.116.246.11	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	Illegal user - Failed Logons (IP=11,CN)
42.116.249.173	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=173,VN)
42.116.41.238	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=238 VN)
42.116.43.37	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=37,VN)
42.116.77.209	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	Authentication Failed - Failed Logon (IP=209,VN)
42.116.90.238	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=238,VN)
42.116.90.238	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=238,VN)
42.117.13.50	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=50,VN)
42.117.131.238	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=238,VN)
42.117.140.79	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=79,VN)
42.117.146.14	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=14,VN)
42.117.20.95	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=95,VN)
42.117.206.104	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=104,VN)
42.117.213.0	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=0 VN)
42.117.231.26	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=26,VN)
42.117.254.205	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=205,VN)
42.117.31.219	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=219,VN)
42.117.32.58	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=58,VN)
42.117.36.249	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=249,VN)
42.117.40.184	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=184,VN) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
42.117.48.188	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=188,VN)
42.117.53.20	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
42.117.60.13	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=13,VN)
42.117.63.8	24	GLM	None	2018-08-28 05:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=8,VN) | updated by RWB with reason Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=,VN)
42.118.105.209	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=209,VN)
42.118.105.209	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=209,VN)
42.118.127.203	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=203,VN)
42.118.171.54	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=54,VN)
42.118.195.95	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=95,VN)
42.118.196.231	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=231,VN)
42.118.201.73	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=73,VN)
42.118.201.73	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=73,VN)
42.118.208.43	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=43,VN)
42.118.226.145	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=145,VN)
42.118.227.75	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=75,VN)
42.118.235.91	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=91,VN)
42.118.242.189	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=189,VN)
42.118.46.230	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=230,VN)
42.118.70.231	24	CR	None	2018-08-22 05:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=231,VN) | updated by RWB with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=189,VN)
42.118.71.81	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=81,VN) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
42.118.85.218	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=218,VN)
42.119.105.126	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=126,VN)
42.119.129.73	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=73,VN)
42.119.138.165	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=165,VN)
42.119.14.104	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=104,VN)
42.119.17.12	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=12,VN)
42.119.18.35	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=35,VN)
42.119.216.176	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=76,VN)
42.119.222.19	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=19,VN)
42.119.44.247	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=247,VN)
42.119.48.254	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=254,VN)
42.119.59.161	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=,VN)
42.119.75.67	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=67,VN)
42.119.75.67	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=67,VN)
42.119.88.239	24	RR	None	2018-09-02 05:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=239,VN) | updated by RR with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=118,VN) | updated by RWB with reason SE
42.119.98.79	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=79,VN)
42.157.128.112	24	RB	None	2019-04-28 00:00:00	2020-02-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (IP=112 CN) | updated by BP with reason Invalid user - Failed Logons (IP=188,CN)
42.157.129.158	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=158,CN)
42.157.131.13	24	RB	None	2019-05-11 00:00:00	2020-01-22 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_12 hr web attacks (IP=13,CN) | updated by RB with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_6 hr web attacks (IP=21,CN) | 2020-01-22 | 2019-08-
42.159.147.118	24	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=118,CN)
42.177.175.211	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=211,CN)
42.179.120.8	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=8,CN)
42.179.189.144	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=144,CN)
42.179.53.150	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=150,CN)
42.179.67.117	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=117,CN)
42.180.52.24	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=24,CN)
42.180.87.144	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=144,CN)
42.188.104.74	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=74,MY)
42.188.80.81	24	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=81,MY)
42.194.216.126	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=126,CN)
42.194.223.86	24	RR	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=86,CN)
42.2.167.149	24	RR	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=149,HK)
42.200.106.20	32	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent - TT# 20C00039 (IP=20,US)
42.200.138.70	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,HK)
42.200.140.189	24	CR	None	2018-12-19 06:00:00	2020-01-21 00:00:00	None	Failed password for invalid user (IP=189,HK) | updated by GM with reason HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=33,HK)
42.200.206.2	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=2,HK)
42.200.227.161	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=161,HK)
42.200.79.135	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=135,HK)
42.201.133.169	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_SourceFire (IP=69,PK)
42.202.134.6	32	GM	None	2020-08-11 00:00:00	2020-11-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C03694 (IP=6,CN)
42.224.134.54	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=54,CN)
42.224.66.124	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Web Attacks (IP=124,CN)
42.225.141.172	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=172,CN)
42.225.197.79	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Web attacks (IP=79,CN)
42.225.207.228	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=228,CN)
42.225.27.91	24	GM	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	Authentication Failed - Failed Logons (IP=91,CN)
42.227.204.31	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=31,CN)
42.227.37.239	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=239,CN)
42.227.84.40	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=40,CN)
42.228.113.116	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=116,CN)
42.228.116.198	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=198,CN)
42.228.127.75	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=75,CN)
42.229.184.236	24	RR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=236,CN)
42.229.241.19	24	RR	None	None	2020-06-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=19,CN)
42.230.130.6	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=6,CN)
42.230.152.31	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=31,CN)
42.230.255.222	24	RR	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=222,CN)
42.230.37.38	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=38,CN)
42.230.42.13	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=13,CN)
42.231.116.229	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_6 hr web attacks (IP=229,CN)
42.231.160.90	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=90,CN)
42.231.74.15	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=15,CN)
42.231.79.250	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=250,CN)
42.232.101.251	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=251,CN)
42.232.112.47	24	RR	None	2020-01-17 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=47,CN) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=47,CN) | updated by KF with reason SERVER-WEBAPP MVPower D
42.232.113.23	24	GM	None	2019-11-12 00:00:00	2020-02-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=23,CN)
42.234.114.204	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=204,CN)
42.234.250.109	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=109,CN)
42.234.71.31	24	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=31 CN)
42.235.17.254	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=54,CN)
42.235.26.29	24	RB	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=29,CN)
42.236.254.56	24	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	TCP: SYN Host Sweep (IP=56,CN)
42.239.101.31	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web Attacks (IP=31,CN)
42.239.135.1	24	RB	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=1,CN)
42.239.160.192	24	CR	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=192,CN)
42.239.163.134	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=134,CN)
42.239.207.68	24	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=68,CN)
42.239.212.226	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=226,CN)
42.239.226.14	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=14,CN)
42.239.9.25	24	RW	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6 hr web attacks (IP=25,CN)
42.247.22.66	24	BP	None	2019-11-20 00:00:00	2020-02-20 00:00:00	None	Authentication Failed (IP=66,CN)
42.249.23.33	24	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	UDP: Host Sweep (IP=33,CN)
42.4.152.45	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=45,CN)
42.5.203.137	24	RR	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=137,CN) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=137,CN)
42.51.13.12	24	RWB	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=12,CN)
42.51.191.174	24	RR	None	2016-10-22 05:00:00	2020-02-12 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=174,CN) | updated by ABC with reason ET POLICY Suspicious inbo | updated by RR with reason Generic ArcSight scan attempt (IP=172,CN)
42.51.204.117	24	EDBT	None	2017-09-10 05:00:00	2020-02-23 00:00:00	None	ET POLICY Suspicious inbound to | updated by BP with reason Failed password - Failed Logons (IP=24,CN)
42.51.216.15	24	BMP	None	2020-06-14 00:00:00	2020-09-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=15,CN)
42.51.225.120	24	CW	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=20,CN)
42.51.28.154	24	MLJ	None	2017-02-06 06:00:00	2020-03-03 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=154,CN) | updated by RR with reason HTTP: SQL Injection Attempt Detected - Wen Attacks (IP=203,CN)
42.51.33.227	24	RR	None	2017-02-01 06:00:00	2020-01-06 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=227,CN) | updated by RR with reason INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=118,CN)
42.51.41.4	24	GLM	None	2017-06-26 05:00:00	2020-01-17 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=4,CN) | updated by GM with reason INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=136,CN)
42.51.64.190	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=190,CN)
42.51.66.57	24	DT	None	2020-07-28 00:00:00	2020-10-26 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=57,CN)
42.51.69.2	24	RW	None	2020-06-05 00:00:00	2020-09-05 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=2,CN)
42.54.165.181	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=181,CN)
42.56.0.0	14	dlb	None	2018-08-31 05:00:00	2020-01-16 00:00:00	None	CH TO-S-2018-1080 malware activity | updated by RR with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=32,CN)
42.61.46.130	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	SG TO-S-2020-0088 Malicious Web Application Activity
42.61.59.33	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Illegal user - 6hr Logon (IP=33,SG)
42.62.11.212	24	RW	None	2020-05-31 00:00:00	2020-08-31 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=212,CN)
42.62.11.212	24	RW	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=212,CN)
42.62.24.231	24	CR	None	2020-04-25 00:00:00	2020-07-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=231,CN)
42.87.230.88	24	RR	None	2020-01-18 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=88,CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=88,CN) | update
42.97.66.228	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=228,CN)
43.225.0.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
43.225.106.10	24	GLM	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=10,HK)
43.225.117.245	24	GLM	None	2018-12-16 06:00:00	2020-02-15 00:00:00	None	Failed password (IP=245,IN) | updated by BP Block was inactive. Reactivated on 20191115 with reason Authentication Failed - 6hr Failed Logon(IP=245,IN)
43.225.151.142	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=142,BD)
43.225.159.23	24	MLJ	None	2017-10-24 05:00:00	2020-02-24 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=23,JP) | updated by RR with reason MALWARE-BACKDOOR JSP webshell backdoor | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=18
43.225.161.29	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - Failed Logons (IP=29,IN)
43.225.164.208	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=208,IN)
43.225.64.174	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=174,ID)
43.225.67.157	24	BMP	None	2020-07-15 00:00:00	2020-10-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=157,ID)
43.226.127.125	24	RW	None	2020-09-08 00:00:00	2020-12-08 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03860 (IP=125,HK)
43.226.148.59	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=59,JP)
43.226.152.187	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=187,CN)
43.226.156.126	24	GM	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP vBulletin decodeArguments PHP object injection attempt - Sourcefire (IP=126,CN)
43.226.158.247	24	RR	None	2019-12-07 00:00:00	2020-03-06 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SoureFire (IP=247,CN)
43.226.165.196	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=196,CN)
43.226.35.164	24	MLJ	None	2018-02-21 06:00:00	2020-04-21 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=164,JP) | updated by JKC with reason PHP AK47 injection attack (IP=91, CN | updated by RWB with reason Misc Activity - INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=,CN)
43.226.36.209	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=209,CN)
43.226.36.209	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=209,CN)
43.226.38.231	24	MLJ	None	2018-02-21 06:00:00	2020-01-15 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=231,JP) | updated by RW with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=247,CN)
43.226.45.210	24	CR	None	2020-06-15 00:00:00	2020-09-15 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=210,CN)
43.226.53.83	24	GM	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=83,CN)
43.226.54.185	24	GM	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	ABC Generic ArcSight scan attempt (IP=185,CN)
43.226.66.10	24	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6 Hr Web Attack (IP=10,CN)
43.227.253.254	24	RB	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - - 6hr failed logon (IP=254,RU)
43.227.64.34	24	RB	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=34 CN) | updated by RW Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=34,CN)
43.228.117.214	24	GM	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	ABC Generic ArcSight scan attempt (IP=214,SC)
43.228.66.82	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=82,CN)
43.228.95.2	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
43.229.112.0	22	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	HK TO-S-2019-0816 Malicious Email Activity
43.229.12.198	24	BMP	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=198,BD)
43.229.128.35	24	RR	None	2018-03-26 05:00:00	2020-03-06 00:00:00	None	ET SCAN Potential VNC Scan 5900-5920 (IP=35,JP) | updated by GM with reason Invalid user - Failed Logons (IP=128,SG)
43.229.152.212	32	CW	None	2020-01-05 00:00:00	2020-02-05 00:00:00	None	Unauthorized Access Attempt-TT# 20C01351 (IP=12,HK)
43.229.153.78	32	RB	None	2020-06-15 00:00:00	2020-09-15 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03168 (IP=78,HK)
43.229.62.186	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AU TO-S-2019-1036 Malicious Email Activity
43.229.76.0	22	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	TH TO-S-2020-0190 Malicious Email Activity
43.229.90.251	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - Failed Logons (IP=251,IN)
43.230.145.11	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=11,US)
43.231.56.28	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - Failed Logons (IP=28,IN)
43.231.56.28	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - Failed Logons (IP=28,IN)
43.231.77.218	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=218,BD)
43.231.77.236	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	17031: HTTP: GetSimple CMS File Upload - TT# 20C01739 (IP=236,BD)
43.239.145.223	32	KF	None	2019-09-23 00:00:00	2020-02-08 00:00:00	None	Immediate Inbound Network Block - TT# 19C03399 (IP=223,US) | updated by KF with reason Immediate Inbound Network Block - TT# 20C00937 (IP=223,US)
43.239.156.14	24	RW	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6hr web attacks (IP=14,HK)
43.239.176.113	24	GM	None	2019-11-13 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logons (IP=113,CN)
43.240.248.82	24	JKC	None	2019-01-10 06:00:00	2020-03-25 00:00:00	None	WPC REGIONAL Fireeye multiple alerts MPS (IP=82, CN) | updated by RW Block was inactive. Reactivated on 20191011 with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - 6hr Web Attack (IP=82,CN) | updated by CR Block expiration extended with
43.240.64.167	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=167,no ISC data)
43.241.145.0	24	GLM	None	2016-10-24 05:00:00	2020-02-23 00:00:00	None	PROTOCOL-FTP Bad login (IP=217,IN) | updated by BP with reason Failed password - Failed Logons (IP=121,IN)
43.241.193.87	24	RB	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	ET EXPLOIT F5 TMUI RCE vulnerability CVE-2020-5902 Attempt - 6hr web attacks (IP=87,IN)
43.241.252.74	24	None	None	None	2020-04-12 00:00:00	None	| updated by djs with reason mySQL port scans (ip=42,JP) | updated by dlb with reason ET POLICY Suspicious inbound to mySQL | updated by CW with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web attacks (IP=98,
43.241.67.157	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user - Failed Logons (IP=157,IN)
43.242.125.185	24	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - Failed Logons (IP=185,IN)
43.242.128.34	24	RB	None	2020-03-13 00:00:00	2020-06-11 00:00:00	None	SQL 1 = 1 - possible sql injection attempt_6 hr web attacks (IP=34,HK)
43.242.72.0	22	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CN TO-S-2019-0952 Malware Activity
43.243.100.6	32	GM	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C03682 (IP=6,HK)
43.243.75.158	24	MLJ	None	2017-07-25 05:00:00	2020-04-04 00:00:00	None	ET SCAN Potential SSH Scan (IP=158,JP) | updated by CW with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=15,HK) | 2020-04-04 | 2017-10-25
43.245.151.214	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=214,IN)
43.245.158.82	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=82 IN)
43.245.160.163	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3322 CTO-20-193 (IP=163,AU)
43.245.176.10	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=10,AU)
43.245.216.4	24	RR	None	2019-10-27 00:00:00	2020-01-26 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=4,KH) | updated by RR with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=4,KH)
43.245.222.176	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_SourceFire (IP=176,VN)
43.247.159.178	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	Authentication Failed (IP=178,IN)
43.247.180.222	24	RW	None	2019-12-17 00:00:00	2020-03-17 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=222,CN)
43.247.4.50	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=50,CN)
43.247.69.19	24	GM	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=19,CN)
43.248.120.26	24	CR	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 hr Web Attacks (IP=26,CN) | updated by KF Block expiration extended with reason SQL Injection,Command Injection (IP=26,CN)
43.248.171.41	24	CW	None	2019-09-11 00:00:00	2020-02-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web attacks (IP=41,HK) | updated by KF with reason Immediate Inbound Network Block - TT# 20C00973 (IP=41,US)
43.248.189.33	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=33,CN)
43.249.104.6	24	GM	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=6,TH)
43.249.173.6	24	RR	None	None	2020-06-27 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=6,HK)
43.249.173.6	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	SQL Injection- ARCSight Sauron (IP=6,HK)
43.249.173.6	24	RB	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=6,HK)
43.249.173.6	24	RB	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=6,HK)
43.249.194.61	24	RR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=61,CN)
43.249.228.86	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=86,IN)
43.250.208.152	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
43.250.250.70	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	AU TO-S-2019-0864 Malicious Email Activity
43.251.100.0	22	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	CN TO-S-2020-0190 Malicious Email Activity
43.251.100.191	24	CR	None	2019-10-17 00:00:00	2020-01-17 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_web attack (IP=191,JP)
43.251.104.5	24	ABC	None	2019-01-08 06:00:00	2020-05-01 00:00:00	None	Generic ArcSight scan attempt(IP=5,no ISC data) | updated by dbc with reason HK TO-S-2019-0634 Malicious Web Application Activity
43.251.17.156	24	djs	None	2016-01-03 06:00:00	2020-01-14 00:00:00	None	Webapp Setup.php attempts (ip=156,AU) | updated by RB with reason SERVER-ORACLE Oracle WebLogic Server remote command executio | updated by RR with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=248,HK)
43.252.178.52	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=52,HK)
43.252.224.0	21	None	None	None	2020-02-07 00:00:00	None	| updated by KF with reason Signature: Known Attack Tool User Agent (IP=21,HK) | updated by RB with reason FTKNOX_HRC_GOARMY - TT# 19C02054 (IP=21,HK) | updated by RB with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT#19C
43.252.248.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
43.252.88.0	22	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	IN TO-S-2019-1036 Malicious Email Activity
43.254.151.94	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=94,CN)
43.254.18.7	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=7,TW)
43.254.226.75	24	RW	None	2020-02-18 00:00:00	2020-05-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=75,CN) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=75,CN)
43.254.45.74	24	YM	None	2017-12-25 06:00:00	2020-03-06 00:00:00	None	ET SCAN Potential SSH Scan (IP=74,JP) | updated by GM with reason Failed password - Failed Logons (IP=10,CN)
43.254.52.188	24	GM	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	ABC Generic ArcSight scan attempt (IP=188,CN)
43.255.104.0	22	jky	None	2017-08-23 05:00:00	2020-04-20 00:00:00	None	HK TO-S-2017-1423 Malware attack | updated by RR with reason INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=53,HK)
43.255.22.74	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_SourceFire (IP=74,BD)
43.255.30.111	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=111,HK)
43.255.30.111	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=111,HK)
43.255.30.111	24	RB	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=111,HK)
43.255.84.14	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed logons (IP=14,CN)
44.224.45.229	32	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Known Attack Tool User Agent: DIRBUSTER - TT# 20C00484 (IP=229,US)
45.10.166.177	24	jkc	None	2020-07-01 00:00:00	2020-10-01 00:00:00	None	HIVE Case #3146 CTO-20-172 (IP=177,RU)
45.10.172.10	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 hr web attacks (IP=10,DE)
45.10.175.13	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=13,CN)
45.10.22.179	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
45.11.1.87	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=87,XX)
45.11.47.14	32	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00488 (IP=14,EU)
45.112.205.59	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=59,HK)
45.112.205.59	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=59,HK)
45.112.205.59	24	RW	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	TCP: SYN Host Sweep (IP=59,HK)
45.113.122.0	22	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,IN)
45.113.200.0	24	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	CN TO-S-2019-0604 Malware Activity
45.113.64.203	24	FT	None	2020-07-31 00:00:00	2020-10-29 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=203,IN)
45.113.69.175	24	CR	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourefire report (IP=175,HK)
45.113.70.238	24	RB	None	2018-12-08 06:00:00	2020-01-04 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=238,CA) | updated by RB with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=223 CA) | 2020-01-04 | 2019-03-08
45.113.71.208	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	CA TO-S-2019-0577 Malware Activity
45.114.124.170	24	BMP	None	2020-06-14 00:00:00	2020-09-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=170,PK)
45.114.244.0	22	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	IN TO-S-2019-0608 Malicious Email Activity
45.115.178.195	24	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Failed password - Failed Logons (IP=195,IN)
45.116.128.0	23	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AF TO-S-2020-0109.01 Malicious Email Activity
45.116.231.154	24	GLM	None	2017-07-05 05:00:00	2020-03-11 00:00:00	None	APP-DETECT failed FTP login attempt (IP=154,IN) | updated by dbc with reason IN TO-S-2019-0468 Malicious Email Activity
45.116.232.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	PK TO-S-2020-0109.01 Malicious Email Activity
45.117.50.98	24	RR	None	2017-02-27 06:00:00	2020-02-20 00:00:00	None	APP-DETECT failed FTP login attempt (IP=98,IN) | updated by RR with reason SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=172,IN)
45.117.72.242	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=242,IN)
45.117.80.159	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=159,VN)
45.118.144.22	24	YM	None	2018-05-18 05:00:00	2020-02-14 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=22,VN) | updated by dbc with reason VN TO-S-2019-040
45.118.145.51	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Failed password_Failed Logon (IP=51,VN)
45.119.118.11	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=11,no ISC data)
45.119.118.11	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=11,CN)
45.119.212.170	24	RR	None	2019-05-07 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt #NAME? (IP=170,VN) | updated by CW with reason Illegal user_Failed Logon (IP=25,VN) | 2020-04-04 | 2019-08-05
45.119.81.199	24	KF	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=199,VN)
45.119.85.150	24	CR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - Sourcefire (IP=150,VN)
45.120.115.150	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password for invalid user - Failed Logons (IP=150,BD)
45.120.148.57	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	SG TO-S-2019-0640.01 Malicious Email Activity
45.120.184.7	24	GLM	None	2017-04-30 05:00:00	2020-02-15 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=7,HK) | updated by CR with reason Vulnerability 11 (IP=226,HK) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=241,HK) | 2020-02-15
45.120.185.142	24	MLJ	None	2017-04-17 05:00:00	2020-02-27 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=142,HK) | updated by RB with reason HTTP: WordPress portable phpmyadmin p | updated by RB with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=41,HK) | 2020-02-27 | 2019-06-15
45.120.185.41	24	BP	None	2019-11-29 00:00:00	2020-05-18 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=41,HK) | updated by KF Block expiration extended with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01751 (IP=41,HK)
45.121.100.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
45.121.106.138	32	BMP	None	2020-09-23 00:00:00	2020-12-23 00:00:00	None	BOT: China Chopper Webshell Traffic Detected - TT# 20C03973 (IP=138,HK)
45.121.107.17	32	RB	None	2020-06-06 00:00:00	2020-09-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03077 (IP=17,HK)
45.121.43.235	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	ID TO-S-2019-0577 Malicious Email Activity
45.121.48.0	24	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	TW TO-S-2019-0734.01 Malicious Email Activity
45.121.50.0	24	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	TW TO-S-2019-0734.01 Malicious Email Activity
45.122.221.42	24	RR	None	2017-12-07 06:00:00	2020-01-15 00:00:00	None	Illegal user (IP=42,VN) | updated by CR with reason Illegal user (IP=42,VN) | updated by RR with reason Illegal user - Failed Logons (IP=42,VN)
45.123.3.0	24	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	IN TO-S-2019-0508 Malware Activity
45.124.146.254	24	CW	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	Authentication Failed_Failed Logon (IP=54,IN)
45.125.12.194	24	ABC	None	2016-08-15 05:00:00	2020-01-16 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=194,CN) | updated by jky with reason CN TO-S-2017-0156 Country block | u | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=2
45.125.192.0	24	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,SG)
45.125.192.221	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=221,SG)
45.125.44.0	22	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CN TO-S-2019-0952 Malware Activity
45.125.50.0	23	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	TW TO-S-2019-0734.01 Malicious Email Activity
45.125.65.106	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=106,HK)
45.126.196.89	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
45.127.3.38	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=38,HK)
45.127.99.220	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=220,)
45.128.133.242	24	GM	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=242,BE)
45.128.194.0	24	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,SE)
45.129.0.0	22	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	RU TO-S-2019-0972 Malicious Email Activity
45.13.132.0	23	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	LT TO-S-2019-0852 Malware Activity
45.13.93.90	24	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	TCP: SYN Host Sweep (IP=90,XX)
45.131.185.221	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=221,HK)
45.131.210.24	24	BMP	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 20C02594 (IP=24,NL)
45.132.105.114	24	jkc	None	2020-07-01 00:00:00	2020-10-01 00:00:00	None	HIVE Case #3146 CTO-20-172 (IP=114,NL)
45.132.138.22	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Known Attack Tool User Agent / UDS-OpenVAS_RC8766 - TT# 20C01576 (IP=22,GE)
45.132.14.56	24	RR	None	2020-05-19 00:00:00	2020-08-17 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=56,HK)
45.133.16.97	24	RR	None	2020-08-06 00:00:00	2020-11-04 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=97,RU)
45.134.145.176	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=176,HK)
45.134.168.45	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	SERVER-WEBAPP JoomlaJDatabaseDriverMysqli unserialize code execution attempt (IP=45,)
45.134.179.15	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=15,NL)
45.136.108.68	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=68,RU)
45.136.109.219	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=219,DE)
45.136.110.25	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=25,DE)
45.137.17.228	32	RB	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00142 (IP=228,GB)
45.137.18.194	24	RB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=194,GB)
45.137.19.155	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=155,UK)
45.138.110.22	32	GM	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02161 (IP=22,US)
45.138.156.0	22	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	RU TO-S-2020-0047 Malicious Email Activity
45.138.72.22	24	RB	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode - Sourcefire (IP=22,RU)
45.139.239.3	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=3,RU)
45.14.150.11	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=11,RO)
45.14.224.100	32	BMP	None	2020-06-29 00:00:00	2020-07-29 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03318 (IP=100,NL)
45.14.224.120	32	FT	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	Known Attack Tool User Agent V2 / Name : BOT: Muieblackcat - TT# 20C03984 (IP=120,NL)
45.14.224.122	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=122,)
45.14.224.131	32	BMP	None	2020-06-29 00:00:00	2020-07-29 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03320 (IP=131,NL)
45.14.224.199	32	DT	None	2020-09-15 00:00:00	2020-12-15 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT# 20C03905 (IP=199,NL)
45.14.224.66	32	RB	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C02987 (IP=66,NL)
45.14.227.120	32	DT	None	2020-06-08 00:00:00	2020-09-06 00:00:00	None	Known Attack Tool User Agent V2/HTTP: SqlMap SQL Injection -Scanning I - TT# 20C03089 (IP=120,NL)
45.141.71.198	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SQL Injection (IP=198,DE)
45.141.84.21	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=21,RU)
45.142.152.10	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=10,HK)
45.142.195.6	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=6,XX)
45.143.220.98	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP Cisco DNA Center API default login attempt - Web Attacks (IP=98,NL)
45.143.221.17	32	KF	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Immediate Inbound Network Block - TT# 20C00919 (IP=17,US)
45.143.221.35	24	BMP	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Unauthorized Access-Probe - TT# 20C01461 (IP=35,DE) | updated by BMP Block expiration extended with reason Unauthorized Access-Probe - TT# 20C01461 (IP=35,DE)
45.143.97.61	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=61,TR)
45.145.185.34	32	DT	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	USAMITCMED_IPS - TT# 20C03982 (IP=34,US)
45.145.64.101	24	KF	None	2020-07-01 00:00:00	2020-09-29 00:00:00	None	Known Attack Tool User Agent V2 / HTTP: SqlMap SQL Injection - TT# 20C03355 (IP=101,RU)
45.145.64.102	24	DT	None	2020-06-23 00:00:00	2020-09-21 00:00:00	None	HTTP: Blind SQL Injection - Exploit - Web Attacks (IP=102,RU)
45.145.65.225	32	RW	None	2020-07-18 00:00:00	2020-08-18 00:00:00	None	Possible SQLi attempt/HTTP: SqlMap SQL Injection - Scanning I - TT# 20C03493 (IP=225,RU)
45.145.65.226	32	BMP	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	Known Attack Tool User Agent V2 / HTTP: SqlMap SQL Injection - Scanning I - TT# 20C03521 (IP=266,RU)
45.145.65.227	32	RR	None	2020-07-18 00:00:00	2020-10-16 00:00:00	None	Possible SQLi attempt - TT# 20C03497 (IP=227,RU)
45.145.67.121	32	DT	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	Known Attack Tool User Agent V2/HTTP: SqlMap SQL Injection - Scanning I - TT# 20C03539 (IP=121,RU)
45.145.81.17	24	RW	None	2020-08-09 00:00:00	2020-11-09 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=17,UK)
45.146.164.186	24	RW	None	2020-09-14 00:00:00	2020-12-15 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=186,UK) | updated by DT Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=186,GB)
45.147.198.206	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
45.148.10.180	32	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C00478 (IP=180,AD)
45.148.10.187	32	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C01510 (IP=187,AD)
45.148.10.194	24	CR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	DLINK Command Injection - New Exploit URL (IP=194,NL)
45.148.10.83	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	Unauthorized Access-Probe - TT# 20C03004 (IP=83,AD)
45.148.10.83	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	Unauthorized Access-Probe - TT# 20C03004 (IP=83,AD)
45.148.120.14	32	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - 20C01661 (IP=14,US)
45.148.122.13	32	RB	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C04014 (IP=13,NL)
45.148.122.138	24	GM	None	2020-05-25 00:00:00	2020-08-25 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=138,NL)
45.148.122.175	32	DT	None	2020-09-11 00:00:00	2020-12-11 00:00:00	None	Unauthorized Access Probe/ UDP: Host Sweep - TT# 20C03879 (IP=175,NL)
45.149.206.194	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=194,XX)
45.15.10.37	24	FT	None	2020-08-03 00:00:00	2020-11-01 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - sourcefire (IP=37,DE)
45.15.11.14	24	RR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=14,HK)
45.151.254.234	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=234,US)
45.152.182.135	32	RW	None	2020-03-20 00:00:00	2020-04-20 00:00:00	None	Possible SQLi attempt / HTTP: Blind SQL Injection - Timing - TT# 20C00987(IP=135,US)
45.152.182.138	32	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt - SourceFire (IP=138,US)
45.152.6.58	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=58,US)
45.153.203.110	32	BMP	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	SQL generic convert injection attempt - GET parameter - SourceFire (IP=110,US)
45.153.242.26	24	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt - Web Attacks (IP=26,DE)
45.157.120.120	24	CR	None	2020-05-26 00:00:00	2020-08-26 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Sourcefire (IP=120,US)
45.157.138.188	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=188,GI)
45.157.138.195	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=195,GI)
45.157.138.250	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=250,GI)
45.157.151.29	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	BOT: Mirai Echobot Activity Detected - TT# 020420-00052 (IP=29,IR)
45.159.196.16	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=16,IR)
45.161.255.211	24	BMP	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - TT# 20C01955 (IP=211,BR)
45.161.43.209	32	KF	None	2020-03-08 00:00:00	2020-06-06 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02060 (IP=209,US)
45.162.228.58	24	RR	None	2019-05-09 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37077:4) - SourceFire (IP=58,BR) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=125,BR)
45.167.158.123	24	BMP	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=123,MX)
45.167.250.19	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=19,CO)
45.167.64.212	24	RB	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=212 BR)
45.167.64.223	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=223,BR)
45.167.65.250	24	GM	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=250,BR)
45.168.34.213	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Illegal user - Failed Logon (IP=213,BR)
45.170.199.244	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=244,BR)
45.173.120.13	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=13,CL)
45.175.159.33	32	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent - TT# 20C02025 (IP=33,US)
45.175.173.11	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=11,BR)
45.176.240.44	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	UDP: Host Sweep (IP=44,BR)
45.180.73.42	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	Known Attack Tool User Agent - TT# 20C01891 (IP=42,BR)
45.186.90.76	32	RW	None	2020-03-10 00:00:00	2020-04-10 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02113 (IP=76,BR)
45.192.115.21	24	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=21,ZA)
45.192.164.146	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Command Injection Attempt (IP=146,no ISC data)
45.192.181.24	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=24,ZA)
45.192.27.68	32	RW	None	2020-02-05 00:00:00	2020-03-05 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01610(IP=68,HK)
45.195.203.210	24	wmp	None	2018-11-28 06:00:00	2020-01-03 00:00:00	None	authentication bypass vulnerability (IP=210,JP) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=140,HK)
45.197.68.70	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=70,ZA)
45.199.109.122	32	RR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=122,US)
45.199.110.144	32	BMP	None	2019-12-30 00:00:00	2020-01-29 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01291 (IP=144,US)
45.199.111.137	24	CR	None	2018-12-11 06:00:00	2020-02-24 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=137,HK) | updated by RR with reason OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=40,HK)
45.199.76.7	32	RR	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=7,US)
45.199.76.7	24	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=7,HK)
45.204.14.136	24	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=136,HK)
45.204.8.244	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=244,HK)
45.207.21.56	24	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=56,ZA)
45.207.30.48	24	DT	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=48,HK)
45.216.0.0	14	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	MA TO-S-2019-0409 Malicious Web Application Activity
45.220.84.13	24	RR	None	None	2020-06-28 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=13,SC) | updated by RR Block expiration extended with reason Web- ARCSight Sauron (HTTP) Attacks- ARCSight Sauron (IP=13,US)
45.227.253.249	24	ABC	None	2018-04-07 05:00:00	2020-03-10 00:00:00	None	Generic ArcSight scan attempt (IP=249 XX) | updated by CR with reason OS-WINDOWS Microsoft Windows Terminal server RDP over n | updated by GM with reason SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=62,PA)
45.227.253.58	24	KF	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Known Attack Tool User Agent/HTTP: SqlMap SQL - TT# 20C01750 (IP=58,PA)
45.227.253.62	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	HTTP: SQL Injection - Exploit (IP=62,PN)
45.227.254.30	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=30,ZZ)
45.227.255.149	32	RB	None	2020-02-12 00:00:00	2020-10-11 00:00:00	None	Known Attack Tool User Agent / HTTP: SqlMap SQL Injection - Scanning I - TT# 20C01715 (IP=149,PA) | updated by GM Block was inactive. Reactivated on 20200711 with reason Possible SQLi attempt /HTTP: SqlMap SQL Injection - Scanning I - TT# 20C03420 (IP=1
45.227.255.149	32	RB	None	2020-02-12 00:00:00	2020-10-11 00:00:00	None	Known Attack Tool User Agent / HTTP: SqlMap SQL Injection - Scanning I - TT# 20C01715 (IP=149,PA) | updated by GM Block was inactive. Reactivated on 20200711 with reason Possible SQLi attempt /HTTP: SqlMap SQL Injection - Scanning I - TT# 20C03420 (IP=1
45.227.255.149	32	RB	None	2020-02-12 00:00:00	2020-10-11 00:00:00	None	Known Attack Tool User Agent / HTTP: SqlMap SQL Injection - Scanning I - TT# 20C01715 (IP=149,PA) | updated by GM Block was inactive. Reactivated on 20200711 with reason Possible SQLi attempt /HTTP: SqlMap SQL Injection - Scanning I - TT# 20C03420 (IP=1
45.227.255.227	32	RR	None	2020-05-19 00:00:00	2020-08-17 00:00:00	None	Known - TT# 20C02849 (IP=227,PA)
45.227.255.37	24	RB	None	2018-08-16 05:00:00	2020-01-15 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (IP=37,PA) | updated by dlb with reason PA TO-S-2018-1080 malwar | updated by RR with reason Generic ArcSight scan attempt (IP=149,NL)
45.227.255.58	24	KF	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	Known Attack Tool User Agent/HTTP: SqlMap SQL Injection - TT# 20C01761 (IP=58,PA)
45.227.77.100	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=0,BR)
45.228.101.185	24	CR	None	2020-04-04 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=185,BR)
45.228.213.152	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=152,BR)
45.228.215.140	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=140,BR)
45.228.253.210	32	GM	None	2020-03-08 00:00:00	2020-06-08 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02069 (IP=210,US)
45.229.154.123	24	CR	None	2020-03-01 00:00:00	2020-06-01 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C01915 (IP=123,BR)
45.230.32.221	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=221,BR)
45.231.184.224	24	CR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	FTPP_FTP_RESPONSE_LENGTH_OVERFLOW - Sourcefire (IP=224,CO)
45.233.10.222	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=222,BR)
45.233.51.145	32	GM	None	2020-03-08 00:00:00	2020-06-08 00:00:00	None	Known Attack Tool User Agent - TT# 20C02073 (IP=145,US)
45.234.61.242	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=242,VE)
45.234.62.3	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=3,VE)
45.235.120.0	22	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	PY TO-S-2019-0972 Malicious Web Application Activity
45.235.86.21	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password (IP=21,)
45.236.105.83	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logon (IP=83,EC)
45.237.237.63	24	BMP	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01873 (IP=63,BE)
45.237.7.238	24	RW	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt - 6hr web attacks (IP=238,BR)
45.238.244.8	24	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - Web Attacks (IP=8,BR)
45.243.153.61	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
45.248.157.215	32	wmp	None	2020-10-01 00:00:00	2020-12-30 00:00:00	None	HIVE Case #4029 Palo Alto IDS Vulnerability Events (IP=215,IN)
45.248.236.51	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Failed password for invalid user - Failed Logons (IP=51,CN)
45.248.67.36	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=36,IN)
45.248.68.101	24	RW	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	SQL Injection (IP=101,HK)
45.248.69.35	24	KF	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=35,HK)
45.248.71.234	24	KF	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=234,HK)
45.248.71.234	24	KF	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=234,HK)
45.248.84.155	24	EDBT	None	2017-10-15 05:00:00	2020-01-04 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=155,CN) | updated by JKC with reason PHP AK47 injection attack (IP=229, C | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=143 CN) | 2020-01-04 |
45.249.171.130	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Generic ArcSight scan attempt (IP=130,IN)
45.249.245.182	24	ABC	None	2018-02-24 06:00:00	2020-02-16 00:00:00	None	Generic ArcSight scan attempt (IP=182 CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=151,HK)
45.249.247.18	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=18,XX)
45.249.94.97	24	RW	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=97,CN)
45.250.40.230	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=230,CN)
45.250.64.0	22	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IN TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason IN TO-S-2020-0212.01 Malicious Email Activity
45.250.66.0	24	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	IN TO-S-2020-0187 Malicious Email Activity
45.251.241.0	24	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	CN TO-S-2019-0577 Malware Activity
45.252.248.22	24	MLJ	None	2018-03-21 05:00:00	2020-02-04 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=22,VN) | updated by RB with reason SQL 1 = 1 - possible sql injection attempt
45.252.60.0	22	dcg	None	2018-08-02 05:00:00	2020-01-19 00:00:00	None	HK TO-S-2018-0991 associated with malicious web application and malware activity | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=242,HK)
45.254.26.0	24	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	CN TO-S-2019-0468 Malicious Email Activity
45.27.247.144	32	KF	None	2019-12-11 00:00:00	2020-03-10 00:00:00	None	SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt (IP=144,US)
45.3.194.11	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=11,US)
45.32.100.62	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	SG TO-S-2019-0617 Malware Activity
45.32.107.90	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	SG TO-S-2020-0187 Malicious Email Activity
45.32.11.71	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	JP TO-S-2020-0056 Malware Activity
45.32.119.74	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	SG TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason SG TO-S-2020-0212.01 Malware Activity
45.32.141.174	32	GM	None	2019-08-26 00:00:00	2020-09-02 00:00:00	None	TO-S-2019-0940 / VPN Probe - 19C03016 (IP=174,US) | updated by dbc with reason US TO-S-2019-0952 Malicious Reconnaissance Activity
45.32.151.155	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	FR TO-S-2020-0109.01 Malicious Email Activity
45.32.152.160	24	djs	None	2016-06-12 05:00:00	2020-03-18 00:00:00	None	SSH scans (ip=160,DE) | updated by dbc with reason DE TO-S-2019-0508 Malware Activity
45.32.155.184	24	RR	None	2018-05-18 05:00:00	2020-03-18 00:00:00	None	ET SCAN Potential SSH Scan (IP=184,DE) | updated by dbc with reason DE TO-S-2019-0508 Malware Activity
45.32.155.245	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malicious Web Application Activity
45.32.170.147	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malicious Email Activity
45.32.176.180	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	GB TO-S-2019-0430 Malicious Web Application Activity
45.32.177.161	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	GB TO-S-2019-0508 Malware Activity
45.32.179.144	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	GB TO-S-2019-1036 Malware Activity
45.32.179.206	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	GB TO-S-2019-0769 Malware Activity
45.32.179.61	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	GB TO-S-2019-0577 Malware Activity
45.32.192.236	32	RW	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (IP=236,US)
45.32.21.118	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	JP TO-S-2020-0056 Malware Activity
45.32.227.199	32	RB	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C00451 (IP=199,US)
45.32.241.232	24	GM	None	2017-08-01 05:00:00	2020-02-15 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C (232,UA) | updated by dbc with reason AU TO-S-2019-0409 Malware Act
45.32.242.252	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	AU TO-S-2019-0577 Malware Activity
45.32.248.246	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	JP TO-S-2019-0577 Malware Activity
45.32.28.219	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=219,JP)
45.32.5.197	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=197,US)
45.32.53.163	32	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	JP TO-S-2020-0077 Malicious Web Application
45.32.54.50	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	JP TO-S-2020-0056 Malware Activity
45.32.87.51	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
45.33.1.223	32	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=223,US)
45.33.101.196	32	CR	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=196,US)
45.33.21.10	32	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6hr Web Attacks (IP=10,US)
45.33.243.46	32	RR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=46,US)
45.33.30.245	32	RW	None	2020-05-13 00:00:00	2020-08-13 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=245,US)
45.33.41.5	32	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=5,US)
45.33.49.124	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
45.33.69.235	32	DT	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=235,US)
45.33.78.145	32	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C03003 and TT# 20C03005 (IP=145,US)
45.33.79.219	32	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=219,US)
45.33.8.176	32	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=176,US)
45.34.79.108	18	djs	None	2015-12-29 06:00:00	2020-02-15 00:00:00	None	mySQL port 3306 (ip=108,CN) | updated by dbc with reason Unaffiliated TO-S-2019-0409 Malware Activity
45.35.221.55	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=55,US)
45.35.32.23	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
45.35.4.123	32	KF	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	Immediate Inbound Network Block - TT# 20C01259 (IP=123,US)
45.4.180.0	22	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	BR TO-S-2020-0012 Malware Activity
45.40.135.135	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=135,US)
45.40.143.148	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
45.40.144.200	32	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - Sourcefire (IP=200,US)
45.40.164.140	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
45.40.165.16	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=16,US)
45.40.165.7	24	RR	None	2018-03-26 05:00:00	2020-03-29 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=7,IN) | updated by dbc with reason US TO-S-2019-0551.02 Malicious Email Activi
45.40.166.11	32	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=11,US)
45.40.166.19	32	RW	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=19,US)
45.40.166.22	32	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	SQL HTTP URI blind injection attempt_12 hr web attacks (IP=22,US)
45.40.166.25	32	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=25,US)
45.40.166.27	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=27,US)
45.40.166.32	32	RR	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Immediate Inbound Network Block - TT# 20C01077 (IP=32,US)
45.40.166.38	32	BMP	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6hr Web Attacks (IP=38,US)
45.40.166.39	32	BMP	None	2020-01-31 00:00:00	2020-09-29 00:00:00	None	SQL HTTP URI blind injection attempt - SourceFire (IP=39,US) | updated by KF Block was inactive. Reactivated on 20200701 with reason HTTP: SQL Injection - Exploit II - Web Attacks (IP=39,US)
45.40.166.5	32	BMP	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	SQL use of sleep function with and - likely SQL injection - SourceFire (IP=5,US)
45.40.182.129	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
45.40.183.1	32	wmp	None	2019-01-25 00:00:00	2020-04-08 00:00:00	None	Doc.Malware.Dkvn (IP=1,US) | updated by dbc with reason US TO-S-2019-0577 Malicious Email Activity
45.40.192.201	24	RR	None	2018-08-23 05:00:00	2020-01-19 00:00:00	None	Illegal user (IP=201,CN) | updated by JKC with reason WPC REGIONAL Fireeye multiple alerts MPS (IP=150, NZ) | updated by KF with reason HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=150,)
45.40.194.129	32	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password (IP=129,US)
45.40.194.129	32	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password (IP=129,US)
45.40.195.201	24	RB	None	2018-05-12 05:00:00	2020-01-08 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=201 CN) | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=23,US)
45.40.196.55	24	CR	None	2018-07-03 05:00:00	2020-01-11 00:00:00	None	Illegal user (IP=55,CN) | updated by GLM with reason Illegal user (IP=55,CN) | updated by ABC with reason Command Injection Attempt (IP=167,CN)
45.40.204.236	24	CR	None	2018-12-11 06:00:00	2020-01-10 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=236,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=206,CN)
45.40.207.195	24	RR	None	2019-03-24 00:00:00	2020-01-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=195,CN) | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=195 CN) | 2020-01-04 | 2019-06-22
45.40.241.103	24	RR	None	2020-04-19 00:00:00	2020-07-18 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=103,CN)
45.40.244.197	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=197,CN)
45.41.132.45	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	US TO-S-2019-0613 Malware Activity
45.41.134.194	32	RB	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	8316 HTTP Cross Site Scripting (String.fromCharCode) - TT# 20C02986 (IP=194,US)
45.41.138.111	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	DE TO-S-2020-0187 Malicious Email Activity
45.43.18.112	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=112,US)
45.43.29.52	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=52,US)
45.43.50.42	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	PH TO-S-2019-0382 Malicious Web Application Activity
45.5.119.123	32	BMP	None	2020-04-03 00:00:00	2020-06-03 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 020420-00080 (IP=123,GT)
45.5.196.46	24	KF	None	2020-03-09 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent - TT# 20C02083 (IP=46,BR)
45.5.36.84	24	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=84,BR)
45.5.37.140	24	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=140,BR)
45.55.15.228	24	JKC	None	2016-10-08 05:00:00	2020-03-06 00:00:00	None	ET POLICY Suspicious inbound to PostgreSQL port 5432 (IP=228, US) | updated by RR with reason ET SCAN Rapid POP3S Connections | updated by GM with reason Failed password - Failed Logons (IP=134,US)
45.55.158.8	32	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Invalid user - Failed Logon (IP=8,US)
45.55.173.117	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=117,US)
45.55.176.173	32	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=173,US)
45.55.188.133	32	RB	None	2019-01-18 00:00:00	2020-02-24 00:00:00	None	Failed password for invalid user (IP=133,US) | updated by BP Block was inactive. Reactivated on 20191126 with reason Failed password - 6hr Logon (IP=133,US)
45.55.208.5	32	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	SERVER-WEBAPP Webmin password_change command injection attempt - Web Attacks (IP=5,US)
45.55.213.131	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
45.55.222.162	32	RWB	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Invalid - Failed Logon (IP=,US) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=162,US)
45.55.225.152	32	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	Invalid user - Failed Logons (IP=152,US)
45.55.242.99	32	DT	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - Sourcefire (IP=99,US)
45.55.243.124	32	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Failed password - 6hr Logons (IP=124,US)
45.55.34.91	32	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	TCP: SYN Host Sweep (IP=91,US)
45.55.38.39	32	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Invalid user - 6hr Logon (IP=39,US)
45.55.55.17	32	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	UDP: Host Sweep (IP=17,US)
45.55.62.60	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C00060 (IP=60,US)
45.56.100.50	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
45.56.103.221	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	US TO-S-2019-0608 Malicious Email Activity
45.56.109.165	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=165,US)
45.56.64.158	32	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=158,US)
45.56.73.74	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malicious Email Activity
45.56.77.130	32	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=130,US)
45.56.80.187	32	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=187,US)
45.56.84.25	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=25,US)
45.56.84.79	32	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=79,US)
45.56.91.118	32	nab	None	2020-09-25 00:00:00	2020-12-25 00:00:00	None	HIVE Case #3870 CTR-20-1156 Network scanning (IP=118,US)
45.56.93.134	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	Unaffiliated TO-S-2019-0640.01 Malware Activity
45.58.125.72	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=72,XX)
45.58.135.130	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	NL TO-S-2019-1002 Malware Activity
45.58.138.178	32	DT	None	2020-06-23 00:00:00	2020-09-21 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03268 (IP=178,NL)
45.58.142.37	32	GM	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=37,US)
45.58.143.38	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	NL TO-S-2020-0190 Malicious Email Activity
45.58.146.42	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=42,NL)
45.58.148.50	32	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Unauthorized Access-Probe - TT# 20C01742 (IP=50,US)
45.58.44.253	32	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=253,US)
45.6.120.0	22	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BR TO-S-2019-0409 Malicious Email Activity
45.6.76.58	24	GM	None	2019-05-27 00:00:00	2020-06-12 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=58,BR) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=58,BR) | updated by KF Bl
45.60.14.148	32	dbc	None	2019-01-15 06:00:00	2020-01-15 06:00:00	None	US TO-S-2019-0321 Malware Activity
45.60.22.79	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
45.60.44.172	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=172,US)
45.60.98.180	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
45.60.98.188	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malware Activity
45.60.98.79	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
45.61.49.163	32	BP	None	2019-12-13 00:00:00	2020-01-12 00:00:00	None	Known Attack Tool User Agent/BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C01159 (IP=163,US)
45.62.253.213	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
45.62.52.42	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malware Activity
45.62.52.7	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malware Activity
45.62.98.112	32	dbc	None	2019-02-27 00:00:00	2020-02-27 00:00:00	None	US TO-S-2019-0444 Malicious Reconnaissance Activity
45.63.116.228	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DE TO-S-2020-0056 Malware Activity
45.63.117.4	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	DE TO-S-2020-0190 Malware Activity
45.63.119.252	24	RR	None	2017-10-28 05:00:00	2020-03-12 00:00:00	None	ET SCAN Potential SSH Scan (IP=252,DE) | updated by dbc with reason DE TO-S-2019-0488 Malware Activity
45.63.124.162	24	bob	None	2016-10-05 05:00:00	2020-05-01 00:00:00	None	JP TO-S-2016-1185 IP associated with intrusion set activity | updated by KW with reason TIPPR CTR-18-746 (ip=65, JP) | upda | updated by dbc with reason JP TO-S-2019-0634 Malicious Web Application Activity
45.63.41.207	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=207,NL)
45.63.69.224	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malware Activity
45.63.77.224	32	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Known Attack Tool User Agent/ UDS-Paros_RC8766 - 20C01551 (IP=224,US)
45.64.1.108	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=108,ID)
45.64.1.108	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=108,ID)
45.64.1.108	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=108,IN)
45.64.1.9	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password_6 hr Failed Logons_CPC (IP=9 ID)
45.64.104.0	22	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	IN TO-S-2020-0190 Malicious Email Activity
45.64.160.178	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - 6hr Logons (IP=178,NP)
45.64.187.172	24	BMP	None	2020-05-02 00:00:00	2020-08-01 00:00:00	None	SQL HTTP URI blind injection attempt - SourceFire (IP=172,TH) | updated by KF Block expiration extended with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=172,TH)
45.64.190.66	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=66,IN)
45.64.53.46	24	RR	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=46,HK)
45.64.54.216	24	GM	None	2020-05-19 00:00:00	2020-08-19 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=216,HK)
45.64.75.245	32	RB	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01680 (IP=245,HK)
45.64.99.0	24	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	ID TO-S-2019-0631 Malicious Email Activity
45.64.99.86	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=86,ID)
45.66.135.59	32	KF	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	8316 HTTP Cross Site Scripting (String.fromCharCode) - TT# 20C03104 (IP=59,JP)
45.66.157.113	24	RB HTTP:	None	2020-04-27 00:00:00	2020-07-26 00:00:00	None	ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=113,RU)
45.66.191.42	24	GM	None	2020-03-11 00:00:00	2020-06-11 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=42,NL)
45.67.231.96	32	RB	None	2020-06-22 00:00:00	2020-09-20 00:00:00	None	Known Attack Tool User Agent V2/ 20086 HTTP Muieblackcat Security Scanner - TT# 20C03254 (IP=96,NL)
45.70.167.248	24	RB	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	Failed password_6 hr Failed Logons (IP=248,BR)
45.72.3.130	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
45.73.12.218	24	KF	None	2019-01-20 00:00:00	2020-02-05 00:00:00	None	Illegal user (IP=218,) | updated by RWB Block was inactive. Reactivated on 20191105 with reason Failed password - Failed Logon (IP=,CD) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=218,CA)
45.74.216.157	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=157,CA) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
45.74.36.105	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Reconnaissance Activity
45.74.36.118	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Reconnaissance Activity
45.74.36.20	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Reconnaissance Activity
45.74.36.86	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Reconnaissance Activity
45.74.36.90	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Reconnaissance Activity
45.74.36.91	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Reconnaissance Activity
45.74.36.97	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0382 Malicious Web Application Activity
45.76.0.183	32	KF	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=183,US)
45.76.107.102	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	JP TO-S-2020-0056 Malware Activity
45.76.107.53	32	dbc	None	2019-02-27 00:00:00	2020-02-27 00:00:00	None	JP TO-S-2019-0444 Malicious Reconnaissance Activity
45.76.113.195	24	RB	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Hive Case 1120 - Trojan.Ramnit (IP=195,AU)
45.76.116.88	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AU TO-S-2020-0109.01 Malicious Web Application Activity
45.76.125.100	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	AU TO-S-2019-0577 Malicious Email Activity
45.76.130.230	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	GB TO-S-2020-0109.01 Malicious Web Application Activity
45.76.136.88	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	GB TO-S-2020-0109.01 Malicious Web Application Activity
45.76.137.102	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	GB TO-S-2020-0190 Malware Activity
45.76.138.154	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	GB TO-S-2019-0508 Malware Activity
45.76.139.130	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	GB TO-S-2020-0088 Malicious Web Application Activity
45.76.144.105	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	SG TO-S-2020-0056 Malware Activity
45.76.149.86	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	SG TO-S-2019-0926 Malicious Email Activity
45.76.161.218	32	RR	None	2020-08-06 00:00:00	2020-11-04 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=218,US)
45.76.161.218	24	GM	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=218,SG)
45.76.175.65	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
45.76.185.151	24	RW	None	2020-06-05 00:00:00	2020-09-05 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - Sourcefire (IP=151,SG)
45.76.191.214	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
45.76.205.217	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	JP TO-S-2019-0577 Malware Activity
45.76.209.2	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	SQL Injection,Command Injection (IP=2,US)
45.76.211.18	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	JP TO-S-2019-0430 Malicious Web Application Activity
45.76.212.103	24	KF	None	2020-03-19 00:00:00	2020-06-17 00:00:00	None	Known Attack Tool User Agent /
45.76.219.62	24	BMP	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=62,JP)
45.76.220.203	24	KF	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	Known Attack Tool User Agent - TT# 20C02173 (IP=203,JP)
45.76.223.177	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	JP TO-S-2019-0604 Malware Activity
45.76.249.110	32	wmp	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=110,US)
45.76.30.127	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malware Activity
45.76.44.206	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	FR TO-S-2020-0056 Malware Activity
45.76.45.6	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	FR TO-S-2020-0088 Malicious Web Application Activity
45.76.47.178	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	FR TO-S-2020-0047 Malicious Email Activity
45.76.52.176	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	JP TO-S-2019-0816 Malicious Email Activity
45.76.53.26	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	JP TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason JP TO-S-2020-0212.01 Malicious Web Application Activity
45.76.82.54	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	DE TO-S-2019-0816 Malicious Email Activity
45.76.83.44	32	dbc	None	2019-01-30 00:00:00	2020-01-30 00:00:00	None	DE TO-S-2019-0370 Malware Activity
45.76.86.106	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Web Application Activity
45.76.90.43	24	RW	None	2020-09-16 00:00:00	2020-12-16 00:00:00	None	SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt - Sourcefire (IP=43,DE)
45.76.95.243	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	PL TO-S-2020-0047 Malicious Email Activity
45.76.97.253	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	JP TO-S-2019-0831 Malicious Email Activity
45.77.121.164	32	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=164,US)
45.77.128.225	24	RR	None	2020-03-13 00:00:00	2020-06-11 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=225,JP)
45.77.13.160	24	RB	None	2017-11-10 06:00:00	2020-02-21 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=160,JP) | updated by dbc with reason JP TO-S-2019-0430 Malicious Web Appl
45.77.130.12	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	JP TO-S-2019-0382 Malicious Email Activity
45.77.134.195	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	JP TO-S-2019-0577 Malware Activity
45.77.137.105	24	RR	None	2018-03-13 05:00:00	2020-04-26 00:00:00	None	ET SCAN Potential SSH Scan (IP=105,NL) | updated by dbc with reason NL TO-S-2019-0626.01 Malware Activity
45.77.139.55	24	DT	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - SourceFire (IP=55,NL)
45.77.141.231	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	DE TO-S-2020-0088 Malicious Web Application Activity
45.77.173.81	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	SG TO-S-2019-0577 Malware Activity
45.77.173.92	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=92,SG)
45.77.175.182	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	SG TO-S-2019-0723 Malicious Email Activity
45.77.180.47	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	JP TO-S-2019-0577 Malware Activity
45.77.181.97	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	JP TO-S-2020-0056 Malware Activity
45.77.212.170	32	KF	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=170,US)
45.77.218.196	32	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=196,US)
45.77.226.96	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	FR TO-S-2020-0190 Malware Activity
45.77.234.156	32	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=156,US)
45.77.237.242	32	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=242,US)
45.77.241.162	24	RR	None	2018-05-11 05:00:00	2020-03-25 00:00:00	None	ET SCAN Suspicious inbound to PostgreSQL port 5432 (IP=162,SG) | updated by CW with reason SQL 1 = 1 - possible sql injection attempt_SourceFire (IP=20,SG)
45.77.243.111	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password_6 hr Failed Logons (IP=111,SG)
45.77.244.202	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	SG TO-S-2020-0056 Malware Activity
45.77.245.165	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	SG TO-S-2019-1036 Malicious Web Application Activity
45.77.255.22	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	SG TO-S-2020-0056 Malware Activity
45.77.53.219	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	FR TO-S-2020-0190 Malware Activity
45.77.54.231	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	DE TO-S-2020-0190 Malware Activity
45.77.55.210	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=210,DE)
45.77.60.185	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	FR TO-S-2019-0604 Malicious Email Activity
45.77.62.139	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	FR TO-S-2019-0358 Malicious Web Application Activity
45.77.63.50	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	FR TO-S-2020-0190 Malware Activity
45.77.65.81	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Web Application Activity
45.77.85.84	32	BMP	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=84,US)
45.77.89.249	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	GB TO-S-2020-0088 Malicious Web Application Activity
45.78.79.100	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malicious Web Application Activity
45.79.105.216	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=216,US)
45.79.112.220	32	GM	None	2020-03-11 00:00:00	2020-06-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=220,US)
45.79.114.194	32	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=194,US)
45.79.114.228	32	DT	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C02878 (IP=228,US)
45.79.121.87	24	RR	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=87,US)
45.79.121.87	32	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- ARCSight Sauron (IP=87,US)
45.79.152.7	32	GLM	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	ABC Generic ArcSight scan attempt (IP=7,US)
45.79.163.63	32	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=63,US)
45.79.18.200	32	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt (IP=200,US)
45.79.183.66	32	BMP	None	2020-06-05 00:00:00	2020-09-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=66,US)
45.79.189.136	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
45.79.205.182	32	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=182,US)
45.79.205.30	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	Unaffiliated TO-S-2019-0610 Malicious Email Activity
45.79.210.65	32	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	Phish.URL.Emotet (IP=65 US)
45.79.214.35	32	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=35,US)
45.79.218.5	32	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=5,US)
45.79.26.123	32	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=123,US)
45.79.29.11	32	RR	None	2020-05-19 00:00:00	2020-08-17 00:00:00	None	INDICATOR - TT# 20C02846 (IP=11,US)
45.79.34.124	32	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=124,US)
45.79.40.81	32	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=81,US)
45.79.41.233	32	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=233,US)
45.79.42.105	32	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=105,US)
45.79.48.151	32	GM	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	ABC Generic ArcSight scan attempt (IP=151,US)
45.79.49.165	24	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=165,XX)
45.79.5.194	32	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	OS-WINDOWS Microsoft Windows DNSAPI remote code execution attempt - SourceFire (IP=194,US)
45.79.50.217	32	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	SERVER-WEBAPP Oracle e-Business Suite HR_UTIL_DISP_WEB SQL injection attempt - Web Attacks (IP=217,US)
45.79.54.243	32	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=243,US)
45.79.58.62	32	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=62,US)
45.79.69.71	32	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=71,US)
45.79.70.33	32	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=33,US)
45.79.73.163	32	RB	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	HTTP: PHP File Inclusion Vulnerability (CVE-2019-16759) - TT# 20C03086 (IP=163,US)
45.79.74.52	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	AU TO-S-2019-0608 Malware Activity
45.79.77.87	24	RW	None	2020-07-01 00:00:00	2020-10-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=87,US)
45.79.93.77	32	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=77,US)
45.79.95.22	32	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=22,US)
45.80.173.8	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Failed password - Failed Logons (IP=8,TR)
45.80.65.82	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=82,RU)
45.82.152.0	22	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	RU TO-S-2020-0031 Malicious Email Activity
45.83.237.24	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=24,HK)
45.83.254.66	32	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and CVE-2017-12617) - TT# 20C03034 (IP=66,HK)
45.83.29.122	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=122,XX)
45.84.196.66	32	FT	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic - TT# 20C03830 (IP=66,US)
45.84.196.66	24	RW	None	2020-09-04 00:00:00	2020-12-04 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat - Sourcefire (IP=66,EU)
45.84.196.73	32	RR	None	2020-07-26 00:00:00	2020-10-24 00:00:00	None	Known Attack Tool User Agent V2/BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C03567 (IP=73,DE)
45.86.203.17	32	DT	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	Signature: Pulse VPN exploit attempts / IP block - TT# 20C02795 (IP=17,DE)
45.87.80.213	24	RW	None	2020-04-17 00:00:00	2020-07-18 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=213,NL)
45.88.110.27	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Illegal user - 6hr Logon (IP=27,DE)
45.88.12.194	24	BP	None	2019-12-03 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=194,GE) | updated by BP Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=1
45.88.13.226	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=226,HK)
45.88.40.174	24	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=174,US)
45.9.148.124	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=124,NL)
45.90.56.0	22	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,BG)
45.93.67.194	24	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	TCP: SYN Host Sweep (IP=194,NL)
45.94.157.218	32	RB	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03222 (IP=218,UA)
45.95.168.210	24	KF	None	2020-06-29 00:00:00	2020-09-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03309 (IP=210,HR)
45.95.168.228	32	RW	None	2020-06-12 00:00:00	2020-07-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03146 (IP=228,HR)
45.95.168.230	24	RR	None	2020-07-29 00:00:00	2020-10-28 00:00:00	None	New DLINK Command Injection Exploit Host Detected (CVE-2020-5722) - Web Attacks (IP=230,HR)
45.95.168.254	32	KF	None	2020-05-23 00:00:00	2020-08-21 00:00:00	None	Unauthorized Access-Probe - TT# 20C02896 (IP=254,US)
46.101.0.118	24	KF	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C02683 (IP=118,GB)
46.101.150.160	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=160,DE)
46.101.171.183	32	GM	None	2020-03-05 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent/TTP: Masscan Scanner Traffic Detected - TT# 20C01989 (IP=183,US)
46.101.241.126	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	DE TO-S-2019-0952 Malware Activity
46.101.250.202	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	DE TO-S-2019-0358 Malicious Web Application Activity
46.101.92.2	24	BMP	None	2020-03-04 00:00:00	2020-06-03 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - SourceFire (IP=2,GB) | updated by RR Block expiration extended with reason MALWARE-CNC known malicious SSL certificate - Odinaff C&C - SourceFire (IP=2,GB)
46.102.249.221	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=221,RO)
46.105.112.67	24	RR	None	2020-03-13 00:00:00	2020-06-11 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=67,FR)
46.105.122.62	32	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - 6hr Failed Logon (IP=62,FR) | updated by RW Block was inactive. Reactivated on 20191015 with reason Illegal user - 6hr Failed Logon (IP=62,FR)
46.105.124.52	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=52,FR)
46.105.130.242	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	UDP: Host Sweep (IP=242,FR)
46.105.211.42	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	TCP: SYN Host Sweep (IP=42,FR)
46.105.29.160	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=160,FR)
46.105.31.249	24	RR	None	2018-12-20 06:00:00	2020-02-13 00:00:00	None	Failed password for invalid user (IP=249,FR) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=249,IE)
46.107.74.251	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_failed Logon (IP=51,HU)
46.116.200.237	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=237,)
46.127.9.168	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Illegal User_Failed Logon (IP=68,CH)
46.135.225.182	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability (IP=182,CZ)
46.141.113.53	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=53,IT)
46.141.14.60	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=60,IT)
46.146.0.0	15	dcg	None	2018-05-24 05:00:00	2020-01-09 00:00:00	None	RU TO-S-2018-0786 Malicious web application activity | updated by KF with reason Illegal user (IP=23,RU) | updated by GM with reason SERVER-WEBAPP Netgear DGN1000 series
46.148.114.47	24	RW	None	2020-03-10 00:00:00	2020-06-10 00:00:00	None	Malicious IP - Hive Case #2191 (IP=47,NL)
46.148.20.25	24	CR	None	2017-09-17 05:00:00	2020-02-02 00:00:00	None	ET SCAN Potential SSH Scan (IP=25,UA) | updated by KF with reason Illegal user (IP=25,LT) | updated by KF with reason Generic ArcSight scan attempt (IP=25,XX)
46.148.205.2	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=2,RU)
46.148.21.32	24	RR	None	2017-12-27 06:00:00	2020-01-07 00:00:00	None	Illegal user (IP=32,LT) | updated by KF with reason Illegal user (IP=32,LT) | updated by RW Block was inactive. Reactivated on 20191007 with reason Illegal user - 6hr Failed Logon(IP=32,UA) | updated by GM Block was inactive. Reactivated on 20191007
46.148.26.43	24	EDBT	None	2017-07-10 05:00:00	2020-01-29 00:00:00	None	ET SCAN Potential SSH Scan (IP=43,UA ) | updated by GM with reason ABC Generic ArcSight scan attempt (IP=86,UA)
46.150.160.213	24	EDBT	None	2018-04-01 05:00:00	2020-03-29 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=213,RU) | updated by dbc with reason RU TO-S-2019-0
46.150.252.18	24	KF	None	2020-06-16 00:00:00	2020-09-13 00:00:00	None	Possible SQLi attempt/HTTP: SqlMap SQL Injection - Scanning I - TT# 20C03182 (IP=18,RU)
46.150.5.137	24	RW	None	2020-01-18 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=137,UA) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=137,UA)
46.151.210.60	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=60,SA)
46.152.122.200	24	RW	None	2020-01-16 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=200,IN) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=200,SA)
46.152.130.159	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=159,SA)
46.154.57.5	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	TR TO-S-2020-0006 Malicious Email Activity
46.161.128.0	18	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	RU TO-S-2019-0468 Malicious Web Application Activity
46.161.243.71	24	RW	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr web attacks (IP=71,YE)
46.161.27.122	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=122,NL)
46.165.245.154	24	KF	None	2020-06-28 00:00:00	2020-09-26 00:00:00	None	Known Attack Tool User Agent V2 / UDS-DirBuster_RC8766 - TT# 20C03308 (IP=154,DE)
46.166.142.207	24	MLJ	None	2017-08-07 05:00:00	2020-02-10 00:00:00	None	ET DOS Possible NTP DDoS Inbound Frequent Un-Authed MON_LIST Requests IMPL 0x03 (IP=207,NL) | updated by dcg with reason NL T | updated by GM with reason ABC Generic ArcSight scan attempt (IP=162,NL)
46.166.161.184	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-ORACLE Oracle WebLogic Server remote code execution attempt - SourceFire (IP=184,LT)
46.166.168.0	24	ged	None	2015-08-08 05:00:00	2020-04-22 00:00:00	None	ET SCAN Potential SSH Scan (IP=224-255, LT) | updated by dbc with reason LT TO-S-2019-0617 Malware Activity
46.166.175.200	32	RB	None	2020-06-11 00:00:00	2020-09-09 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected - TT# 20C03135 (IP=200,LT)
46.17.172.0	22	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	LT TO-S-2019-0723 Malicious Email Activity
46.171.72.19	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=19,PL)
46.174.253.170	24	GM	None	2020-08-12 00:00:00	2020-11-12 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=170,RU)
46.174.53.117	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=117,RU)
46.182.6.30	24	RB	None	2018-07-30 05:00:00	2020-01-29 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=30,FR) | updated by GM with reason ABC Generic ArcSight scan attempt (IP=38FR)
46.183.103.17	32	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	DE TO-S-2019-0839 Malicious Email Activity
46.183.112.72	24	CW	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit)_SourceFire (IP=72,ES)
46.185.131.4	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=4,JO)
46.185.199.38	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=38,JO)
46.185.218.226	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=,JO)
46.185.219.107	24	RB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt_6 hr web attacks (IP=107,JO)
46.185.248.97	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_6 hr web attacks (IP=97,JO)
46.186.181.218	24	MLJ	None	2017-11-29 06:00:00	2020-01-19 00:00:00	None	ET SCAN Potential SSH Scan (IP=218,KW) | updated by KF with reason HTTP: SQL Injection Attempt Detected_Web Attacks (IP=170,KW)
46.19.218.98	32	dbc	None	2019-01-30 00:00:00	2020-01-30 00:00:00	None	NL TO-S-2019-0370 Malware Activity
46.19.85.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
46.2.240.152	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=152,TR)
46.20.140.98	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Generic ArcSight scan attempt (IP=98,RO)
46.20.2.158	24	DT	None	2020-06-17 00:00:00	2020-09-15 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=158,TR)
46.20.46.209	24	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	UDP: Host Sweep (IP=209,DE)
46.200.149.125	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=125 UA)
46.203.49.124	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed - 6hr Logon (IP=124,UA)
46.209.20.25	24	RR	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Failed password - Failed Logons (IP=25,)
46.209.45.58	24	CR	None	2019-01-17 00:00:00	2020-02-23 00:00:00	None	Failed password for invalid user user (IP=58,IR) | updated by BP with reason Failed password - Failed Logons (IP=58,IR)
46.21.250.0	24	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	UA TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason UA TO-S-2019-0864 Malware Activity
46.21.252.44	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed logons (IP=44,CN)
46.21.96.0	20	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	SE TO-S-2019-1036 Malicious Email Activity
46.211.46.211	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logons (IP=211,UA)
46.212.151.228	24	RW	None	2020-09-04 00:00:00	2020-12-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=228,NO)
46.214.215.254	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=254,RO)
46.214.254.180	24	CR	None	2019-06-24 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6 hr Failed Logon (IP=180,RO) | updated by RR Block was inactive. Reactivated on 20200217 with reason Authentication Failed - Failed Logons (IP=180,RO)
46.219.0.0	16	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	UA TO-S-2019-0972 Malicious Web Application Activity
46.22.210.205	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	EE TO-S-2019-0658 Malware Activity
46.223.115.60	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - Failed Logons (IP=60,DE)
46.226.109.203	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	LU TO-S-2019-0800 Malicious Email Activity
46.229.168.71	24	RR	None	2017-01-27 06:00:00	2020-09-10 00:00:00	None	SERVER-WEBAPP glimpse access (IP=71,US) | updated by dbc with reason NL TO-S-2019-0952 Malware Activity | updated by dbc with reason US TO-S-2019-0972 Malicious Reconnaissance Activity
46.229.174.143	32	wmp	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	HIVE Case #3110 COLS-NA-TIP-20-0193 (IP=143,US)
46.229.182.110	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Illegal user - 6hr Logon (IP=110,RU)
46.229.215.93	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password_6 hr Failed Logons (IP=93,RU)
46.229.48.0	20	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	UA TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason UA TO-S-2020-0212.01 Malware Activity
46.234.157.248	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability_Web Attacks (IP=48,ES)
46.235.147.73	24	FT	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=73,CH)
46.235.40.16	24	FT	None	2020-09-18 00:00:00	2020-12-17 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=16,NL)
46.235.42.103	24	GM	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=103,NL)
46.235.42.103	24	GM	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	HTTP: SQL Injection - Exploit II - Web attacks (IP=103,NL)
46.238.53.245	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password (IP=245,BG)
46.24.53.205	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	ES TO-S-2019-0409 Malicious Email Activity
46.240.128.0	17	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	RU TO-S-2019-0515 Malware Activity
46.242.144.20	32	dbc	None	2020-06-30 00:00:00	2020-09-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=20,PL)
46.242.147.209	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=209,PL)
46.242.19.182	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=182,RU)
46.242.241.181	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=181,PL)
46.243.180.0	22	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	RU TO-S-2020-0056 Malicious Email Activity
46.243.247.37	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	AU TO-S-2020-0006 Malware Activity
46.243.247.42	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	AU TO-S-2020-0006 Malware Activity
46.243.247.51	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	AU TO-S-2020-0006 Malware Activity
46.243.247.53	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	AU TO-S-2020-0006 Malware Activity
46.244.29.10	32	GM	None	2020-03-22 00:00:00	2020-06-22 00:00:00	None	Known Attack Tool User Agent/UDS-Sqlmap_RC8766 - TT# 20C02196 (IP=10,US)
46.246.44.82	24	RW	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	Known scanner tool - Malware-CNC or Botnet Hit (IP=82,SE) | updated by RW Block expiration extended with reason Known scanner tool - Malware-CNC or Botnet Hit (IP=82,SE)
46.246.45.138	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=138,SE)
46.248.190.217	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	PL TO-S-2019-1002 Malicious Email Activity
46.249.204.99	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	GB TO-S-2019-1036 Malicious Email Activity
46.249.36.126	24	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=126,NL)
46.249.47.193	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	NL TO-S-2019-0890.01 Command and Control Exploit
46.249.62.253	24	EDBT	None	2017-05-07 05:00:00	2020-03-12 00:00:00	None	"ET SCAN Behavioral Unusually fast Terminal Server Traffic Potential Scan or Infection (Inbound)" (IP=253,NL) | updated by db
46.249.82.226	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password (IP=226,BG)
46.252.149.98	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	IT TO-S-2019-0658 Malicious Email Activity
46.253.11.254	24	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=254,BG)
46.28.200.0	21	kmw	None	2018-11-02 05:00:00	2020-02-15 00:00:00	None	CH TO-S-2019-0101 Malware Activity | updated by dbc with reason CH TO-S-2019-0400 Malware Activity | updated by dbc with rea
46.28.203.60	32	JKC	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	Malicious IP Case # 3063 - IOC_ISO CTOs 20-164, 20-165 (IP=60, CH)
46.29.166.237	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=237,XX)
46.29.183.211	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	LU TO-S-2019-1036 Malicious Email Activity
46.30.213.132	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	DK TO-S-2019-0631 Malicious Email Activity
46.30.213.197	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	DK TO-S-2019-0546 Malicious Email Activity
46.30.215.230	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	DK TO-S-2020-0031 Malicious Email Activity
46.30.215.31	24	jky	None	2016-12-07 06:00:00	2020-09-19 00:00:00	None	DK TO-S-2017-0271 CNE Phishing targeting Army email addresses | updated by jky with reason DK TO-S-2018-0616 Malware activity | updated by dbc with reason DK TO-S-2019-1002 Malicious Web Application Activity
46.30.40.94	24	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=94,RU)
46.32.240.45	24	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=45,DE)
46.32.252.149	24	RB	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	HTTP: SQL Injection - Exploit II_6 hr web attacks (IP=149,GB)
46.33.242.160	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Sourcefire (IP=160,UK)
46.36.177.246	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=246,BH)
46.36.39.56	24	dlb	None	2014-10-26 05:00:00	2020-02-09 00:00:00	None	TCP Host Sweeps (IP=56, CZ) | updated by KF with reason Generic ArcSight scan attempt (IP=97,Czech Republic)
46.37.13.132	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=132,IT)
46.37.222.227	24	RW	None	2020-04-18 00:00:00	2020-07-18 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Sourcefire (IP=227,UA)
46.38.144.205	24	KF	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=205,XX)
46.38.235.14	24	RB	None	2020-07-16 00:00:00	2020-10-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr failed logon (IP=14,DE)
46.39.16.0	21	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	RU TO-S-2019-0400 Malicious Reconnaissance Activity
46.4.122.208	24	RW	None	2020-09-16 00:00:00	2020-12-16 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=208,DE)
46.4.74.155	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=155,DE)
46.4.89.144	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP= 144 , DE )
46.43.0.183	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	GB TO-S-2019-0608 Malicious Email Activity
46.45.200.4	24	KF	None	2020-03-07 00:00:00	2020-06-05 00:00:00	None	APP-DETECT failed FTP login attempt (1:13360:7) - Sourcefire (IP=4,RU)
46.45.200.4	24	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=4,RU)
46.47.63.42	24	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=42,RU)
46.55.223.252	24	BMP	None	2020-03-21 00:00:00	2020-06-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=252,BG)
46.59.95.225	32	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent - TT# 20C02027 (IP=225,US)
46.61.235.105	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=105,RU)
46.63.64.120	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=120,UA)
46.70.204.195	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=195,AM)
46.73.155.114	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=114,RU)
46.81.178.6	24	RR	None	2020-05-19 00:00:00	2020-08-17 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1) - SourceFire (IP=6,DE)
46.99.122.227	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=227,AL)
46.99.172.18	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	RS TO-S-2020-0088 Malicious Web Application Activity
46.99.251.112	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	RS TO-S-2020-0088 Malicious Web Application Activity
46.99.67.5	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed - 6hr Logon (IP=5,AL)
47.100.220.128	24	BMP	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=128,CN)
47.100.249.70	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=70,CN)
47.100.94.111	24	RW	None	2020-09-16 00:00:00	2020-12-16 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=111,CN)
47.101.134.238	24	KF	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (1:19439:10) - SourceFire (IP=238,CH)
47.101.155.158	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=158,CN)
47.101.170.241	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=241,CN)
47.101.216.252	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=252,CN)
47.102.127.169	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Illegal user - Failed Logons (IP=169,CN)
47.102.149.147	24	CW	None	2020-02-01 00:00:00	2020-06-20 00:00:00	None	HTTP: SQL Injection - Exploit II_Web attacks (IP=47,CN) | updated by RW Block expiration extended with reason SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=147,CN)
47.102.200.247	24	GM	None	2019-10-17 00:00:00	2020-01-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=247,CN)
47.102.251.102	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=102,CN)
47.102.39.92	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=92,CN)
47.103.37.133	24	GM	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Illegal user - Failed Logons (IP=133,CN)
47.105.140.225	24	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=225,CN)
47.106.0.0	16	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CN TO-S-2019-0952 Malware Activity
47.106.98.76	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	CN TO-S-2019-0626.01 Malicious Email Activity
47.107.0.0	16	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	CN TO-S-2020-0065 Malicious Web Application Activity
47.108.116.247	24	KF	None	2020-05-31 00:00:00	2020-08-29 00:00:00	None	HTTP: PHP-FPM Remote Code Execution Vulnerability - TT# 20C03014 (IP=247,CN)
47.108.69.77	24	RR	None	2020-01-17 00:00:00	2020-05-03 00:00:00	None	Illegal user - Failed Logons (IP=77,CN) | updated by KF Block expiration extended with reason Illegal user (IP=77,CN) | updated by KF Block expiration extended with reason Illegal user (IP=77,CN)
47.110.190.245	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=245,CN)
47.110.199.70	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=70,CN)
47.111.156.228	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=228,CN)
47.111.231.206	24	GM	None	2020-03-22 00:00:00	2020-06-22 00:00:00	None	SERVER-WEBAPP Dell KACE K1000 command injection attempt - Web Attacks (IP=206,CN)
47.115.142.99	24	GM	None	2020-07-04 00:00:00	2020-10-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=99,CN)
47.115.152.43	24	CR	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=43,CN)
47.115.167.14	24	RR	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=14,CN)
47.115.172.190	24	RR	None	2020-07-20 00:00:00	2020-10-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=190,CN)
47.115.174.5	24	GM	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=5,CN)
47.12.246.241	32	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=241,US)
47.134.135.48	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=48,CA)
47.154.228.129	32	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=129,US)
47.154.228.129	32	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=129,US)
47.16.103.206	32	GM	None	2019-12-16 00:00:00	2020-03-16 00:00:00	None	SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt - Sourcefire (IP=206,US)
47.17.177.110	32	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Web Attacks (IP=110,US)
47.186.111.89	32	RW	None	2020-09-16 00:00:00	2020-12-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=89,US)
47.187.200.230	32	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=230,US)
47.196.225.72	32	RW	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	APP-DETECT failed FTP login attempt - 6hr Failed Logon (IP=72,US)
47.196.80.252	32	RW	None	2020-02-03 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=252,US) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=252,US)
47.199.39.145	32	KF	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=145,US) | updated by BMP Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=145,US)
47.206.160.250	32	RW	None	2020-04-06 00:00:00	2020-05-06 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Mirai Echobot Activity Detected - TT# 20C02439 (IP=250,US)
47.206.4.145	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	CA TO-S-2019-0604 Malware Activity
47.214.217.177	32	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=177,US)
47.22.135.70	32	RR	None	2019-05-01 00:00:00	2020-02-11 00:00:00	None	Illegal user - 6 hr Failed Logons (IP=70,US) | updated by GM with reason Invalid user - Failed Logons (IP=70,US)
47.240.0.0	17	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	HK TO-S-2019-0816 Malicious Email Activity
47.241.10.98	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=98,US)
47.241.2.137	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=137,US)
47.244.210.48	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=48,CN)
47.244.3.183	32	RW	None	2019-12-25 00:00:00	2020-01-25 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01237 (IP=183,US)
47.245.0.109	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=109,JP)
47.247.12.76	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.247.149.102	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.247.151.115	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.247.156.154	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.247.169.122	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.247.48.224	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.247.91.227	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.251.49.39	32	CW	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web attacks (IP=39,US)
47.252.2.173	32	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 20C01701 (IP=173,US)
47.252.78.254	32	BMP	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	34153: HTTP: China Chopper PHP Webshell Traffic Detected (Control Commands) TT# 20C01463 (IP=254,US) | updated by BMP Block expiration extended with reason 34153: HTTP: China Chopper PHP Webshell Traffic Detected (Control Commands) TT# 20C01463 (IP=25
47.254.0.0	16	dcg	None	2018-10-02 05:00:00	2020-02-15 00:00:00	None	MY TO-S-2018-1197 Malware Indicator associated with malware activity | updated by dbc with reason CN TO-S-2019-0409 Malware Ac
47.254.124.187	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=187,US)
47.254.47.165	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=165,US)
47.254.91.23	32	wmp	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HIVE Case #3374 COLS-NA-TIP-20-0228 (IP=23,US)
47.29.249.141	24	DT	None	2020-06-17 00:00:00	2020-09-15 00:00:00	None	BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX function call access - SourceFire (IP=141,IN)
47.29.43.45	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=45,IN)
47.30.198.227	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.30.223.199	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	Authentication Failed (IP=199,IN)
47.30.244.182	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.31.117.3	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.31.148.100	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.44.218.226	32	RW	None	2020-04-06 00:00:00	2020-05-06 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Mirai Echobot Activity Detected - TT# 20C02444 (IP=226,US)
47.52.30.46	32	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr Web Attacks (IP=46,US)
47.52.30.46	24	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=46,HK)
47.53.145.113	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed_Faield Logon (IP=13,IT)
47.74.240.3	32	jkc	None	2020-07-20 00:00:00	2020-10-21 00:00:00	None	hive case # 3387 CTO 20-199 Malicious IP (ip=3,US)
47.88.0.0	14	jky	None	2017-09-08 05:00:00	2020-02-04 00:00:00	None	HK TO-S-2017-1492 Malicious access attempts | updated by wmp with reason MyKings Spreader Botnet HIVE Case #299 (IP=68,CA) | updated by KF with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt_Web Attacks (IP=204,US) | updated by KF wi
47.88.1.212	32	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=212,US)
47.88.1.212	32	RB	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=212,US)
47.88.1.212	32	RB	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=212,US)
47.88.254.103	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Immediate Inbound Network Block - TT# 20C00498 (IP=103,US)
47.88.34.147	32	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=147,US)
47.88.51.216	32	KF	None	2019-11-21 00:00:00	2020-05-23 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=216,US) | updated by RR Block was inactive. Reactivated on 20200223 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01800 (IP=216,US)
47.88.88.95	32	DT	None	2020-09-18 00:00:00	2020-12-17 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=95,US)
47.89.193.230	32	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=230,US)
47.89.225.94	32	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=94,US)
47.89.251.31	32	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Immediate Inbound Network Block - TT# 20C00943 (IP=31,US)
47.89.75.220	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
47.9.193.18	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.9.207.196	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.9.215.227	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.9.221.178	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.9.222.139	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.9.244.69	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.9.91.127	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
47.91.32.0	20	dbc	None	2019-03-12 00:00:00	2020-03-26 00:00:00	None	CN TO-S-2019-0488 Malicious Email Activity | updated by dbc with reason CN TO-S-2019-0532 Malicious Email Activity
47.91.92.228	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=228,DE)
47.92.0.0	14	jky	None	2017-09-08 05:00:00	2020-01-02 00:00:00	None	CN TO-S-2017-1490 Malicious activity | updated by RR with reason MALWARE-BACKDOOR JSP webshell backdoor detected (1:39058:1) ( | updated by GM with reason SERVER-ORACLE Oracle WebLogic Server remote command execution attempt - Sourcefire (IP=96,CN) |
47.92.145.227	24	CR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - Sourcefire (IP=227,CN)
47.93.115.15	24	RR	None	2020-01-29 00:00:00	2020-05-31 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=15,CN) | updated by RB Block expiration extended | not blocked because Both Targets (one an RWP address) run Windows/ASP rather than PHP. | updated by KF Block was inactive. Reactivated on 20200302
47.93.116.141	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=141,CN)
47.93.2.230	24	RW	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=230,CN)
47.93.38.38	24	RR	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=38,CN)
47.93.76.190	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=190,CN)
47.94.165.147	24	DT	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=147,CN)
47.95.118.55	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Illegal user_6 hr Failed Logons (IP=55,CN)
47.95.241.100	24	RB	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Illegal user_6 hr Failed Logons (IP=100,CN)
47.95.253.27	24	RR	None	2020-09-21 00:00:00	2020-12-20 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=27,CN)
47.95.28.130	24	GM	None	2020-08-18 00:00:00	2020-11-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=130,CN)
47.96.0.0	14	dcg	None	2018-08-07 05:00:00	2020-03-05 00:00:00	None	CN TO-S-2018-1009 associated with malicious web application and malware activity | updated by GM with reason APP-DETECT failed FTP login attempt - Failed logons (IP=237,CN)
47.96.28.232	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=232,CN)
47.97.163.97	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=97,FR)
47.97.180.67	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	Illegal user (IP=67,CN)
47.98.153.199	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	Illegal user_Failed Logon (IP=99,CN)
47.98.160.195	24	BMP	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	Timeout before authentication - 6hr Logon (IP=195,CN)
47.98.251.243	24	BMP	None	2020-09-29 00:00:00	2020-12-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=243,CN)
47.99.68.79	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=79,CN)
47.99.82.90	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Illegal user - Failed Logons (IP=90,CN)
49.112.101.125	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Web attacks (IP=25,CN)
49.112.139.81	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=81,CN)
49.112.207.235	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=235,CN)
49.112.27.238	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=238,CN)
49.112.89.219	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=219,CN)
49.115.102.44	24	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	UDP: Host Sweep (IP=44,CN)
49.115.120.93	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=93,CN)
49.115.223.14	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=14,CN)
49.116.105.81	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=81,CN)
49.116.18.151	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=151,CN)
49.116.25.143	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=143,CN)
49.116.46.68	24	KF	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=68,CN)
49.116.56.193	24	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=193,CN)
49.116.63.178	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=178,CN)
49.117.184.12	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=12,CN)
49.117.191.202	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=202,CN)
49.118.137.211	24	BMP	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	APP-DETECT failed FTP login attempt - 6hr Failed Logons (IP=211,CN)
49.118.194.184	32	FT	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt - SourceFire (IP=US,184)
49.119.213.132	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=132,CN)
49.12.66.235	32	KF	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03236 (IP=235,ZZ)
49.128.162.157	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=157,IN)
49.143.32.8	24	ABC	None	2016-01-31 06:00:00	2020-03-05 00:00:00	None	Bro-observed Port Scanning (IP=8,KR) | updated by RB with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_6 hr web attacks (IP=6 KR) | 2020-03-05 | 2016-04-30
49.145.169.167	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=167,PH)
49.149.128.0	20	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,PH)
49.149.136.251	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=251,PH)
49.149.97.188	24	BMP	None	2020-05-01 00:00:00	2020-07-30 00:00:00	None	8316 HTTP Cross Site Scripting (String.fromCharCode) - TT# 20C02582 (IP=160,PH)
49.150.158.188	24	KF	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Authentication Failed (IP=188,PH)
49.158.33.201	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=201,TW)
49.158.45.11	24	CR	None	2019-12-27 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=11,TW)
49.172.28.35	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Authentication Failed - Failed Logons (IP=35,KR)
49.176.242.163	24	GM	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=163,AU)
49.204.76.142	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=142,IN)
49.205.178.12	24	YM	None	2018-02-19 06:00:00	2020-01-04 00:00:00	None	ET SCAN Potential SSH Scan (IP=12,IN) | updated by KF with reason Authentication Failed_6 Hr Failed Logons (IP=12,IN) | updated by RB with reason Authentication Failed (IP=12 IN) | 2020-01-04 | 2019-09-26
49.205.179.159	24	KF	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	Illegal user - 6 Hr Failed Logons (IP=159,IN)
49.205.182.36	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=36,IN)
49.205.207.8	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	Authentication Failed_Failed Logon (IP=8,IN)
49.205.211.77	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,IN)
49.205.212.154	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=154,IN)
49.205.41.114	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=114,IN)
49.205.54.87	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=87,IN)
49.205.62.194	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=94,IN)
49.206.211.131	24	RR	None	2017-02-14 06:00:00	2020-01-25 00:00:00	None	APP-DETECT failed FTP login attempt (IP=131,IN) | updated by RR with reason Generic ArcSight scan attempt (IP=146,IN)
49.206.30.37	24	CR	None	2019-01-10 06:00:00	2020-03-02 00:00:00	None	Failed password for invalid user (IP=37,IN) | updated by BP Block was inactive. Reactivated on 20191203 with reason Invalid user - 6hr Logon (IP=37,IN)
49.207.14.51	32	KF	None	2020-03-07 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02051 (IP=51,US)
49.207.4.45	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password_6 hr Failed Logons (IP=45,IN)
49.207.96.152	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=152,IN)
49.212.211.207	24	CR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	Illegal user - 6hr failed logon (IP=207,JP)
49.212.235.208	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=8,JP)
49.212.243.71	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=71,JP)
49.213.160.0	19	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	TW TO-S-2020-0012 Malware Activity
49.213.192.0	22	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	TW TO-S-2020-0012 Malware Activity
49.216.164.0	22	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,TW)
49.229.29.0	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=0,TH)
49.231.5.51	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=51,TH)
49.232.1.8	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=8,CN)
49.232.10.234	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=234,CN)
49.232.109.87	24	RW	None	2020-09-10 00:00:00	2020-12-10 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=87,CN)
49.232.128.185	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=185,CN)
49.232.131.136	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=136,CN)
49.232.134.179	24	RW	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=179,CN)
49.232.14.216	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password_Faield Logon (IP=16,CN)
49.232.151.99	24	KF	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=99,CN)
49.232.156.177	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Failed password for invalid user - Failed Logon (IP=177,CN)
49.232.16.142	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=142,CN)
49.232.161.54	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=54,XX)
49.232.166.229	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Failed password for invalid user - Failed Logons (IP=229,CN)
49.232.167.104	24	ABC	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	Command Injection Attempt (IP=104,CN)
49.232.171.22	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=22,CN)
49.232.22.156	24	RR	None	2020-07-07 00:00:00	2020-10-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=156,CN)
49.232.226.2	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=2,CN)
49.232.233.239	24	FT	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=CN,239)
49.232.37.202	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=202,CN)
49.232.39.104	24	KF	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=104,GB)
49.232.40.196	24	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=196,HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks)
49.232.45.168	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Command Injection Attempt (IP=168,XX)
49.232.51.237	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=237,CN)
49.232.60.216	24	RB	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=216,CN)
49.232.64.97	24	RB	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=97,CN)
49.232.68.52	24	RR	None	2020-09-08 00:00:00	2020-12-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=52,CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=52,CN)
49.232.85.84	24	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=84,CN)
49.232.86.93	24	DT	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=93,CN)
49.232.92.95	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=95,CN)
49.232.97.71	24	RW	None	2020-09-26 00:00:00	2020-12-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=71,CN)
49.232.98.105	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=105,CN)
49.233.122.22	24	KF	None	2020-06-27 00:00:00	2020-09-25 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=22,CN)
49.233.129.20	24	BMP	None	2020-07-10 00:00:00	2020-10-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=2,CN)
49.233.133.129	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=129,XX)
49.233.134.186	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=186,XX)
49.233.135.2	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Invalid user -Failed Logons (IP=2,CN)
49.233.136.142	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=142,CN)
49.233.137.247	24	RW	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=247,CN)
49.233.138.200	24	RB	None	2020-01-10 00:00:00	2020-04-12 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_6 hr web attacks (IP=200,CN) | updated by BMP Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=200,CN)
49.233.145.23	24	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=23,CN)
49.233.147.3	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=3,49)
49.233.15.146	24	RW	None	2020-05-24 00:00:00	2020-08-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SSH Scan (IP=146,CN)
49.233.152.233	24	RR	None	None	2020-06-23 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=233,CN)
49.233.155.3	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	HTTP: SQL Injection Attempt Detected_web attacks (IP=3,CN)
49.233.160.131	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=131,XX)
49.233.166.171	24	CR	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=171,CN)
49.233.168.3	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=3,XX)
49.233.169.128	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=128,XX)
49.233.171.215	32	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C03655 (IP=215,US)
49.233.171.215	24	RR	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=215,CN)
49.233.181.43	32	RW	None	2020-08-10 00:00:00	2020-09-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03678 (IP=43,CN)
49.233.184.91	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=91,CN)
49.233.185.116	24	RR	None	None	2020-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=116,CN)
49.233.189.6	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=6,XX)
49.233.19.126	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=126,CN)
49.233.2.50	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=50,XX)
49.233.201.68	24	CR	None	2019-12-27 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=68,CN)
49.233.21.74	24	RR	None	2020-01-03 00:00:00	2020-04-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=74,CN)
49.233.210.214	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=214,CN)
49.233.215.106	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=106,CN)
49.233.254.31	24	RB	None	2020-06-16 00:00:00	2020-09-16 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 hr web attack (IP=31,CN)
49.233.26.107	24	DT	None	2020-06-15 00:00:00	2020-09-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=107,CN)
49.233.34.9	24	RR	None	2020-07-14 00:00:00	2020-10-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=9,CN)
49.233.45.8	32	RR	None	2020-06-26 00:00:00	2020-09-25 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03289 (IP=8,CN)
49.233.45.8	24	BMP	None	2020-03-15 00:00:00	2020-06-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=8,CN)
49.233.47.47	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_Web Attacks (IP=47,CN)
49.233.51.218	24	RR	None	2019-11-13 00:00:00	2020-07-28 00:00:00	None	Failed password for invalid user - Failed Logons (IP=218,CN) | updated by RW Block was inactive. Reactivated on 20200428 with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=218,CN)
49.233.61.215	24	GM	None	2020-09-15 00:00:00	2020-12-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=215,CN)
49.233.63.234	24	RR	None	2020-06-17 00:00:00	2020-09-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=234,CN)
49.233.64.101	24	RB	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=101,CN)
49.233.65.240	24	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=240,CN)
49.233.67.39	24	RR	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password - Failed Logons (IP=39,CN)
49.233.69.121	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed logons (IP=121,CN)
49.233.73.178	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=178,CN)
49.233.75.15	24	RR	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=15,CN)
49.233.76.240	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=240,XX)
49.233.77.182	24	KF	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=182,CN)
49.233.79.52	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt _SourceFire (IP=52,CN)
49.233.82.88	24	RB	None	2020-03-19 00:00:00	2020-06-17 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_6 hr web attacks (IP=88,CN)
49.233.83.227	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web attacks (IP=27,CN)
49.233.87.179	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=179,XX)
49.234.101.112	24	20200120	None	None	2020-01-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=112,CN) | updated by RWB Block was inactive. Reactivated on 20191022 with reason HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=112,CN)
49.234.105.104	24	CW	None	2020-01-14 00:00:00	2020-04-28 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_SourceFire (IP=4,CN) | updated by RB Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=104,CN)
49.234.105.140	24	RW	None	2020-04-17 00:00:00	2020-07-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=140,CN)
49.234.108.12	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password - Failed Logons (IP=12,CN)
49.234.115.145	24	RB	None	2019-11-21 00:00:00	2020-02-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=145,CN) | updated by KF Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) (IP=145,CH)
49.234.125.43	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=43,CN)
49.234.130.107	24	RR	None	2020-07-29 00:00:00	2020-10-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=107,CN)
49.234.134.253	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password for invalid user - Failed Logons (IP=253,CN)
49.234.153.247	24	RR	None	2020-07-09 00:00:00	2020-10-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=247,CN)
49.234.155.117	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=117,CN)
49.234.158.253	24	ABC	None	2019-10-14 00:00:00	2020-01-12 00:00:00	None	Command Injection Attempt (IP=253,CN)
49.234.166.41	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=41,CN)
49.234.17.109	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=109,CN)
49.234.176.190	24	RB	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=190,CN)
49.234.177.135	24	RR	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=135,CN)
49.234.179.115	32	KF	None	2020-05-29 00:00:00	2020-08-27 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C02991 (IP=115,CN)
49.234.18.158	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=158,CN)
49.234.181.127	24	RR	None	2020-03-05 00:00:00	2020-06-03 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=127,CN)
49.234.182.99	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=99,XX)
49.234.187.236	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=236,XX)
49.234.193.172	24	GLM	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=172,CN)
49.234.195.122	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=122,CN)
49.234.203.5	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password (IP=5,CN)
49.234.204.145	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=145,CN)
49.234.205.111	32	RR	None	2019-12-11 00:00:00	2020-03-10 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=111,CN)
49.234.206.142	24	CR	None	2019-10-18 00:00:00	2020-01-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_Sourcefire (IP=142,CN)
49.234.207.171	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Failed password - Failed Logon (IP=,NG)
49.234.211.70	24	GM	None	2020-08-30 00:00:00	2020-11-30 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=70,CN)
49.234.213.51	24	GM	None	2020-06-10 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=51,CN)
49.234.219.235	24	RB	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_6 hr web attacks (IP=235,CN)
49.234.224.170	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=170,CN)
49.234.228.207	24	GM	None	2019-10-09 00:00:00	2020-01-09 00:00:00	None	INDICATOR-SCAN PHP backdoor scan
49.234.230.5	24	KF	None	2019-10-19 00:00:00	2020-01-18 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=5,CN) | updated by KF Block expiration extended with reason Generic ArcSight scan attempt (IP=5,XX)
49.234.233.108	24	CR	None	2019-12-24 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=108, CN) | updated by CR Block expiration extended with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=108, CN)
49.234.234.200	24	RB	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Sourcefire (IP=200,CN)
49.234.24.51	24	FT	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03777 (IP=51,CN)
49.234.25.11	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password - Failed Logon (IP=11,CN)
49.234.30.33	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password for invalid user - Failed Logons (IP=33,CN)
49.234.30.46	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=46,CN)
49.234.30.77	24	GM	None	2020-07-04 00:00:00	2020-10-04 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=77,CN)
49.234.32.93	24	GM	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=93,CN)
49.234.35.165	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Command Injection Attempt (IP=165,XX)
49.234.38.26	32	wmp	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=26,CN)
49.234.43.173	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Failed password for invalid user - 6hr Logons (IP=173,CN)
49.234.45.47	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_12 hr web attacks (IP=47 CN)
49.234.46.134	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=134,CN)
49.234.49.172	24	RW	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	TCP: SYN Host Sweep (IP=172,CN)
49.234.56.194	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	Failed password_6 hr Failed Logons (IP=194,CN)
49.234.63.140	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
49.234.67.146	24	RW	None	2019-12-19 00:00:00	2020-03-19 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=146,CN)
49.234.69.154	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=154,XX)
49.234.78.211	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (IP=211,CN)
49.234.79.63	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=63,XX)
49.234.83.188	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=188,CN)
49.234.86.32	24	RR	None	2020-09-02 00:00:00	2020-12-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=32,CN)
49.234.87.24	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=24,CN)
49.234.93.166	24	KF	None	2019-10-19 00:00:00	2020-01-18 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=166,CN) | updated by KF Block expiration extended with reason Command Injection Attempt (IP=166,XX)
49.234.94.114	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password for invalid user - Failed Logons (IP=114,CN)
49.234.96.24	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=24,CN)
49.234.99.34	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=34,CN)
49.235.100.37	24	RB	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=37,CN)
49.235.101.220	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	Failed password - Failed Logons (IP=220,CN)
49.235.104.6	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=6,CN)
49.235.106.120	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	Command Injection Attempt (IP=120,CN)
49.235.107.14	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password_6 hr Failed Logons (IP=14,CN)
49.235.112.198	24	RWB	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=198,CN)
49.235.113.84	24	KF	None	2020-05-04 00:00:00	2020-08-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=84,CN)
49.235.118.170	24	RR	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=170,CN)
49.235.12.159	24	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Illegal user - Failed Logons (IP=159,CN)
49.235.121.155	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=155,CN)
49.235.130.25	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=25,CN)
49.235.134.72	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user - Failed Logons (IP=72,CN)
49.235.137.58	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=58,CN)
49.235.138.41	24	BMP	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=41,CN)
49.235.141.111	24	ABC	None	2019-10-14 00:00:00	2020-01-12 00:00:00	None	Command Injection Attempt (IP=111,CN)
49.235.147.67	24	DT	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=67,CN)
49.235.148.227	24	KF	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=227,CN)
49.235.149.81	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=81,CN)
49.235.150.196	32	GM	None	2020-08-17 00:00:00	2020-11-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C03729 (IP=196,CN)
49.235.150.58	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=58,CN)
49.235.151.3	24	DT	None	2020-09-18 00:00:00	2020-12-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=3,CN)
49.235.155.55	24	RW	None	2019-10-25 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=55,CN)
49.235.156.160	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_SourceFire (IP=60,CN)
49.235.158.15	24	RR	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Invalid user - Failed Logons (IP=15,CN)
49.235.161.202	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=202,CN)
49.235.162.224	24	RB	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	HTTP: SQL Injection Attempt Detected-6 hr web attacks (IP=224,CN)
49.235.165.22	24	RB	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=22,CN)
49.235.172.6	24	GM	None	2020-03-24 00:00:00	2020-06-24 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=6,CN)
49.235.175.217	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=217,CN)
49.235.178.217	24	RB	None	2019-10-20 00:00:00	2020-01-19 00:00:00	None	HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=217,CN) | updated by KF with reason HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=217,CN)
49.235.182.95	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=95,CN)
49.235.184.181	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=181,CN)
49.235.190.160	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	HTTP: SQL Injection Attempt Detected -Web Attacks (IP=160,CN)
49.235.192.71	24	RB	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Illegal user_6 hr Failed Logons (IP=71,CN)
49.235.198.185	24	RB	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=185,CN)
49.235.199.178	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=178,XX)
49.235.208.138	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=138,CN)
49.235.209.223	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=223,CN)
49.235.211.89	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=89,CN)
49.235.215.223	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	SERVER-WEBAPP ThinkPHP
49.235.216.174	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=174,CN)
49.235.218.147	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=147,CN)
49.235.222.199	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password - Failed Logon (IP=199,CN)
49.235.223.143	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=143,CN)
49.235.226.55	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password_Failed Logon (IP=55,CN)
49.235.228.246	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Command Injection Attempt (IP=246,XX)
49.235.230.71	24	RR	None	2020-07-20 00:00:00	2020-10-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=71,CN)
49.235.232.70	32	FT	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=70,CN)
49.235.240.2	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=2,CN)
49.235.241.84	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=84,CN)
49.235.242.173	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Failed password for invalid user -Failed Logons (IP=173,CN)
49.235.243.2	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Invalid user -Failed Logons (IP=2,CN)
49.235.245.12	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=12,CN)
49.235.246.221	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
49.235.250.133	32	DT	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability(CVE-2019-16759) - TT# 20C03487 (IP=133,CN)
49.235.251.41	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Failed password - Failed Logons (IP=41,CN)
49.235.253.115	24	RR	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=115,CN)
49.235.29.142	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=142,CN)
49.235.29.59	24	RR	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=59,CN)
49.235.36.51	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=51,CN)
49.235.37.41	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=41,CN)
49.235.38.225	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password - Failed Logons (IP=225,CN)
49.235.4.91	24	RB	None	2020-08-23 00:00:00	2020-11-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attack (IP=91,CN)
49.235.42.19	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=19,CN)
49.235.42.26	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=26,CN)
49.235.46.170	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=170,CN)
49.235.5.29	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=29,CN)
49.235.62.242	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=242,XX)
49.235.7.47	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=47,CN)
49.235.73.5	24	CR	None	2019-12-24 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=5, CN) | updated by CR Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=5,
49.235.78.37	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=37,CN)
49.235.78.94	24	BMP	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=94,CN)
49.235.79.117	32	RR	None	2020-09-12 00:00:00	2020-12-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03886(IP=117,CN)
49.235.79.183	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password - Failed Logons (IP=183,CN)
49.235.81.41	24	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=41,CN)
49.235.82.222	32	RW	None	2020-08-08 00:00:00	2020-09-08 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability(CVE-2019-16759) - TT# 20C03669 (IP=222,CN)
49.235.85.62	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=62 CN)
49.235.87.106	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6hr web attacks (IP=106,CN)
49.235.88.187	24	RW	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6hr web attacks (IP=187,CN)
49.235.90.120	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=120,CN)
49.235.91.217	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user - Failed Logons (IP=217,CN)
49.235.92.20	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=20,CN)
49.235.93.35	24	KF	None	2020-04-21 00:00:00	2020-07-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=35,CN)
49.235.96.74	24	RW	None	2020-08-01 00:00:00	2020-11-01 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=74,CN)
49.235.97.81	32	RR	None	2020-07-08 00:00:00	2020-10-08 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03390 (IP=81,CN)
49.235.98.83	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=83,XX)
49.236.198.163	24	RB	None	2020-07-22 00:00:00	2020-10-20 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr web attack (IP=163,MY)
49.236.208.86	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=86,VN)
49.245.50.12	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=12,SG)
49.247.207.56	24	CR	None	2019-01-17 00:00:00	2020-02-16 00:00:00	None	Failed password for invalid user user (IP=56,KR) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=56,KR)
49.247.208.209	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=209,KR)
49.248.53.71	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=71,IN)
49.249.233.26	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Invalid user - Failed Logon (IP=26,IN)
49.249.244.0	24	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	IN TO-S-2019-0926 Malicious Reconnaissance Activity
49.249.249.202	24	GM	None	2019-06-13 00:00:00	2020-02-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=202,IN) | updated by KF with reason Immediate Inbound Network Block - TT# 20C00827 (IP=202,US)
49.35.10.157	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
49.35.64.147	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=147,IN)
49.36.4.174	24	RW	None	2020-02-26 00:00:00	2020-05-26 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=174,HK)
49.37.196.11	24	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	SQL injection - 6hr Web Attacks (IP=11,IN)
49.4.11.133	24	KF	None	2020-06-27 00:00:00	2020-09-25 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03299 (IP=133,CN)
49.4.114.131	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=131 CN)
49.49.233.131	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=131,TH)
49.49.27.59	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Authentication Failed - Failed Logons (IP=59,TH)
49.50.64.0	18	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	IN TO-S-2019-0382 Malware Activity
49.50.66.137	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=137,IN)
49.51.13.40	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_SourceFire (IP=40,CA)
49.51.242.147	32	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=147 US)
49.51.242.225	24	CR	None	2019-10-14 00:00:00	2020-01-14 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=225,CN)
49.51.33.14	24	CR	None	2019-10-16 00:00:00	2020-04-21 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourefire report (IP=14,CN) | updated by RWB with reason Attempted Information Leak - INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=,CN)
49.51.34.136	32	RW	None	2020-03-09 00:00:00	2020-06-09 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=136,US)
49.51.34.136	24	CR	None	2019-06-14 00:00:00	2020-01-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=136,CN) | updated by RB with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=227,US) | 2020-01-02 | 2019-09-14
49.51.46.39	32	GM	None	2019-10-17 00:00:00	2020-01-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=39,US)
49.51.49.117	32	RW	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=117,US)
49.51.50.208	32	RB	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=208,US)
49.51.52.89	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=89,CN)
49.64.42.176	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=176,CN)
49.64.71.96	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_6 hr web attacks (IP=96,CN)
49.65.2.67	24	RB	None	2017-10-28 05:00:00	2020-03-28 00:00:00	None	ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack (IP=67,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=66,CN) | 2020-03-28 | 2018-01-26
49.66.4.125	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=125,CN)
49.66.5.138	24	RR	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=138,CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=146,IN)
49.67.228.189	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=189,CN)
49.68.120.113	24	RB	None	2019-12-15 00:00:00	2020-03-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=113,CN)
49.68.121.166	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=166,CN)
49.68.157.109	24	KF	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=109,CN)
49.68.216.98	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=98,CN)
49.68.246.198	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=198,CN)
49.68.247.85	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=85,CN)
49.68.85.141	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=141,CN)
49.68.92.168	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=168,CN)
49.69.126.77	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=77 CN)
49.69.200.63	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Failed password - Failed Logons (IP=63,CN)
49.69.219.69	24	KF	None	2020-06-11 00:00:00	2020-09-09 00:00:00	None	Case # 2968 - Web Infection Match (Webshell.Binary.php.FEC2, notified) (IP=69,CN)
49.69.227.155	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=155,CN)
49.69.240.112	24	RR	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=112,CN)
49.69.243.15	24	RR	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=15,CN)
49.69.245.22	24	RR	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=22,CN)
49.69.250.239	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=239,CN)
49.69.40.148	32	GM	None	2020-07-12 00:00:00	2020-10-12 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03444 (IP=148,US)
49.69.41.221	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=221,CN)
49.69.46.232	24	RR	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=232,CN)
49.69.56.158	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=158,CN)
49.69.58.12	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Web attacks (IP=12,CN)
49.69.62.61	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=61,CN)
49.70.119.186	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	APP-DETECT failed FTP login attempt_6 hr Failed Logons (IP=186,CN)
49.70.166.35	24	CR	None	2019-12-24 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - CIRT Web Attacks (IP=35, CN) | updated by CR Block expiration extended with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - CIRT Web A
49.70.174.156	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=156,CN)
49.70.190.136	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=136,CN)
49.70.29.105	24	RW	None	2020-01-06 00:00:00	2020-04-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=105,CN
49.70.40.9	24	CR	None	2020-01-13 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attack (IP=9,CN)
49.70.50.154	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=154,CN)
49.70.51.113	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=113,CN)
49.70.53.60	24	KF	None	2019-03-15 00:00:00	2020-04-18 00:00:00	None	APP-DETECT failed FTP login attempt (IP=60,CN) | updated by KF with reason SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=190,CN)
49.70.60.246	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=246,CN)
49.70.66.203	24	RB	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=203 CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=203,CN)
49.70.90.125	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=125,CN)
49.72.226.48	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=48,CN)
49.73.61.26	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user - Failed Logons (IP=26,CN)
49.73.84.175	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password_6 hr Failed Logons (IP=175,CN)
49.74.219.26	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Illegal user - Failed Logons (IP=26,CN)
49.75.239.214	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=214,CN)
49.76.15.46	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=46,CN)
49.76.198.41	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=41,CN)
49.79.228.33	24	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=33,CN)
49.80.101.95	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - WebAttacks (IP=95,CN)
49.81.110.139	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=139,CN)
49.81.173.14	24	RB	None	2017-12-31 06:00:00	2020-04-21 00:00:00	None	SERVER-OTHER Dahua DVR hard-coded root login attempt (IP=14,CN) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=215,CN) | updated by RWB with reason Attempted Administrator Privilege G
49.81.175.121	24	CR	None	2019-12-21 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=121,CN)
49.81.215.128	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=128,CN)
49.81.38.155	24	RB	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt-Sourcefire (IP=155,CN)
49.81.39.15	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=15,CN)
49.81.92.119	24	CR	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Exploit.IoT.Generic - Hive Case 2289 (IP=119,CN)
49.81.93.236	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=236,CN)
49.82.10.210	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=210,CN)
49.82.112.174	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=174,CN)
49.82.119.82	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=82,CN)
49.82.157.227	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=227,CN)
49.82.17.116	24	RWB	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=116,CN)
49.82.85.69	24	FT	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	SMTP Return-Path header abuse opord 2016-191F9 - Sourcefire (IP=69,CN)
49.83.196.152	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=152,CN)
49.83.201.131	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=131,CN)
49.83.246.128	32	BMP	None	2020-07-08 00:00:00	2020-10-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03397 (IP=128,CN)
49.84.104.20	24	CW	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=20,CN)
49.84.125.104	24	RR	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=104,CN)
49.84.61.187	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Web attacks (IP=87,CN)
49.86.139.144	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=44,CN)
49.87.36.183	24	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Web Attacks (IP=183,CN)
49.87.38.135	24	BMP	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=135,CN)
49.87.60.190	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Web attacks (IP=90,CN)
49.88.112.54	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=54,CN)
49.88.112.58	24	BP	None	2019-11-25 00:00:00	2020-02-24 00:00:00	None	Failed password - Failed Logons (IP=58,CN) | updated by KF Block expiration extended with reason Failed (IP=58,CN)
49.88.52.158	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	SQL generic sql with comments injection attempt - GET parameter - SourceFire (IP=158,CN)
49.89.1.148	24	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=148,CN)
49.89.125.103	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=103,CN)
49.89.130.88	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=88,CN)
49.89.132.145	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=145,CN)
49.89.133.245	24	CR	None	2020-01-06 00:00:00	2020-04-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=245,CN)
49.89.134.186	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=186,CN)
49.89.14.10	24	RW	None	2019-12-12 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=10,CN)
49.89.178.255	24	FT	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	CERT/CC VU#257161:CVE-2020-CVE-2020-11910 anomalous ICMPv4 type 3,code 4 Path MTU Discovery - Sourcefire (IP=255,CH)
49.89.210.200	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=200,CN)
49.89.212.89	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=89,CN)
49.89.216.89	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=89,CN)
49.89.218.243	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=243,CN)
49.89.238.187	24	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=187,CN)
49.89.248.71	24	RR	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=71,CN)
49.89.249.21	24	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=21,CN)
49.89.25.130	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=30,CN)
49.89.250.154	24	KF	None	2019-03-20 00:00:00	2020-04-11 00:00:00	None	APP-DETECT failed FTP login attempt (IP=154,CN) | updated by CW with reason POLICY-OTHER PHP uri tag injection attempt_SourceFire (IP=67,CN)
49.89.250.167	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=167,CN)
49.89.251.93	24	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=93,CN)
49.89.254.56	24	RB	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt_Sourcefire (IP=56,CN)
49.89.29.242	24	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=242,CN)
49.89.3.150	24	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=150,CN)
49.89.4.30	24	RB	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=30,CN)
49.89.54.67	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP GPON Router
49.89.68.164	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=164,CN)
49.89.97.195	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=195,CN)
5.1.88.50	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	Failed password - Failed Logons (IP=50,GB)
5.10.12.12	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=12,DE)
5.10.124.141	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	GB TO-S-2019-0938 Malicious Email Activity
5.100.152.127	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=127,GB)
5.100.240.22	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=22,LB)
5.100.250.24	24	RR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=24,IL)
5.100.255.249	24	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	IL TO-S-2019-0546 Malicious Web Application Activity
5.101.0.209	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=209,RU)
5.101.0.209	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=209,RU)
5.101.0.209	24	RW	None	2019-12-25 00:00:00	2020-04-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=209,RU) | updated by KF with reason HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C01487 (IP=209,RU)
5.101.152.64	24	RR	None	2016-10-31 05:00:00	2020-01-30 00:00:00	None	malware-callback GET (IP=64,RU) | updated by dbc with reason RU TO-S-2019-0370 Correction to TO-S-2014-0977 Malicious Activit
5.101.156.245	24	RW	None	2020-06-01 00:00:00	2020-09-01 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03020 (IP=245,RU)
5.11.143.220	24	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=220,TR)
5.11.179.161	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=161,TR)
5.11.37.63	24	KF	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	Failed password (IP=63,IT)
5.11.86.222	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	NL TO-S-2019-1036 Malware Activity
5.111.62.184	32	DT	None	2020-05-04 00:00:00	2020-08-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02609 (IP=184,SA)
5.128.0.0	14	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
5.134.36.49	24	RB	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_Sourcefire (IP=49,ES)
5.135.101.228	24	KF	None	2019-10-28 00:00:00	2020-01-27 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=228,FR) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=228,FR)
5.135.116.82	24	KF	None	2020-03-26 00:00:00	2020-06-25 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=82,FR) | updated by RR Block expiration extended with reason SQL Injection (IP=82,FR)
5.135.127.85	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=85,ES)
5.135.135.116	24	RR	None	2018-12-08 06:00:00	2020-01-30 00:00:00	None	Failed password for invalid user (IP=116,FR) | updated by RW Block was inactive. Reactivated on 20191030 with reason Failed password - 6hr Failed Logon(IP=116,FR)
5.135.166.113	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=113,FR)
5.135.176.0	24	ged	None	2016-10-22 05:00:00	2020-03-05 00:00:00	None	Illegal user (IP=24,FR) | updated by RR with reason Invalid user - Failed Logons (IP=20,FR)
5.135.179.42	24	sjl	None	2016-05-21 05:00:00	2020-01-29 00:00:00	None	: China Chopper PHP/Backdoor Detected (IP=42 FR) | updated by RR with reason Illegal user (IP=5 FR) | 2018-05-25 | 2016-08-21 | updated by GM with reason Failed password - Failed Logons (IP=178,FR)
5.135.181.11	24	RR	None	2018-12-15 06:00:00	2020-03-03 00:00:00	None	Failed password for invalid user (IP=11,FR) | updated by RWB Block was inactive. Reactivated on 20191204 with reason Failed password for invalid user - Failed Logon (IP=11,FR)
5.135.193.145	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=145,FR)
5.135.198.62	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP=62,FR)
5.135.223.35	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=35,FR)
5.135.232.197	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=197,FR)
5.135.253.172	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	TCP: SYN Host Sweep (IP=172,FR)
5.135.4.5	24	RR	None	2020-08-13 00:00:00	2020-11-11 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=5,FR)
5.136.0.0	13	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	RU TO-S-2019-0382 Correction to TO-S-2014-0560
5.14.1.78	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=78,RO)
5.144.14.2	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	Illegal user_6 hr Failed Logon (IP=2,CH)
5.147.206.78	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=78,DE)
5.148.3.212	24	RB	None	2019-01-18 00:00:00	2020-02-12 00:00:00	None	Failed password for invalid user (IP=212,GB) | updated by GM with reason Invalid user - Failed Logons (IP=212,GB)
5.149.205.151	24	RR	None	2018-12-21 06:00:00	2020-01-31 00:00:00	None	Failed password for invalid user (IP=151,RU) | updated by RR with reason Failed password - Failed Logons (IP=151,RU)
5.152.202.90	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=90,GB)
5.153.128.50	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=50,UA)
5.157.2.186	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=186,SE)
5.16.0.0	14	dbc	None	2019-01-30 00:00:00	2020-01-30 00:00:00	None	RU TO-S-2019-0370 Correction to TO-S-2014-0746 Malicious Activity
5.160.172.146	24	RR	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logons (IP=146,IR)
5.164.0.0	14	dbc	None	2019-01-30 00:00:00	2020-01-30 00:00:00	None	RU TO-S-2019-0370 Correction to TO-S-2014-0746 Malicious Activity
5.166.47.194	32	GM	None	2019-08-26 00:00:00	2020-02-03 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - 19C03020 (IP=194,US) | updated by HTTP: Block was inactive. Reactivated on 20191007 with reason Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00213 (IP=194,US) | upda
5.178.80.0	21	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	RU TO-S-2020-0187 Malware Activity
5.178.87.202	24	RR	None	2017-02-15 06:00:00	2020-03-06 00:00:00	None	ET SCAN Potential VNC Scan 5900-5920 (IP=202,RU) | updated by GM with reason Invalid user - Failed Logons (IP=219,RU)
5.179.76.124	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	GB TO-S-2020-0031 Malicious Email Activity
5.180.100.0	22	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	UA TO-S-2020-0047 Malicious Email Activity
5.180.186.27	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=27,TR)
5.180.96.98	24	RB	None	2019-06-26 00:00:00	2020-02-07 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt_Sourcefire (IP=98 DE) | updated by KF with reason Generic ArcSight scan attempt (IP=138,XX)
5.181.108.239	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password - 6hr Logon (IP=239,RU)
5.181.234.188	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Web Application Activity
5.182.209.115	32	DT	None	2020-07-28 00:00:00	2020-10-26 00:00:00	None	Unauthorized Access-Probe - TT# 20C03573 (IP=115,NL)
5.182.210.16	32	CR	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	Unauthorized Access-Probe - TT# 20C02874 (IP=16,NL)
5.182.210.201	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	NL TO-S-2019-0938 Malicious Email Activity
5.182.210.26	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	NL TO-S-2019-0658 Malicious Email Activity
5.182.211.104	32	RW	None	2019-12-30 00:00:00	2020-01-30 00:00:00	None	Unauthorized Access-Probe - TT# 20C01302(IP=104,NL)
5.182.211.241	32	RB	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C03759 (IP=241,NL)
5.182.211.241	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=241,XX)
5.182.25.80	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=80,RU)
5.182.36.0	22	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	MD TO-S-2019-0972 Malicious Email Activity
5.187.21.58	24	djs	None	2016-02-13 06:00:00	2020-06-27 00:00:00	None	SQL injection attempts (ip=58,GB) | updated by dbc with reason GB TO-S-2019-0777 Malicious Email Activity
5.187.210.205	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Sourcefire (IP=205,HU)
5.188.206.14	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=14,no ISC data)
5.188.210.46	24	alj	None	2018-10-22 05:00:00	2020-03-28 00:00:00	None	Malware Callback (ip=46,ru) | updated by RB with reason FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode_Sourcefire (IP=101,RU) | 2020-03-28 | 2019-01-21
5.188.37.38	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=38,RU)
5.188.86.218	32	RW	None	2020-01-02 00:00:00	2020-02-02 00:00:00	None	Known Attack Tool User Agent / HTTP: SqlMap SQL Injection - TT# 20C01321(IP=218,NL)
5.188.9.10	24	RR	None	2018-01-24 06:00:00	2020-05-10 00:00:00	None	ET SCAN Behavioral Unusually fast Terminal Server Traffic Potential Scan or Infection (Inbound) (IP=10,RU) | updated by dbc with reason RU TO-S-2019-0658 Malware Activity
5.188.93.154	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=154,FR)
5.188.93.73	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=73,FR)
5.189.132.131	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	DE TO-S-2020-0109.01 Malicious Email Activity
5.189.139.178	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	DE TO-S-2020-0109.01 Malicious Email Activity
5.189.147.19	24	RB	None	2018-07-21 05:00:00	2020-03-10 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=19 DE) | updated by GM with reason SQL HTTP URI blind injection attempt - Web Attacks (IP=147,DE)
5.189.149.161	24	wmp	None	2015-05-28 05:00:00	2020-04-08 00:00:00	None	Sipvicious User-Agent Detected (IP=161,DE) | updated by RB with reason SQL 1 = 1 - possible sql injection attempt (IP=67,DE) |
5.189.151.124	32	GM	None	2020-08-18 00:00:00	2020-11-18 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT # 20C03737 (IP=124,US)
5.189.152.217	24	sjl	None	2015-12-16 06:00:00	2020-04-08 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=217 DE) | updated by jky with reason DE TO-S-2017-0452 Various m
5.189.155.8	24	ged	None	2015-09-23 05:00:00	2020-04-16 00:00:00	None	ET SCAN Sipvicious Scan (IP=8, DE) | updated by MLJ with reason ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=
5.189.156.112	24	RW	None	2020-05-14 00:00:00	2020-08-14 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=112,DE)
5.189.166.164	24	RW	None	2019-10-02 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Cisco DNA Center API default login attempt - 6 hr web attacks (IP=164,DE)
5.189.167.107	24	RB	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	TCP: SYN Host Sweep (IP=107,DE)
5.189.169.222	24	RR	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - SourceFire (IP=222,DE)
5.189.172.131	24	GLM	None	2017-03-18 05:00:00	2020-08-27 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (IP=131,DE) | updated by dbc with reason DE TO-S-2019-0938 Malicious Email Activity
5.189.181.0	24	GLM	None	2016-08-30 05:00:00	2020-03-12 00:00:00	None	ET SCAN Sipvicious User-Agent | updated by ABC with reason Generic ArcSight scan attempt (IP=34,DE) | 2018-05-04 | 2016-11-30
5.189.182.111	24	ged	None	2016-06-01 05:00:00	2020-02-01 00:00:00	None	ET SCAN Sipvicious Scan (IP=111, DE) | updated by ABC with reason Generic ArcSight scan attempt (IP=141,DE) | 2018-04-06 | 201 | updated by KF with reason Failed password_6 Hr Failed Logons (IP=213,DE)
5.189.187.77	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DE TO-S-2020-0056 Malicious Email Activity
5.189.245.76	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=76,RU)
5.189.252.12	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	DE TO-S-2020-0047 Malicious Email Activity
5.194.175.30	24	RB	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	UDP: Host Sweep_Sauron Report (IP=30,AE)
5.196.116.202	24	GM	None	2019-12-16 00:00:00	2020-03-16 00:00:00	None	Failed password - Failed Logons (IP=202,FR)
5.196.169.223	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	FR TO-S-2019-0400 Malware Activity
5.196.198.39	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=39,FR)
5.196.217.176	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	FR TO-S-2020-0088 Malware Activity
5.196.224.236	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	FR TO-S-2019-0626.01 Malicious Email Activity
5.196.253.108	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	ES TO-S-2020-0056 Malware Activity
5.196.29.194	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password for invalid user - Failed Logons (IP=194,FR)
5.196.66.162	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	FR TO-S-2020-0012 Malicious Email Activity
5.196.67.78	24	RR	None	2016-10-20 05:00:00	2020-02-12 00:00:00	None	Illegal user (IP=78,FR) | updated by GM with reason Failed Password - Failed Logons (IP=41,FR)
5.196.75.178	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=178,FR)
5.196.79.163	24	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	Malware.Binary.doc - Hive case 2527 (IP=163,FR)
5.196.88.110	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=110,FR)
5.196.92.38	24	GM	None	2020-03-08 00:00:00	2020-06-08 00:00:00	None	SERVER-WEBAPP Cisco DNA Center API default login attempt - Sourcefire (IP=38,FR)
5.198.237.119	24	GM	None	2019-11-12 00:00:00	2020-02-12 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=119,IT)
5.199.130.41	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	CA TO-S-2020-0006 Malicious Email Activity
5.199.139.206	24	RW	None	2020-08-01 00:00:00	2020-11-01 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - Sourcefire (IP=206,DE)
5.199.172.0	22	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	LT TO-S-2019-0613 Malware Activity
5.2.158.227	24	RR	None	2017-11-25 06:00:00	2020-02-08 00:00:00	None	Illegal user (IP=227,RO) | updated by RB with reason Invalid user_6 hr Failed Logons (IP=227,RO) | 2020-02-08 | 2018-02-23
5.2.18.6	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	NL TO-S-2019-0747 Malware Activity
5.2.73.15	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	NL TO-S-2019-0852 Malware Activity
5.2.73.248	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	NL TO-S-2019-0468 Malicious Email Activity
5.2.73.253	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	NL TO-S-2019-0468 Malicious Email Activity
5.2.79.99	24	RR	None	2019-12-11 00:00:00	2020-03-10 00:00:00	None	Riskware.Object - FE Web (IP=99,NL)
5.2.84.195	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=195,TR)
5.200.63.0	24	jky	None	2017-03-30 05:00:00	2020-02-01 00:00:00	None	RU TO-S-2017-0799 Malicious activity | updated by RB with reason Failed password_6 hr Failed Logons (IP=190,RU) | 2020-02-01 | 2018-03-30
5.206.225.112	24	RR	None	2018-01-13 06:00:00	2020-09-02 00:00:00	None	ET SCAN Potential SSH Scan (IP=112,PT) | updated by dbc with reason NL TO-S-2019-0864 Malicious Email Activity | updated by dbc with reason NL TO-S-2019-0952 Malicious Email Activity
5.225.162.92	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_6 hr web attacks (IP=92 ES)
5.226.139.30	32	dbc	None	2019-02-27 00:00:00	2020-02-27 00:00:00	None	GB TO-S-2019-0444 Malware Activity
5.228.152.77	24	KF	None	2020-05-23 00:00:00	2020-08-21 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1) - SourceFire (IP=77,RU)
5.23.100.26	24	RB	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Authentication Failed_6 hr Failed Logons_CPC (IP=26,RU)
5.23.112.0	21	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	IR TO-S-2019-0382 Malicious Email Activity
5.23.48.0	21	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	RU TO-S-2019-0577 Malicious Email Activity
5.23.79.3	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 Hr Failed Logons (IP=3,IS)
5.230.147.164	24	djs	None	2015-09-15 05:00:00	2020-03-18 00:00:00	None	DOS Possible NTP DDoS Inbound Frequent Un-Authed MON_LIST Requests (ip=164,DE) | updated by dbc with reason DE TO-S-2019-0508
5.239.244.236	24	RR	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Failed password for invalid user - Failed Logons (IP=236,IR)
5.244.0.0	14	dbc	None	2019-01-30 00:00:00	2020-01-30 00:00:00	None	SA TO-S-2019-0370 Correction to TO-S-2016-0625 Malicious Email Activity
5.249.145.245	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logon (IP=245,IT)
5.251.163.47	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=,KZ)
5.251.34.197	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=197,KZ)
5.251.63.79	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=79,KZ)
5.252.152.0	22	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	RU TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason RU TO-S-2020-0212.01 Malware Activity
5.252.152.200	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	PA TO-S-2020-0187 Malicious Email Activity
5.252.176.0	22	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	RO TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason RO TO-S-2020-0212.01 Malware Activity
5.253.19.11	24	RR	None	2020-04-29 00:00:00	2020-07-28 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=11,NL)
5.253.204.28	32	CR	None	2019-04-03 00:00:00	2020-04-16 00:00:00	None	Known Attack Tool User Agent - TT# 19C01861 (IP=28,US) | updated by dbc with reason LU TO-S-2019-0593 Malicious Reconnaissance
5.28.192.0	18	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	IR TO-S-2019-0430 Malware Activity
5.29.18.171	24	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=171,IL)
5.29.224.0	20	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
5.3.140.218	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit)_SourceFire (IP=18,RU)
5.3.252.14	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	Illegal user - Failed Logons (IP=14,RU)
5.3.6.82	24	GLM	None	2019-01-30 00:00:00	2020-02-07 00:00:00	None	Failed password (IP=82,RU) | updated by RB with reason Failed password for invalid user_6 hr Failed Logons (IP=82,RU) | 2020-02-07 | 2019-04-30
5.34.176.0	21	dbc	None	2019-01-30 00:00:00	2020-01-30 00:00:00	None	UA TO-S-2019-0370 Correction to TO-S-2016-0409 Ransomware Phishing Activity
5.34.179.21	32	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	Possible SQLi attempt / HTTP: SqlMap SQL Injection - Scanning I - TT# 20C02509 (IP=21,US)
5.34.179.21	32	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	Possible SQLi attempt / HTTP: SqlMap SQL Injection - Scanning I - TT# 20C02509 (IP=21,US)
5.35.0.0	17	dbc	None	2019-01-30 00:00:00	2020-01-30 00:00:00	None	RU TO-S-2019-0370 Correction to TO-S-2014-0746 Malicious Activity
5.36.108.191	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed (IP=91,OM)
5.36.233.112	24	BMP	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt - 6hr Web Attacks (IP=112,OM)
5.36.233.167	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=167,OM)
5.36.252.37	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=37,OM)
5.36.27.184	24	BMP	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	SERVER-WEBAPP Embedthis GoAhead CGI information disclosure attempt - SourceFire (IP=184,OM)
5.36.3.209	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	OM TO-S-2020-0109.01 Malicious Email Activity
5.36.33.174	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=174,OM)
5.37.153.221	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=21,OM)
5.37.178.206	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=206,OM)
5.37.199.84	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=84,OM)
5.38.229.18	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=18,HU)
5.39.216.148	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0212.01 Malware Activity
5.39.216.148	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-S-2020-0206 Malware Activity
5.39.217.17	24	djs	None	2015-01-02 06:00:00	2020-07-18 00:00:00	None	Poor Rep IP activity (ip=17,NL) | updated by jky with reason NL TO-S-2017-0233 C2 X-Agent malware | updated by dbc with reason NL TO-S-2019-0831 Malicious Email Activity
5.39.219.138	24	ABC	None	2016-05-03 05:00:00	2020-01-17 00:00:00	None	Bro-observed Port Scanning (IP=138,NL) | updated by MLJ with reason ET SCAN Behavioral Unusually fast Terminal Server Traffic | updated by RR with reason OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP
5.39.221.58	32	RB	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	ReputationDV Spyware Event - TT# 20EX006 (IP=58,NL)
5.39.47.120	24	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Blueimp jQuery File Upload arbitrary PHP file upload attempt - Web Attacks (IP=120,FR)
5.39.71.142	24	GM	None	2020-06-18 00:00:00	2020-08-18 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=147,FR)
5.39.82.197	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Failed password - Failed Logons (IP=197,FR)
5.39.93.158	24	RR	None	2019-01-29 00:00:00	2020-05-03 00:00:00	None	Failed password for invalid user (IP=158,FR) | updated by KF Block was inactive. Reactivated on 20200203 with reason Failed password (IP=158,FR)
5.42.137.157	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=157,DE)
5.42.224.0	19	dbc	None	2019-01-30 00:00:00	2020-01-30 00:00:00	None	SA TO-S-2019-0370 Correction to TO-S-2016-0625 Malicious Email Activity
5.44.168.0	24	GLM	None	2016-11-26 06:00:00	2020-02-04 00:00:00	None	APP-DETECT failed FTP login attempt (IP=21,RU) | updated by kmw with reason RU TO-S-2019-0382 Correction to TO-S-2017-0680
5.44.196.115	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=115,SW)
5.45.122.104	24	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=104,EE)
5.45.192.0	18	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	RU TO-S-2019-0972 Malicious Email Activity
5.45.64.30	24	ged	None	2014-05-07 05:00:00	2020-08-06 00:00:00	None	ET SCAN Potential SSH Scan (IP=30, NL) | updated by dbc with reason RU TO-S-2019-0864 Malware Activity
5.45.80.37	24	MLJ	None	2018-06-04 05:00:00	2020-07-23 00:00:00	None	SQL 1 = 1 - possible sql injection | updated by dbc with reason RU TO-S-2019-0839 Malicious Email Activity
5.53.120.0	21	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	RU TO-S-2020-0047 Malicious Email Activity
5.55.136.145	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=145,GR)
5.55.231.88	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=88,GR)
5.56.60.102	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=102,ES)
5.57.33.71	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=71,IR)
5.58.253.19	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=19,UA)
5.61.57.59	24	RR	None	None	2020-06-25 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=59,NL)
5.61.58.15	24	RW	None	2020-02-27 00:00:00	2020-05-27 00:00:00	None	Malicious IP - Hive Case #2080 (IP=15,NL)
5.61.59.120	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	NL TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malware Activity
5.62.157.15	24	RB	None	2017-10-08 05:00:00	2020-02-21 00:00:00	None	SQL generic sql with comments injection attempt - GET parameter (IP=15,FR) | updated by dbc with reason FR TO-S-2019-0430 Mal
5.62.19.37	24	RR	None	None	2020-06-26 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=37,RU)
5.62.44.223	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Web Application Activity
5.62.44.224	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Web Application Activity
5.62.44.225	32	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	US TO-S-2020-0077 Malicious Email Activity
5.62.44.230	32	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	US TO-S-2020-0077 Malicious Email Activity
5.62.48.17	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Web Application Activity
5.62.48.18	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Web Application Activity
5.63.151.96	27	CR	None	2018-12-03 06:00:00	2020-02-15 00:00:00	None	Unauthorized Access-Probe /UDP Host Sweep - TT# 19C00450 (IP=96,US) | updated by dbc with reason GB TO-S-2019-0409 Malicious R
5.64.10.130	24	RR	None	2020-01-18 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=130,GB) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=130,GB)
5.64.195.87	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=87,GB)
5.64.204.237	24	GM	None	2020-02-14 00:00:00	2020-05-15 00:00:00	None	Authentication Failed - Failed Logons (IP=237,GB) | updated by BMP Block expiration extended with reason Authentication Failed - 6hr Logons (IP=237,GB)
5.64.7.106	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
5.65.168.91	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Web attacks (IP=91,GB)
5.65.220.119	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
5.65.39.15	24	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - Failed Logons (IP=15,GB)
5.66.131.50	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=50,GB)
5.66.139.121	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=121,UK)
5.67.199.189	24	GM	None	2020-03-21 00:00:00	2020-06-21 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=189,GB)
5.67.96.120	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	GB TO-S-2019-1036 Malicious Email Activity
5.70.134.89	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=89,GB)
5.70.238.194	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=194,GB)
5.76.141.193	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=193,KZ)
5.77.0.0	19	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	RU TO-S-2019-1036 Malicious Email Activity
5.77.39.20	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	BG TO-S-2019-0571 Malicious Email Activity
5.77.50.105	24	RB	None	2018-10-08 05:00:00	2020-04-08 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (IP=105 GB) | updated by dbc with reason GB TO-S-2019-0577
5.77.55.153	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=153,GB)
5.79.105.11	24	EDBT	None	2017-09-09 05:00:00	2020-06-07 00:00:00	None	ET SCAN Potential SSH Scan (IP=11,NL) | updated by dbc with reason NL TO-S-2019-0723 Malicious Email Activity
5.79.127.177	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	NL TO-S-2019-0777 Malicious Email Activity
5.79.128.0	17	dbc	None	2019-01-30 00:00:00	2020-01-30 00:00:00	None	IR TO-S-2019-0370 Correction to TO-S-2015-0078 Malicious Activity
5.79.79.78	24	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=78,NL)
5.79.90.73	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	NL TO-S-2019-0747 Malware Activity
5.8.35.160	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	NL TO-S-2020-0031 Malicious Email Activity
5.8.8.71	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=71,RU)
5.8.8.9	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=9,RU)
5.83.124.121	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=121,IT)
5.83.160.192	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt (IP=192,DE)
5.83.160.253	24	MLJ	None	2017-09-20 05:00:00	2020-02-18 00:00:00	None	BLACKLIST URI - known scanner tool muieblackcat (IP=253,DE) | updated by RR with reason POLICY-OTHER Adobe ColdFusion admin interface access attempt - SourceFire (IP=192,DE)
5.83.161.240	24	RW	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Sourcefire (IP=146,IN)
5.83.163.161	24	RR	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=161,DE)
5.88.155.130	32	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - 6hr Failed Logon (IP=130,IT) | updated by RW Block was inactive. Reactivated on 20191015 with reason Illegal user - 6hr Failed Logon (IP=130,IT)
5.89.107.132	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Authentication Failed - Failed Logon (IP=132,IT)
5.89.124.242	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=42,IT)
5.9.101.44	32	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	DE TO-S-2019-0593 Malware Activity
5.9.109.168	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	DE TO-S-2019-0571 Malicious Email Activity
5.9.118.147	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	DE TO-S-2019-0468 Malicious Email Activity
5.9.127.76	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	DE TO-S-2019-0430 Malware Activity
5.9.142.173	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	DE TO-S-2019-0488 Malicious Email Activity
5.9.144.144	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	DE TO-S-2019-0952 Malicious Email Activity
5.9.145.132	24	EDBT	None	2016-12-15 06:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP glimpse access (IP=132,DE) | updated by RR with reason Unauthorized Access-Probe - TT# 19C00968 (IP=195,DE) | updated by dbc with reason DE TO-S-2019-0658 Malware Activity
5.9.249.219	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	DE TO-S-2019-0604 Malicious Email Activity
5.9.26.115	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	DE TO-S-2020-0047 Malicious Email Activity
5.94.101.130	24	GM	None	2020-06-10 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=130,IT)
5.94.20.9	24	KF	None	2020-07-01 00:00:00	2020-09-29 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (1:29831:3) - SourceFire (IP=9,IT)
5.94.66.245	24	KF	None	2020-01-20 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=245,IT) | updated by KF Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=245,IT)
5.94.67.86	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt_Sourcefire (IP=86,IT)
5.95.50.163	24	GM	None	2020-01-16 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=163,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=163,IT) | updated by KF with reason SERVER-WEBAPP MVP
5.96.237.174	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - Web Attacks (IP=174,IT)
5.97.209.0	24	sym	None	2014-03-30 05:00:00	2020-03-08 00:00:00	None	SSH Scan (ip=41,IT) | updated by GM with reason Invalid user - Failed Logons (IP=39,IT)
5.97.218.186	24	RR	None	2020-01-29 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - Web Attacks (IP=186,IT) | updated by RR Block expiration extended with reason SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - SourceFire (IP=186,IT)
50.115.176.218	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=218,CA)
50.116.102.40	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
50.116.113.110	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=110, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
50.116.37.25	32	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	SERVER-WEBAPP Oracle e-Business Suite HR_UTIL_DISP_WEB SQL injection attempt - Web Attacks (IP=25,US)
50.116.45.21	32	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=21,US)
50.116.45.226	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
50.116.6.101	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=101,US)
50.116.64.21	32	KF	None	2019-12-02 00:00:00	2020-03-02 00:00:00	None	SQL HTTP URI blind injection attempt (IP=21,US) | updated by KF Block expiration extended with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=21,US)
50.116.64.33	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
50.116.69.17	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=17,US)
50.116.70.35	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malware Activity
50.116.71.108	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
50.116.71.164	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=164,US)
50.116.73.144	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
50.116.80.164	32	KF	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=164,US)
50.116.82.246	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=246,US)
50.116.83.209	32	KF	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	SQL HTTP URI blind injection attempt (IP=209,US)
50.116.84.37	32	wmp	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	HIVE Case #3109 COLS-NA-TIP-20-0192 (IP=37,US)
50.116.84.63	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
50.116.87.84	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
50.116.94.238	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
50.117.38.26	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
50.117.38.5	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malicious Web Application Activity
50.117.38.52	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
50.117.38.72	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malicious Web Application Activity
50.117.38.73	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malicious Web Application Activity
50.117.38.76	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=76,US)
50.117.47.108	32	EDBT	None	2016-11-19 06:00:00	2020-12-19 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=108,US) | updated by RR with reason Generic ArcSight scan attempt (IP=108,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0190 Malware Activity
50.117.47.15	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malware Activity
50.117.47.198	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
50.117.47.211	32	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=211,US)
50.117.47.213	32	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=213,US)
50.117.47.241	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Web Application Activity
50.117.47.243	32	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=243,US)
50.117.47.56	32	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=56,US)
50.117.47.88	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Web Application Activity
50.117.47.98	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
50.117.86.20	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
50.117.86.73	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
50.117.86.74	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
50.118.255.160	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Web Application Activity
50.118.255.194	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
50.118.255.236	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
50.118.255.5	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Web Application Activity
50.118.255.81	32	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=81,US)
50.118.255.89	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Web Application Activity
50.127.71.5	32	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=5,US)
50.16.110.224	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=225,US)
50.195.155.21	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=21,US)
50.195.251.10	32	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=10,US)
50.197.243.62	32	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=62,US)
50.206.55.132	32	BMP	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=132,US)
50.208.79.186	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2/BOT: Mirai Echobot Activity Detected - TT# 20C02417 (IP=186,US)
50.209.104.212	32	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=212,US)
50.21.182.207	32	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=207,US)
50.22.108.251	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
50.22.46.131	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=131,US)
50.225.152.178	32	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=178,US)
50.232.210.149	24	RW	None	2020-03-20 00:00:00	2020-06-20 00:00:00	None	FTPP_FTP_RESPONSE_LENGTH_OVERFLOW - Sourcefire (IP=149,US)
50.234.173.102	32	KF	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	UDP: Host Sweep (IP=102,US)
50.237.128.182	32	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=182,US)
50.242.246.137	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malware Activity
50.242.29.35	32	RW	None	2020-04-06 00:00:00	2020-05-06 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Mirai Echobot Activity Detected - TT# 20C02434 (IP=35,US)
50.243.4.101	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=101,US) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=101,US)
50.248.72.137	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
50.250.231.41	32	RWB	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Failed password for invalid user - Failed Logon (IP=41,US) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=41,US)
50.251.31.229	32	RW	None	2020-09-02 00:00:00	2020-12-02 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=229,US)
50.252.114.117	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=117,US)
50.254.86.98	32	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password - Failed Logons (IP=98,US)
50.28.11.208	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
50.28.18.91	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
50.28.55.205	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
50.28.62.202	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
50.28.67.70	32	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	US TO-S-2019-0515 Malicious Email Activity
50.28.76.125	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
50.3.242.198	32	RB	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00144 (IP=198,US)
50.31.26.152	32	RW	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Generic ArcSight scan attempt (IP=152,US)
50.31.5.228	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
50.31.63.246	32	wmp	None	2020-08-03 00:00:00	2020-11-03 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=246,US)
50.56.240.153	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malware Activity
50.60.222.208	32	RW	None	2020-02-04 00:00:00	2020-03-04 00:00:00	None	HTTP: Web Server HashDoS Attack II - TT# 20C01601(IP=208,SA)
50.62.100.1	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
50.62.160.149	32	BMP	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	SQL use of sleep function with and - likely SQL injection - SourceFire (IP=149,US)
50.62.160.49	32	CR	None	2019-02-03 00:00:00	2020-05-17 00:00:00	None	SQL generic convert injection attempt - GET parameter (IP=49,US) | updated by RW Block was inactive. Reactivated on 20200217 with reason SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=49,US)
50.62.161.72	32	CR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=72,US)
50.62.169.100	32	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6hr Web Attacks (IP=100,US)
50.62.176.109	32	RW	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=109,US)
50.62.176.148	32	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=148,US)
50.62.176.24	32	FT	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	CERT/CC VU#257161:CVE-2020-CVE-2020-11910 anomalous ICMPv4 type 3,code 4 Path MTU Discovery - Sourcefire (IP=24,US)
50.62.176.80	32	RB	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=80,US)
50.62.177.102	32	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=102,US)
50.62.177.11	32	BMP	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr Web Attacks (IP=11,US)
50.62.177.117	32	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	SQL generic convert injection attempt - GET parameter_6 hr web attacks (IP=117,US)
50.62.177.207	32	KF	None	2020-02-02 00:00:00	2020-08-25 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=207,US) | updated by BMP Block was inactive. Reactivated on 20200527 with reason SQL use of sleep function with and - likely SQL injection - SourceFire (IP=207,US)
50.62.177.232	32	CR	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	SQL HTTP URI blind injection attempt - CIRT web attack (IP=232,US)
50.62.177.51	32	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=51,US)
50.62.177.91	32	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	SQL use of sleep function with and - likely SQL injection - SourceFire (IP=91,US)
50.62.198.70	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
50.62.208.137	32	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SQL 1 = 1 - possible sql injection attempt_Web Attacks (IP=137,US)
50.62.208.145	32	cmr	None	2017-06-24 05:00:00	2020-08-12 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=145,US) | updated by RW Block was inactive. Reactivated on 20200512 with reason HTTP: Blind SQL Injection - Timing - 6hr web attacks (IP=145,US)
50.62.208.151	32	RW	None	2020-05-12 00:00:00	2020-08-12 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr web attacks (IP=151,US)
50.62.208.204	32	cmr	None	2017-06-25 05:00:00	2020-01-30 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=204,US) | updated by RB with reason SQL 1 = 1 - possible sql injection attempt | updated by RW Block was inactive. Reactivated on 20191030 with reason HTTP: Blind SQL Injection - Timing - 6hr web attacks (
50.62.208.41	32	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=41,US)
50.62.208.46	32	BMP	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	SQL use of sleep function with and - likely SQL injection - SourceFire (IP=46,US)
50.62.208.51	32	CR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=51,US)
50.62.208.69	32	MLJ	None	2017-12-13 06:00:00	2020-10-19 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=69,US) | updated by BMP Block was inactive. Reactivated on 20200721 with reason SQL 1 = 1 - possible sql injection attempt - 6hr Web Attacks (IP=69,US)
50.62.248.33	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	US TO-S-2019-0926 Malicious Email Activity
50.63.14.162	32	RW	None	2020-03-03 00:00:00	2020-06-03 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=162,US)
50.63.160.121	32	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	HTTP: Blind SQL Injection - Timing_6 hr web attacks (IP=121,US)
50.63.164.78	32	CR	None	2019-11-28 00:00:00	2020-02-28 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=78,US)
50.63.166.194	32	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Illegal user - 6hr Logon (IP=194,US)
50.63.173.61	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
50.63.196.18	32	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SQL HTTP URI blind injection attempt - 6 hr Web Attacks (IP=18,US)
50.63.202.32	27	None	None	None	2020-01-24 00:00:00	None	| updated by dbc with reason US TO-S-2019-0351 Malicious Web Application Activity
50.63.202.80	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	US TO-S-2019-0926 Malware Activity
50.63.202.83	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	US TO-S-2019-0926 Malware Activity
50.63.202.87	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
50.63.202.94	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	US TO-S-2019-0926 Malware Activity
50.7.220.114	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=114,US)
50.73.116.43	32	BMP	None	2019-12-25 00:00:00	2020-01-24 00:00:00	None	Known Attack Tool User Agent / 28744: HTTP: MASSCAN Tool Usaget - TT# 20C01233 (IP=43,US)
50.77.68.206	32	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password - Failed Logons (IP=206,US)
50.87.0.0	16	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	PA TO-S-2019-0409 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0420 Correction to TO-S-2019-0409 Malicio | updated by dbc with reason US TO-S-2019-0640.01 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0747 M
50.87.144.147	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
50.87.144.156	32	GM	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=156,US)
50.87.151.28	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
50.87.153.80	32	GM	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=80,US)
50.87.171.20	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
50.87.194.77	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
50.87.248.176	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Correction to TO-S-2019-0409 Malicious Email Activity
50.87.248.239	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
50.88.188.206	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=206,US)
50.93.34.66	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	CA TO-S-2019-0488 Malware Activity
50.93.7.1	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Authentication Failed - Failed Logons (IP=1,CA)
51.103.142.75	24	BMP	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - SourceFire (IP=75,CH)
51.103.40.19	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3560 COLS-NA-TIP-20-0259 (IP=19,GB)
51.107.68.245	32	GM	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02982 (IP=245,GB)
51.107.86.150	32	BMP	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	FE_Webshell_PHP_Generic_17 - Case #2525 (IP=150,CH)
51.107.90.15	24	KF	None	2020-05-04 00:00:00	2020-08-02 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C02596 (IP=15,GB)
51.11.244.218	32	RB	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - TT# 20C03760 (IP=218,GB)
51.116.169.42	32	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	UDP: Host Sweep (IP=42,US)
51.116.228.196	32	FT	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	Unauthorized Access-Probe - TT# 20C03785 (IP=196,DE)
51.136.40.118	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password - 6hr Logon (IP=118,NL)
51.137.110.204	32	KF	None	2020-05-23 00:00:00	2020-08-21 00:00:00	None	Unauthorized Access-Probe - TT# 20C02897 (IP=204,US)
51.140.110.179	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=179,UK)
51.140.115.168	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=168,US)
51.140.141.249	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=249,GB)
51.141.39.94	24	RR	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=94,GB)
51.141.90.183	24	RW	None	2020-08-08 00:00:00	2020-11-08 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat - Sourcefire (IP=183,UK)
51.144.160.217	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=217,NL)
51.145.5.209	24	KF	None	2020-06-11 00:00:00	2020-09-09 00:00:00	None	Unauthorized Access-Probe//UDP Hostsweep - TT# 20C03131 (IP=209,GB)
51.15.10.39	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	NL TO-S-2020-0056 Malicious Web Application Activity
51.15.106.64	24	CR	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=64,FR)
51.15.108.196	32	RB	None	2020-03-20 00:00:00	2020-04-20 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep TT# 20C02191 (IP=196,US)
51.15.111.29	24	GM	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HTTP: php.cgi Buffer Overflow - Web Attacks (IP=29,NL)
51.15.139.74	24	YM	None	2017-02-22 06:00:00	2020-09-10 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=74,FR) | updated by dbc with reason FR TO-S-2019-0972 Malicious Email Activity
51.15.152.61	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=61,FR)
51.15.153.30	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=30,FR)
51.15.160.226	24	MLJ	None	2017-04-29 05:00:00	2020-02-04 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=226,GB) | updated by kmw with reason GB TO-S-2019-0382 Maliciou
51.15.165.218	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=218,FR)
51.15.177.58	32	RW	None	2020-02-19 00:00:00	2020-03-19 00:00:00	None	Unauthorized Access-Probe - TT# 20C01779(IP=58,US)
51.15.18.136	24	GLM	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	ABC Generic ArcSight scan attempt (IP=136,FR)
51.15.182.229	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	FR TO-S-2019-1036 Malicious Web Application Activity
51.15.184.151	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	FR TO-S-2019-0769 Malware Activity
51.15.195.116	24	EDBT	None	2017-10-16 05:00:00	2020-02-16 00:00:00	None	ET SCAN Potential SSH Scan (IP=116,FR) | updated by GLM with reason Failed password (IP=156,FR) | updated by RR with reason Invalid user - Failed Logons (IP=124,FR)
51.15.207.74	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Failed password - Failed Logons (IP=74,FR)
51.15.21.84	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	NL TO-S-2019-1002 Malicious Email Activity
51.15.212.176	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	FR TO-S-2019-0640.01 Malware Activity
51.15.212.26	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=26,FR)
51.15.214.200	32	RW	None	2020-03-16 00:00:00	2020-04-16 00:00:00	None	Known Attack Tool User Agent / HTTP: Masscan Scanner Traffic Detected - TT# 20C02153 (IP=200,US)
51.15.219.138	24	MLJ	None	2017-09-14 05:00:00	2020-08-15 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=138,GB) | updated by dcg with reason FR TO-S-2018-0756 Maliciou | updated by dbc with reason FR TO-S-2019-0890.01 Malicious Web Application Activity
51.15.222.27	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=27,FR)
51.15.24.126	24	RW	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	UDP: Host Sweep (IP=126,FR)
51.15.248.243	32	dbc	None	2019-07-29 00:00:00	2020-08-06 00:00:00	None	FR TO-S-2019-0852 Malware Activity | updated by dbc with reason Unaffiliated TO-S-2019-0864 Malware Activity
51.15.25.65	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	NL TO-S-2020-0065 Malicious Email Activity
51.15.27.103	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=103,FR)
51.15.37.97	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	NL TO-S-2020-0012 Malicious Email Activity
51.15.43.205	24	GM	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=205,NL)
51.15.51.2	24	RW	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=2,NL)
51.15.58.201	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=201,NL)
51.15.60.62	24	EDBT	None	2017-10-02 05:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt (IP=62,NL) | updated by dbc with reason NL TO-S-2019-0351 M
51.15.71.134	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=134,FR)
51.15.72.153	24	CW	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	SQL use of sleep function with and - likely SQL injection_SourceFire (IP=53,BR)
51.15.80.14	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	NL TO-S-2020-0012 Malicious Email Activity
51.15.87.122	24	MLJ	None	2017-09-22 05:00:00	2020-02-20 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=122,GB) | updated by RR with reason Failed password - Failed Logons (IP=74,FR)
51.15.93.62	24	MLJ	None	2017-12-04 06:00:00	2020-04-17 00:00:00	None	ET SCAN Behavioral Unusually fast Terminal Server Traffic Potential Scan or Infection (Inbound) (IP=62,GB) | updated by dcg w
51.158.104.58	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user (IP= 58 , FR )
51.158.109.22	24	GM	None	2019-11-13 00:00:00	2020-02-13 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=22,FR)
51.158.113.194	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user_Failed Logon (IP=94,FR)
51.158.115.83	32	BMP	None	2020-03-21 00:00:00	2020-06-19 00:00:00	None	Known Attack Tool User Agent / HTTP: Masscan Scanner Traffic Detected - TT# 20C02193 (IP=83,FR)
51.158.120.16	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	FIREEYE Web: Infection Match (blocked) (IP=16,FR)
51.158.126.207	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=207,FR)
51.158.161.102	24	GM	None	2020-07-05 00:00:00	2020-10-05 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=102,FR)
51.158.162.242	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password_Faield Logon (IP=42,FR)
51.158.21.110	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=110,FR)
51.158.24.203	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=203,FR)
51.158.25.170	32	CR	None	2020-01-01 00:00:00	2020-02-01 00:00:00	None	Known Attack Tool User Agent - TT# 20C01308 (IP=170,US)
51.158.27.21	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=21,FR)
51.158.31.243	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=243,FR)
51.158.78.107	24	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - 6hr Web Attacks (IP=107,GB)
51.158.98.78	24	DT	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	Exploit attempts - Hive Case #3687 (IP=78,FR)
51.159.0.127	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	HTTP: SQL Injection - Exploit III - SourceFire (IP=127,GB)
51.159.2.23	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=23,FR)
51.159.30.47	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=47,FR)
51.159.35.140	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	UDP: Host Sweep (IP=140,FR)
51.159.52.246	24	RW	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	TCP: SYN Host Sweep (IP=246,FR)
51.159.56.25	24	GM	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	ABC Generic ArcSight scan attempt (IP=25,FR)
51.159.57.143	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=143,FR)
51.159.58.62	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=62,FR)
51.159.64.153	24	RW	None	2020-05-12 00:00:00	2020-08-12 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=153,FR)
51.159.7.65	24	KF	None	2019-10-28 00:00:00	2020-01-27 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=65,GB) | updated by KF with reason Authentication Failed_6 Hr Failed Logons (IP=65,GB)
51.159.88.2	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=2,FR)
51.161.12.231	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=231,CA)
51.161.57.149	24	RR	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-WEBAPP Blueimp jQuery File Upload arbitrary PHP file upload attempt (1:48263:1) - SourceFire (IP=149,CA)
51.161.8.239	32	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Known Attack Tool User Agent - 20C01553 (IP=239,US)
51.161.9.0	32	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C01603 (IP=0,US)
51.161.9.127	24	RR	None	2020-04-18 00:00:00	2020-07-17 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=127,GB)
51.171.156.251	32	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=251,IE)
51.178.151.3	24	KF	None	2020-03-16 00:00:00	2020-06-14 00:00:00	None	Known Attack Tool User Agent / HTTP Muieblackcat Security - TT# 20C02147 (IP=3,FR)
51.178.191.104	24	FT	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt - Sourcefire (IP=104,FR)
51.178.240.4	24	RW	None	2020-09-08 00:00:00	2020-12-08 00:00:00	None	SQL generic convert injection attempt - GET parameter - Sourcefire (IP=4,FR)
51.178.48.185	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=185,FR)
51.178.78.153	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=153,FR)
51.178.91.175	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=175,FR)
51.178.92.110	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	UDP: Host Sweep (IP=110,FR)
51.178.93.93	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Unauthorized Scanning (IP=93,XX)
51.195.148.18	24	GM	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=18,FR)
51.211.184.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	SA TO-S-2019-0626.01 Malware Activity
51.218.210.231	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=231,SA)
51.218.249.238	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=238,SA)
51.223.154.208	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=208,SA)
51.223.69.47	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=47,SA)
51.223.8.249	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=49,SA)
51.235.146.211	24	DT	None	2020-07-05 00:00:00	2020-10-03 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=211,SA)
51.235.15.26	24	RW	None	2020-01-09 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=26,SA)
51.235.88.156	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=156,SA)
51.241.110.27	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=27,UK)
51.254.123.127	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password for invalid user (IP=127,FR)
51.254.123.131	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=131,FR)
51.254.124.181	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=181,FR)
51.254.124.213	32	KF	None	2020-02-27 00:00:00	2020-05-27 00:00:00	None	Known Attack Tool User Agent/HTTP: SqlMap SQL Injection - TT# 20C01838 (IP=213,FR)
51.254.129.128	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Failed password for invalid user - Failed Logon (IP=128,FR)
51.254.141.87	24	ABC	None	2018-05-16 05:00:00	2020-01-29 00:00:00	None	Generic ArcSight scan attempt (IP=87,FR) | updated by GM with reason Failed password - Failed Logons (IP=18,FR)
51.254.143.190	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=190,FR)
51.254.143.96	24	GM	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=96,FR)
51.254.211.231	24	ABC	None	2015-11-16 06:00:00	2020-02-08 00:00:00	None	Bro-observed Port Scanning (IP=231,FR) | updated by GM with reason Invalid user - Failed Logons (IP=232,FR)
51.254.23.230	24	djs	None	2016-02-11 06:00:00	2020-02-08 00:00:00	None	SSH scans (ip=230,GB) | updated by djs with reason SSH Scans (ip=230,GB) | updated by KF with reason Generic ArcSight scan attempt (IP=217,FR)
51.254.32.102	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=102,FR)
51.254.38.52	24	GLM	None	2018-12-13 06:00:00	2020-02-13 00:00:00	None	Invalid user (IP=52,FR) | updated by GM with reason Failed password - Failed Logons (IP=106,FR)
51.254.51.157	24	ABC	None	2019-01-08 06:00:00	2020-01-14 00:00:00	None	Generic ArcSight scan attempt(IP=157,France) | updated by RR with reason Illegal user - Failed Logons (IP=182,FR)
51.254.59.113	32	RB	None	2020-05-05 00:00:00	2020-08-03 00:00:00	None	TO-S-2020-0495/ Multiple Blocks - TT# 20C02618 (IP=113,FR)
51.254.79.235	24	BP	None	2019-11-20 00:00:00	2020-02-20 00:00:00	None	Authentication Failed (IP=235,FR)
51.254.98.85	24	RW	None	2020-02-27 00:00:00	2020-05-27 00:00:00	None	Malicious IP - Hive Case #2080 (IP=85,FR)
51.255.109.172	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=172,FR)
51.255.122.19	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=19,FR)
51.255.126.132	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=132,FR)
51.255.165.4	32	wmp	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3506 COLS-NA-TIP-20-0252 (IP=4,FR)
51.255.168.30	24	KF	None	2018-12-11 06:00:00	2020-02-13 00:00:00	None	Failed password for invalid user (IP=30,GB) | updated by RWB Block was inactive. Reactivated on 20191115 with reason Failed password - Failed Logon (IP=30,FR)
51.255.173.222	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password for invalid user - Failed Logons (IP=222,FR)
51.255.174.164	24	CR	None	2019-01-17 00:00:00	2020-01-14 00:00:00	None	Failed password for invalid user user (IP=164,GB) | updated by CR with reason Failed password_6 hr Failed Logon (IP=215,GB)
51.255.197.164	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=164,FR)
51.255.2.9	32	JKC	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	Malicious IP Case # 3063 - IOC_ISO CTOs 20-164, 20-165 (IP=9, FR)
51.255.35.58	24	RR	None	2018-12-21 06:00:00	2020-02-05 00:00:00	None	Illegal user (IP=58,GB) | updated by RWB Block was inactive. Reactivated on 20191107 with reason Failed password - Failed Logon (IP=58,FR)
51.255.42.250	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password - Failed Logon (IP=250,FR)
51.255.49.92	24	CW	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Failed password for invalid user_Failed Logon (IP=92,FR)
51.255.58.1	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=1,FR)
51.255.70.132	24	GLM	None	2018-08-05 05:00:00	2020-02-11 00:00:00	None	APP-DETECT failed FTP login attempt (IP=132,FR) | updated by GM with reason APP-DETECT failed FTP login attempt - Failed Logons (IP=118,FR)
51.255.77.78	24	CR	None	2020-07-14 00:00:00	2020-10-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=78,FR)
51.255.85.104	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logons (IP=104,FR)
51.38.0.0	16	dbc	None	2018-12-21 06:00:00	2020-02-01 00:00:00	None	LT TO-S-2019-0257 Malicious Email Activity | updated by RR with reason Known Attack Tool User Agent - TT# 20C01312 (IP=207,GB)
51.38.144.171	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=171,PL)
51.38.157.153	32	wmp	None	2020-07-29 00:00:00	2020-10-29 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=153,PL)
51.38.244.212	32	RW	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	Known Attack Tool User Agent V2 / 20086: HTTP: Muieblackcat Security Scanner - TT# 20C02733 (IP=212,FR)
51.38.247.90	32	GM	None	2020-04-07 00:00:00	2020-06-07 00:00:00	None	Unauthorized Access-Probe / UDP Host Sweep - TT# 20C02455 (IP=90,DE)
51.38.57.199	32	RW	None	2019-12-18 00:00:00	2020-06-05 00:00:00	None	28744: HTTP: MASSCAN Tool Usage - TT# 20C01168 (IP=199,US) | updated by GM Block was inactive. Reactivated on 20200305 with reason Known Attack Tool User Agent/TTP: Masscan Scanner Traffic Detected - TT# 20C01982 (IP=199,US)
51.4.147.32	24	RR	None	2020-08-23 00:00:00	2020-11-21 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=32,DE)
51.52.225.176	24	CW	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_web attacks (IP=76,GB)
51.68.109.204	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	FR TO-S-2019-0658 Malicious Email Activity
51.68.11.195	24	RW	None	2020-02-02 00:00:00	2020-07-13 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=195,FR) | updated by KF Block expiration extended with reason HTTP: SQL Injection - Exploit II - Web Attacks (IP=195,GB)
51.68.121.138	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=138,FR)
51.68.122.216	24	RR	None	2018-12-18 06:00:00	2020-03-05 00:00:00	None	Failed password for invalid user (IP=216,GB) | updated by GM with reason Invalid user - Failed logons (IP=216,FR)
51.68.123.37	24	RR	None	2018-12-18 06:00:00	2020-02-12 00:00:00	None	Failed password for invalid user (IP=37,GB) | updated by GM with reason Invalid user - Failed Logons (IP=198,FR)
51.68.124.181	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logon (IP=181,GB)
51.68.128.161	32	RW	None	2020-06-10 00:00:00	2020-09-11 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C03128 (IP=161,PO)
51.68.136.168	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=168,GB)
51.68.143.224	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=224,PL)
51.68.154.165	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	PL TO-S-2019-0608 Malware Activity
51.68.170.62	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	FR TO-S-2019-0617 Malware Activity
51.68.180.14	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	DE TO-S-2019-0532 Malicious Email Activity
51.68.190.143	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	DE TO-S-2019-0658 Malware Activity
51.68.192.106	24	GM	None	2019-11-12 00:00:00	2020-02-12 00:00:00	None	Invalid user - Failed Logons (IP=106,GB)
51.68.199.166	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=166,GB)
51.68.200.224	24	RR	None	2020-09-21 00:00:00	2020-12-20 00:00:00	None	SQL generic convert injection attempt - GET parameter - SourceFire (IP=224,GB)
51.68.205.77	24	BMP	None	2020-05-11 00:00:00	2020-08-09 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - SourceFire (IP=77,GB)
51.68.208.224	24	DT	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=224,GB)
51.68.208.234	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	GB TO-S-2020-0190 Malicious Web Application Activity
51.68.220.249	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=249,GB)
51.68.230.28	24	RR	None	2018-12-18 06:00:00	2020-04-19 00:00:00	None	Failed password for invalid user (IP=28,GB) | updated by dbc with reason FR TO-S-2019-0608 Malware Activity
51.68.251.201	24	GM	None	2019-11-13 00:00:00	2020-02-13 00:00:00	None	Failed password - Failed Logons (IP=201,FR)
51.68.44.80	24	RR	None	2018-08-30 05:00:00	2020-06-07 00:00:00	None	Illegal user (IP=80,GB) | updated by CR with reason Illegal user (IP=13,GB) | updated by dbc with reason FR TO-S-2019-0723 Malicious Email Activity
51.68.50.58	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	FR TO-S-2020-0006 Malicious Email Activity
51.68.64.208	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password_Faield Logon (IP=8,FR)
51.68.73.117	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	FR TO-S-2019-0852 Malware Activity
51.68.86.23	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Generic ArcSight scan attempt (IP=23,FR)
51.68.97.107	24	ALJ	None	2018-09-08 05:00:00	2020-02-01 00:00:00	None	Illegal user (ip=107,gb) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=191,GB)
51.75.123.85	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password for invalid user - Failed Logons (IP=85,GB)
51.75.126.169	24	RR	None	2018-12-22 06:00:00	2020-02-24 00:00:00	None	Illegal user (IP=169,GB) | updated by RR with reason Failed password - Failed Logons (IP=115,GB)
51.75.144.20	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=20,FR)
51.75.147.100	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Failed password for invalid user - Failed Logons (IP=100,GB)
51.75.155.66	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	FR TO-S-2019-0747 Malware Activity
51.75.17.228	24	RR	None	2018-12-20 06:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=228,GB) | updated by GM with reason Failed password - Failed Logons (IP=228,FR)
51.75.170.234	24	RR	None	2019-01-19 00:00:00	2020-01-26 00:00:00	None	Failed password for invalid user (IP=234,GB) | updated by KF with reason Failed Password_6 Hr Failed Logons (IP=13,GB)
51.75.172.56	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	FR TO-S-2019-0546 Malicious Email Activity
51.75.18.236	24	RR	None	2019-01-19 00:00:00	2020-01-03 00:00:00	None	Failed password for invalid user (IP=236,GB) | updated by ABC with reason Generic ArcSight scan attempt (IP=184,FR) | 2020-01-03 | 2019-04-19
51.75.19.175	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Failed password - Failed Logons (IP=175,FR)
51.75.195.25	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Failed password for invalid user - Failed Logons (IP=25,GB)
51.75.201.142	24	RR	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=142,FR)
51.75.202.218	24	KF	None	2019-01-11 06:00:00	2020-02-23 00:00:00	None	Illegal user (IP=218,GB) | updated by BP Block was inactive. Reactivated on 20191123 with reason Authentication Failed - 6hr Failed Logon(IP=218,FR)
51.75.204.92	24	KF	None	2018-12-25 06:00:00	2020-03-06 00:00:00	None	Illegal user (IP=92,GB) | updated by CR with reason Failed password for invalid user user (IP=92,GB) | updated by GM with reason Invalid user - Failed Logons (IP=92,FR)
51.75.222.161	24	BMP	None	2020-07-15 00:00:00	2020-10-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=161,GB)
51.75.24.106	24	KF	None	2020-05-04 00:00:00	2020-08-02 00:00:00	None	Known Attack Tool User Agent V2 / UDS-Sqlmap_RC8766 - TT# 20C02597 (IP=106,FR)
51.75.248.12	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=12,GB)
51.75.25.38	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Invalid user - Failed Logons (IP=38,GB)
51.75.255.166	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=166,GB)
51.75.28.50	24	RR	None	2018-12-21 06:00:00	2020-03-05 00:00:00	None	Illegal user (IP=50,GB) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=134,GB)
51.75.29.64	24	RR	None	2018-12-19 06:00:00	2020-03-06 00:00:00	None	Failed password for invalid user (IP=64,GB) | updated by GM with reason Invalid user - Failed Logons (IP=61,FR)
51.75.30.199	24	RR	None	2019-01-14 06:00:00	2020-03-09 00:00:00	None	Illegal user (IP=199,GB) | updated by CW Block was inactive. Reactivated on 20191210 with reason Authentication Failed_Failed Logon (IP=99,GB)
51.75.37.173	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password for invalid user - Failed Logons (IP=173,FR)
51.75.52.77	32	dbc	None	2019-02-27 00:00:00	2020-02-27 00:00:00	None	PL TO-S-2019-0444 Malware Activity
51.75.61.103	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	FR TO-S-2019-0938 Malware Activity
51.75.64.187	24	RW	None	2020-07-18 00:00:00	2020-10-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=187,FR)
51.75.66.11	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password (IP=11,GB)
51.75.70.30	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Web Attacks (IP=30,DE)
51.75.74.124	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	NL TO-S-2020-0065 Malicious Email Activity
51.77.102.108	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	FR TO-S-2019-0890.01 Command and Control Exploit
51.77.108.33	24	GM	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=33,FR)
51.77.135.89	24	DT	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=89,FR)
51.77.137.103	24	KF	None	2019-01-07 06:00:00	2020-03-08 00:00:00	None	Illegal user (IP=103,GB) | updated by GM with reason Failed password - Failed Logons (IP=211,FR)
51.77.148.87	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user_Failed Logon (IP=87,FR)
51.77.157.78	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=78,FR)
51.77.161.86	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Invalid user - Failed Logons (IP=86,GB)
51.77.193.7	24	RR	None	2018-12-22 06:00:00	2020-02-24 00:00:00	None	Illegal user (IP=7,GB) | updated by RR with reason Failed password - Failed Logons (IP=213,GB)
51.77.194.241	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logons (IP=241,GB)
51.77.195.1	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=1,FR)
51.77.200.243	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=243,GB)
51.77.200.62	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	FR TO-S-2020-0190 Malicious Email Activity
51.77.202.172	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=172,FR)
51.77.215.207	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	FR TO-S-2019-0571 Malicious Email Activity
51.77.220.183	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Invalid user - Failed Logons (IP=183,GB)
51.77.23.71	24	KF	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	Unauthorized Access-Probe - TT# 20C01563 (IP=71,FR)
51.77.231.213	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password_Failed Logon (IP=13,FR)
51.77.246.155	24	CW	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	Illegal user_Failed Logon (IP=55,GB)
51.77.247.123	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=123,FR)
51.77.249.196	32	RB	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01455 (IP=196,FR)
51.77.43.64	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	FR TO-S-2019-0800 Malicious Email Activity
51.77.56.9	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	TCP: SYN Host Sweep (IP=9,PL)
51.77.68.119	32	GM	None	2020-09-06 00:00:00	2020-12-06 00:00:00	None	Unauthorized Access-Probe - TT # 20C03847 (IP=119,DE)
51.77.83.253	24	RW	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Generic ArcSight scan attempt (IP=253,FR)
51.77.92.215	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	FR TO-S-2019-0734.01 Malicious Email Activity
51.79.113.239	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=239,CA)
51.79.128.19	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	CA TO-S-2019-0551.02 Malicious Email Activity
51.79.129.235	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=235,CA)
51.79.157.173	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=173,XX)
51.79.27.48	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	CA TO-S-2019-0864 Malicious Email Activity
51.79.31.111	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=111,CA)
51.79.51.172	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=172,XX)
51.79.52.224	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Invalid user - Failed Logon (IP=,CN)
51.79.57.12	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	UDP: Host Sweep (IP=12,CA)
51.79.66.236	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	DLINK Command Injection - New Exploit URL (IP=236,CA)
51.79.69.137	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=137,GB)
51.79.70.106	24	RR	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=106,CA)
51.79.70.127	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	CA TO-S-2020-0047 Malicious Email Activity
51.79.78.115	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	CA TO-S-2020-0187 Malicious Email Activity
51.79.87.90	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=90,GB)
51.79.96.63	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	CA TO-S-2019-0926 Malicious Email Activity
51.81.102.138	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=138,US)
51.81.24.110	32	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Command Injection Attempt (IP=110,US)
51.81.32.51	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=51,XX)
51.81.48.27	32	DT	None	2020-06-16 00:00:00	2020-07-16 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C03196 (IP=27,US)
51.81.9.234	32	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	US TO-S-2019-0985 Application Vulnerability Exploit
51.83.134.142	24	CR	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=142,PL)
51.83.139.55	24	RW	None	2020-07-18 00:00:00	2020-10-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=55,GB)
51.83.146.178	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=178,GB)
51.83.171.12	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=12,XX)
51.83.217.97	24	ABC	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	TCP: SYN Host Sweep (IP=97,FR)
51.83.249.71	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Unauthorized Scanning (IP=71,XX)
51.83.250.212	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - 2RCC (IP=212,PL)
51.83.33.156	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=156,GB)
51.83.41.93	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	FR TO-S-2020-0031 Malicious Email Activity
51.83.42.108	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user_Faield Logon (IP=8,FR)
51.83.46.16	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password for invalid user - Failed Logon (IP=16,GB)
51.83.50.216	32	dbc	None	2020-08-04 00:00:00	2020-08-04 00:00:00	None	HIVE Case #3470 CTO-20-210 EUCOM JCC SR 101-20 (IP=216,FR)
51.83.58.149	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	FR TO-S-2019-0852 Malware Activity
51.83.66.171	24	RR	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	TCP: SYN Host Sweep (IP=171,FR)
51.83.68.185	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	FR TO-S-2019-0723 Malicious Email Activity
51.83.72.243	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user - Failed Logon (IP=243,GB)
51.83.73.160	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=160,GB)
51.83.74.203	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=203,FR)
51.83.77.224	24	GM	None	2019-11-12 00:00:00	2020-02-12 00:00:00	None	Failed Password - Failed Logons (IP=224,FR)
51.83.78.56	24	BP	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=56,FR)
51.83.94.250	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	FR TO-S-2019-0626.01 Malicious Email Activity
51.83.96.12	24	KF	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=12,GB)
51.89.105.174	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=174,XX)
51.89.125.121	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=121,NL)
51.89.135.87	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	FR TO-S-2020-0047 Malicious Web Application Activity
51.89.138.215	32	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	GB TO-S-2019-0593 Malicious Email Activity
51.89.148.180	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Invalid user - Failed Logon (IP=180,GB)
51.89.151.214	24	RW	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=214,FR)
51.89.156.8	32	dbc	None	2020-08-04 00:00:00	2020-08-04 00:00:00	None	HIVE Case #3470 CTO-20-210 DCNDC T-2020-07-014 (IP=8,FR)
51.89.173.198	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	TCP: SYN Host Sweep (IP=198,GB)
51.89.175.65	24	BMP	None	2020-03-26 00:00:00	2020-06-24 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C02232 (IP=65,GB)
51.89.177.1	32	DT	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03259 (IP=1,UK)
51.89.178.121	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=121,FR)
51.89.185.101	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=101,UK)
51.89.201.139	24	CW	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=39,GB)
51.89.203.215	24	RW SQL	None	2020-02-26 00:00:00	2020-05-26 00:00:00	None	generic convert injection attempt - GET parameter - 6hr web attacks (IP=215,UK)
51.89.204.165	24	RWB	None	2020-06-19 00:00:00	2020-09-17 00:00:00	None	Web Application Attack - SQL generic sql with comments injection attempt - GET parameter - SourceFire (IP=165,GB)
51.89.21.206	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	UDP: Host Sweep (IP=206,DE)
51.89.213.80	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Authentication Failed - 6hr Logon (IP=80,GB)
51.89.224.147	24	DT	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - Web Attacks (IP=147,GB)
51.89.228.47	24	ABC	None	2019-10-07 00:00:00	2020-01-05 00:00:00	None	Generic ArcSight scan attempt (IP=47,GB)
51.89.229.215	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	GB TO-S-2020-0056 Malicious Web Application Activity
51.89.234.101	24	RR	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=101,GB)
51.89.235.112	24	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=112,GB)
51.89.28.247	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=247,GB)
51.89.52.208	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=208,XX)
51.89.65.23	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=23,XX)
51.89.67.61	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	UDP: Host Sweep (IP=61,FR)
51.89.98.81	32	GM	None	2020-09-12 00:00:00	2020-12-12 00:00:00	None	Unauthorized Access-Probe // UDP: Host Sweep - TT # 20C03882 (IP=81,DE)
51.89.99.120	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=120,DE)
51.91.10.156	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logons (IP=156,GB)
51.91.102.173	24	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=173,FR)
51.91.104.73	24	CW	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Invalid user_Failed Logon (IP=73,FR)
51.91.136.174	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=174,FR)
51.91.187.192	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	FR TO-S-2020-0012 Malicious Email Activity
51.91.201.54	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Generic ArcSight scan attempt (IP=54,FR)
51.91.212.79	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=79,FR)
51.91.250.68	24	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	Authentication Failed - Failed Logons (IP=68,GB)
51.91.31.37	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	FR TO-S-2019-1002 Malicious Email Activity
51.91.48.22	24	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=22,FR)
51.91.57.20	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	FR TO-S-2019-0890.01 Malicious Email Activity
51.91.66.169	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Generic ArcSight scan attempt (IP=169,FR)
51.91.75.228	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=228,FR)
51.91.91.182	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	UDP: Host Sweep - ARCSight Sauron (IP=182,GB)
52.1.131.202	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=202,US)
52.10.79.204	24	DT	None	2020-08-15 00:00:00	2020-11-13 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=230,US)
52.114.88.21	32	GM	None	2020-06-23 00:00:00	2020-08-23 00:00:00	None	P2P: Ares/Warez-Gnutella Traffic Detected - TT# 20C03262 (IP=21,US)
52.114.88.29	32	RB	None	2020-06-22 00:00:00	2020-09-20 00:00:00	None	P2P: Ares/Warez-Gnutella Traffic Detected - TT# 20C03251 (IP=29,US)
52.128.242.122	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=122,HK)
52.138.39.149	32	ABC	None	2019-10-07 00:00:00	2020-01-05 00:00:00	None	Command Injection Attempt (IP=149,US)
52.14.133.27	32	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Command Injection Attempt (IP=27,US)
52.142.45.135	32	BMP	None	2020-11-04 00:00:00	2020-02-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=135,US)
52.143.185.100	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=100,FR)
52.144.44.34	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
52.148.184.35	32	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	Unauthorized Access-Probe - TT# 20C02704 (IP=35,US)
52.151.29.181	32	DT	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=181,US)
52.152.133.67	32	RW	None	2020-06-29 00:00:00	2020-07-29 00:00:00	None	Possible SQLi attempt - TT# 20C03312 (IP=67,US)
52.152.139.44	32	DT	None	2020-09-18 00:00:00	2020-12-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=44,US)
52.154.73.188	32	RR	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected - TT# 20C03630 (IP=188,US)
52.156.135.101	32	RR	None	2020-08-22 00:00:00	2020-11-20 00:00:00	None	Possible SQLi attempt / HTTP: Blind SQL Injection - Timing - TT# 20C03752 (IP=101,US)
52.158.252.119	32	DT	None	2020-06-16 00:00:00	2020-07-16 00:00:00	None	Attack Tool User Agent V2 / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C03195 (IP=119,US)
52.158.254.253	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=253,US)
52.162.122.57	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=57,US)
52.163.56.188	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=,SG)
52.164.206.56	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	IE TO-S-2019-0546 Malicious Email Activity
52.165.147.64	32	RR	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	Known Attack Tool User Agent/BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C01999 (IP=64,US)
52.165.170.122	32	RW	None	2020-07-31 00:00:00	2020-08-31 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT# 20C03591 (IP=122,US)
52.165.19.25	32	GM	None	2020-07-30 00:00:00	2020-08-30 00:00:00	None	Known Attack Tool User Agent V2/BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C03585 (IP=25,US)
52.166.178.227	24	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=227,NL)
52.168.170.66	32	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	UDP: Host Sweep (IP=66,US)
52.168.69.198	32	RR	None	2020-06-09 00:00:00	2020-09-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03114 (IP=198,US)
52.17.149.98	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-020 (IP=98,IE)
52.171.214.61	32	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=61,US)
52.172.138.31	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password - Failed Logons (IP=31,IN)
52.172.211.23	24	GM	None	2019-11-13 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logons (IP=23,IN)
52.172.217.146	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password for invalid user - Failed Logons (IP=146,IN)
52.173.184.81	32	RR	None	2020-06-30 00:00:00	2020-09-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03339 (IP=81,US)
52.173.19.252	32	KF	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	Known Attack Tool User / BOT: Mirai Echobot Activity Detected - TT# 010420-00021 (IP=252,US)
52.173.72.107	32	DT	None	2020-05-19 00:00:00	2020-08-17 00:00:00	None	Known Attack Tool User Agent V2/20086: HTTP: Muieblackcat Security Scanner - TT# 20C02837 (IP=107,US)
52.173.82.34	32	RR	None	2020-06-17 00:00:00	2020-09-17 00:00:00	None	Known Attack Tool User Agent V2 / 20086: HTTP: Muieblackcat Security Scanner - TT# 20C03202 (IP=34,US)
52.175.217.171	32	DT	None	2020-08-15 00:00:00	2020-11-13 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C03717 (IP=171,US)
52.175.239.154	32	DT	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=154,US)
52.176.165.69	32	RW	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	SQL Injection (IP=69,US)
52.177.238.151	32	DT	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=151,US)
52.177.238.35	32	BMP	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=35,US)
52.178.134.11	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Illegal user_Failed Logon (IP=11,IE)
52.179.152.129	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=129,US)
52.183.80.170	32	DT	None	2020-09-09 00:00:00	2020-12-09 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Web Attacks (IP=170,US)
52.184.153.19	32	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=19,US)
52.187.135.29	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Failed password - 6hr Logons (IP=29,SG)
52.187.240.159	32	GM	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02981 (IP=159,US)
52.188.125.42	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=42,US)
52.19.231.194	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=194,IE)
52.191.130.116	32	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- ARCSight Sauron (IP=116,US)
52.193.153.92	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	JP TO-S-2019-0488 Malicious Email Activity
52.199.139.236	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	JP TO-S-2019-0769 Malicious Email Activity
52.2.232.26	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=26,US)
52.2.66.182	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=182,US)
52.201.217.175	32	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=175,US)
52.202.139.67	32	DT	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=67,US)
52.202.155.249	32	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=249,US)
52.202.216.62	32	KF	None	2020-03-21 00:00:00	2020-06-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=62,US)
52.202.38.108	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=108,US)
52.204.47.231	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	SQL Injection (IP=231,US)
52.207.250.2	30	DT	None	2020-06-19 00:00:00	2020-09-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=2,US)
52.207.251.183	32	CR	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=183,US)
52.207.56.94	32	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=94,US)
52.21.178.134	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=134,US)
52.219.72.65	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=65,DE)
52.219.80.168	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=168,US)
52.219.84.40	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=40,US)
52.219.96.136	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3604 COLS-NA-TIP-20-0262 (IP=136,US)
52.219.96.251	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=251,US)
52.219.97.122	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=122,US)
52.221.229.126	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=126,JP)
52.224.202.238	32	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=238,US)
52.226.16.153	32	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	17031 HTTP GetSimple CMS File Upload - TT# 20C02705 (IP=135,US)
52.229.54.13	32	GM	None	2020-09-22 00:00:00	2020-12-22 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - TT # 20C03967 (IP=13,US)
52.23.215.245	32	BMP	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=245,US)
52.23.217.162	32	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=162,US)
52.23.247.147	32	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=147,US)
52.230.29.167	24	DT	None	2020-09-15 00:00:00	2020-12-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=167,SG)
52.230.54.209	24	BMP	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=209,SG)
52.231.153.23	24	RR	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	Illegal user - Failed Logons (IP=23,KR)
52.231.158.56	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=56,US)
52.231.205.84	32	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=84,US)
52.231.25.113	32	RR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02983 (IP=113,US)
52.231.52.57	24	RR	None	2020-04-29 00:00:00	2020-07-28 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=57,KR)
52.231.67.62	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SIP: SIP Express Router Contact Header Buffer Overflow - TT# 20C02960 (IP=62,KR)
52.237.166.41	32	RW	None	2020-09-04 00:00:00	2020-12-04 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT# 20C03833 (IP=41,US)
52.239.169.132	32	wmp	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	HIVE Case #3109 COLS-NA-TIP-20-0192 (IP=132,US)
52.246.166.4	32	BMP	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02593 (IP=4,US)
52.247.13.102	32	DT	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - Web Attacks (IP=102,US)
52.247.195.88	32	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	UDP: Host Sweep (IP=88,US)
52.254.16.227	32	RW	None	2020-05-19 00:00:00	2020-08-17 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02851 (IP=227,US)
52.254.87.8	32	GM	None	2020-06-18 00:00:00	2020-08-18 00:00:00	None	Double-URI Traffic Detected - TT# 20C03215 (IP=8,US)
52.28.88.47	24	BMP	None	2020-03-10 00:00:00	2020-06-08 00:00:00	None	POLICY-OTHER Cisco IOS XE default one-time password login detected - SourceFire (IP=47,DE)
52.3.114.222	32	RW	None	2020-03-20 00:00:00	2020-06-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=222,US)
52.38.21.128	32	RW	None	2019-09-01 00:00:00	2020-02-02 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 19C03098(IP=128,US) | updated by KF with reason Command Injection Attempt (IP=128,US)
52.45.153.0	32	RW	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	Attempted Exploit.CVE-2019-11510 - Hive Case 3098 (IP=0,US)
52.47.80.180	24	DT	None	2020-04-28 00:00:00	2020-07-28 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt - SourceFire (IP=180,FR)
52.49.226.178	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=178,IE)
52.50.213.40	24	RW	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	TCP: SYN Host Sweep (IP=40,IE)
52.55.72.37	32	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=37,US)
52.55.92.238	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=238,CN)
52.61.90.157	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
52.63.16.62	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	AU TO-S-2019-0577 Malicious Email Activity
52.63.6.84	24	RR	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=84,AU)
52.66.111.122	24	GM	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	ABC Generic ArcSight scan attempt (IP=122,IN)
52.68.54.13	32	dbc	None	2019-02-27 00:00:00	2020-02-27 00:00:00	None	JP TO-S-2019-0444 Malicious Reconnaissance Activity
52.69.207.209	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=209,JP)
52.69.92.191	32	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=191,US)
52.73.15.236	32	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Command Injection Attempt (IP=236,US)
52.76.180.186	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password for invalid user (IP=186,SG)
52.81.126.101	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=101,CN)
52.82.0.0	15	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	CN TO-S-2019-0430 Malware Activity
52.85.219.207	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=207,US)
52.87.152.12	32	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=12,US)
52.87.186.65	32	FT SERVER-OTHER	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=65,US)
52.87.199.69	32	BMP	None	2020-09-30 00:00:00	2020-12-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=69,US)
52.87.213.173	32	CR	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=173,US)
52.87.223.150	32	RW	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=150,US)
52.90.120.182	32	DT	None	2020-06-12 00:00:00	2020-09-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=182,US)
52.90.182.84	32	DT	None	2020-09-16 00:00:00	2020-12-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=84,US)
52.90.98.118	32	BMP	None	2020-07-01 00:00:00	2020-10-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=118,US)
52.91.177.18	32	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=18,US)
52.91.182.48	32	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=48,US)
52.91.212.147	32	DT	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Odinaff C&C - Sourcefire (IP=147,US)
52.91.26.93	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=93,US)
52.91.33.79	32	BMP	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=79,US)
52.91.45.1	32	DT	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=1,US)
54.144.14.5	32	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=5,US)
54.144.93.138	32	DT	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=138,US)
54.145.137.14	32	DT	None	2020-05-06 00:00:00	2020-08-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=123,US)
54.145.202.197	24	BMP	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=US,197)
54.146.129.252	32	DT	None	2020-05-19 00:00:00	2020-08-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=252,US)
54.146.222.136	32	DT	None	2020-06-25 00:00:00	2020-09-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=136,US)
54.146.239.76	32	RB	None	2020-03-09 00:00:00	2020-04-09 00:00:00	None	Known Attack Tool User Agent - TT# 20C02100 (IP=76,US)
54.147.128.222	32	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=222,US)
54.147.149.125	32	DT	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=125,US)
54.147.162.180	32	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=180,US)
54.147.168.237	24	BMP	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=US,237)
54.147.226.201	32	RW	None	2020-03-17 00:00:00	2020-06-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=201,US)
54.152.197.228	32	RW	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=228,US)
54.156.42.2	32	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=2,US)
54.157.10.109	32	BMP	None	2020-05-01 00:00:00	2020-07-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=109,US)
54.157.185.183	32	CR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03041 (IP=183,US)
54.157.247.42	32	RW	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=42,US)
54.159.97.13	32	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=13,US)
54.160.181.230	32	DT	None	2020-07-28 00:00:00	2020-10-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=230,US)
54.160.188.24	32	DT	None	2020-07-23 00:00:00	2020-10-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=24,US)
54.160.233.124	32	RW	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=124,US)
54.161.125.196	32	DT	None	2020-08-08 00:00:00	2020-11-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=196,US)
54.161.206.92	32	DT	None	2020-08-29 00:00:00	2020-11-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=92,US)
54.161.36.239	32	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=239,US)
54.162.104.137	32	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=137,US)
54.162.132.3	32	BMP	None	2020-06-13 00:00:00	2020-09-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=31,US)
54.162.145.52	32	DT	None	2020-09-05 00:00:00	2020-12-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=52,US)
54.162.199.70	32	FT	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=70,US)
54.162.207.183	32	BMP	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=183,US)
54.162.23.82	32	BMP	None	2020-07-10 00:00:00	2020-10-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=82,US)
54.162.243.44	32	BMP	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=44,US)
54.162.68.250	32	RW	None	2020-06-05 00:00:00	2020-09-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=250,US)
54.163.213.113	32	DT	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=113,US)
54.164.2.17	32	CR	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=17,US)
54.164.245.149	32	RW	None	2020-03-17 00:00:00	2020-06-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=149,US)
54.164.77.151	32	DT	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire - (IP=151,US)
54.165.103.165	32	RR	None	2019-12-18 00:00:00	2020-01-17 00:00:00	None	Known Attack Tool User Agent//OpenVAS Vulnerability Scanner - TT# 20C01173 (IP=165,US)
54.165.60.192	32	BMP	None	2020-06-05 00:00:00	2020-09-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=192,US)
54.166.168.39	32	DT	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=39,US)
54.166.196.84	32	BMP	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=84,US)
54.166.223.20	32	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=20,US)
54.166.236.29	32	RW	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=29,US)
54.166.240.62	32	DT	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=62,US)
54.166.58.200	32	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=200,US)
54.166.58.241	32	RW	None	2020-03-10 00:00:00	2020-06-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=241,US)
54.167.238.185	32	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=185,US)
54.167.97.101	32	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=101,US)
54.169.153.22	24	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=22,SG)
54.169.38.121	24	KF	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	TCP: SYN Host Sweep (IP=121,JP)
54.171.217.0	24	RR	None	2020-09-12 00:00:00	2020-12-11 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=0,IE)
54.172.99.5	32	BMP	None	2020-09-30 00:00:00	2020-12-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=5,US)
54.173.193.230	32	CR	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=230,US)
54.173.38.0	32	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=0,US)
54.174.110.51	32	BMP	None	2020-07-10 00:00:00	2020-10-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=51,US)
54.174.138.164	32	KF	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	Immediate Inbound Network Block - TT# 20C00974 (IP=164,US)
54.174.15.127	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3430 COLS-NA-TIP-20-0237 (IP=127,US)
54.174.41.7	32	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=7,US)
54.175.157.228	32	BMP	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=228,US)
54.175.165.32	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=32,US)
54.175.238.98	32	BMP	None	2020-05-26 00:00:00	2020-08-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - 6hr Web Attacks (IP=98,US)
54.177.241.194	32	RR	None	2020-09-19 00:00:00	2020-12-19 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03948 (IP=194,LU)
54.179.142.122	24	RR	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	HTTP: SQL Injection Attempt Detected (IP=122,SG)
54.183.235.21	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=21,US)
54.186.20.104	32	KF	None	2020-06-16 00:00:00	2020-09-13 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03181 (IP=104,US)
54.188.63.61	32	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=61,US)
54.196.158.211	32	DT	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=211,US)
54.196.204.69	32	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=69,US)
54.196.235.165	24	BMP	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=US,165)
54.196.39.141	32	DT	None	2020-08-29 00:00:00	2020-11-29 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - Web Attacks (IP=141,CN)
54.196.6.252	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability (IP=252,US)
54.196.81.113	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=113,US)
54.196.86.139	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=139,US)
54.197.195.239	32	DT	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=239,US)
54.197.30.201	32	CR	None	2020-06-12 00:00:00	2020-09-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=201,US)
54.197.72.16	32	RW	None	2020-04-23 00:00:00	2020-07-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=16,US)
54.198.16.219	32	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=219,US)
54.198.186.178	32	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=178,US)
54.200.134.197	32	wmp	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3506 COLS-NA-TIP-20-0252 (IP=197,US)
54.202.253.112	32	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=112,US)
54.205.184.58	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02742 (IP=58,US)
54.207.162.10	24	KF	None	2020-05-24 00:00:00	2020-08-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=10,BR)
54.208.246.144	32	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=144,US)
54.208.81.3	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=3,US)
54.209.174.23	32	RW	None	2020-08-08 00:00:00	2020-11-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=23,US)
54.210.131.246	32	DT	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire - (IP=246,US)
54.210.46.218	32	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=218,US)
54.211.145.64	32	DT	None	2020-05-19 00:00:00	2020-08-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=64,US)
54.221.165.178	32	DT	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire - (IP=178,US)
54.224.158.133	32	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=133,US)
54.224.177.222	32	DT	None	2020-06-14 00:00:00	2020-09-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=222,US)
54.224.240.183	32	BMP	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=183,US)
54.224.66.7	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=7,US)
54.224.84.59	24	RW	None	2020-03-10 00:00:00	2020-06-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=59,US)
54.225.61.127	32	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=127,US)
54.226.18.50	32	RW	None	2019-12-12 00:00:00	2020-03-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=50,US)
54.227.36.214	32	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=214,US)
54.229.164.238	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_web attacks (IP=38,IE)
54.230.18.124	32	RW	None	2020-03-03 00:00:00	2020-04-03 00:00:00	None	EXPLOIT-KIT Rig Exploit Kit URI redirect attempt - TT# 20C01944 (IP=124,US)
54.234.130.155	32	RW	None	2020-03-09 00:00:00	2020-06-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=155,US)
54.234.252.60	32	RW	None	2020-03-03 00:00:00	2020-06-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=60,US)
54.234.53.178	32	BMP	None	2020-07-01 00:00:00	2020-10-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=178,US)
54.235.41.88	32	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=88,US)
54.236.102.201	32	CR	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=201,US)
54.236.217.244	32	RW	None	2020-04-23 00:00:00	2020-07-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=244,US)
54.236.233.4	32	GM	None	2020-09-08 00:00:00	2020-12-08 00:00:00	None	Known Attack Tool User Agent V2 / UDS-WhatWeb_RC8766 - TT # 20C03864 (IP=4,US)
54.236.252.34	24	BMP	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=US,34)
54.236.37.41	32	RW	None	2020-02-05 00:00:00	2020-03-05 00:00:00	None	Known Attack Tool User Agent - TT# 20C01613(IP=41,US)
54.236.48.70	32	GM	None	2020-07-23 00:00:00	2020-10-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03544 (IP=70,US)
54.237.212.77	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=77,US)
54.237.236.25	32	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=25,US)
54.242.12.166	32	DT	None	2020-09-12 00:00:00	2020-12-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=166,US)
54.242.24.90	32	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=90,US)
54.242.252.240	24	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=240,US)
54.242.33.186	32	DT	None	2020-07-05 00:00:00	2020-10-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=186,US)
54.242.54.88	32	CR	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=88,US)
54.242.95.220	32	RW	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=220,US)
54.249.66.39	24	JKC	None	2020-03-16 00:00:00	2020-06-14 00:00:00	None	Malicious callout activity Hive Case 2109 (IP=39, JP)
54.250.71.192	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=192,JP)
54.254.109.109	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=109,SG)
54.36.106.196	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=196,FR)
54.36.108.162	24	GM	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=162,FR)
54.36.131.232	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=232,FR)
54.36.158.41	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	FR TO-S-2019-0468 Malicious Email Activity
54.36.160.211	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=211,FR)
54.36.164.183	32	DT	None	2020-09-16 00:00:00	2020-12-16 00:00:00	None	Unauthorized Access-Probe - TT# 20C03916 (IP=183,GB)
54.36.166.45	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	GB TO-S-2019-0781 Malicious Email Activity
54.36.17.237	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	FR TO-S-2019-0890.01 Malicious Email Activity
54.36.172.184	24	ABC	None	2017-11-25 06:00:00	2020-01-29 00:00:00	None	Generic ArcSight scan attempt (IP=184,XX) | updated by GM with reason Failed password - Failed Logons (IP=105,PL)
54.36.180.236	32	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password - Failed Logons (IP=236,US)
54.36.43.237	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	GB TO-S-2019-0358 Malware Activity
54.36.60.191	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=191,FR)
54.36.62.157	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	FR TO-S-2019-0577 Malicious Email Activity
54.36.73.168	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	FR TO-S-2019-0747 Malicious Email Activity
54.37.115.67	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	FR TO-S-2020-0065 Malicious Email Activity
54.37.136.213	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=213,PL)
54.37.158.218	24	GM	None	2019-11-18 00:00:00	2020-02-18 00:00:00	None	Illegal user - Failed Logons (IP=218,FR)
54.37.196.144	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=144,FR)
54.37.197.94	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user - Failed Logon (IP=94,1)
54.37.204.154	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=154,DE)
54.37.205.205	24	CR	None	2018-09-04 05:00:00	2020-04-19 00:00:00	None	Illegal user (IP=205,DE) | updated by dbc with reason DE TO-S-2019-0608 Malware Activity
54.37.232.137	24	CR	None	2018-08-29 05:00:00	2020-02-06 00:00:00	None	Illegal user (IP=137,PL) | updated by GM with reason Invalid user - Failed Logons (IP=137,PL)
54.37.245.3	24	KF	None	2020-06-26 00:00:00	2020-09-24 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03292 (IP=3,GB)
54.37.36.116	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=116,US)
54.38.120.208	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	FR TO-S-2019-0734.01 Malicious Email Activity
54.38.124.133	24	BMP	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - SourceFire (IP=133,FR)
54.38.143.243	24	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=243, FR) | updated by dbc with reason FR TO-S-2019-0626.01 Malicious Email Activity
54.38.175.113	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	FR TO-S-2019-0608 Malware Activity
54.38.183.181	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=181,FR)
54.38.212.111	24	RR	None	None	2020-07-07 00:00:00	None	DLINK Command Injection - New Exploit URL - DLINK (IP=111,FR)
54.38.215.32	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	GB TO-S-2019-0382 Malicious Web Application Activity
54.38.218.250	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	FR TO-S-2019-0613 Malware Activity
54.38.219.136	32	CR	None	2020-05-28 00:00:00	2020-08-26 00:00:00	None	Known Attack Tool User Agent V2/BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C02958 (IP=251,US)
54.38.33.249	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	FR TO-S-2019-0608 Malware Activity
54.38.67.145	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=145,FR)
54.38.75.41	24	GM	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=41,FR)
54.38.81.231	24	KF	None	2020-06-28 00:00:00	2020-09-26 00:00:00	None	Known Attack Tool User Agent V2 / UDS-DirBuster_RC8766 - TT# 20C03306 (IP=231,FR)
54.38.92.35	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=35,FR)
54.38.99.125	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	FR TO-S-2019-0952 Malware Activity
54.39.104.201	32	RW	None	2020-04-22 00:00:00	2020-05-22 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02547 (IP=201,CA)
54.39.129.162	24	GM	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	ABC Generic ArcSight scan attempt (IP=162,FR)
54.39.160.28	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	CA TO-S-2019-0409 Malicious Email Activity
54.39.183.140	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=140,CA)
54.39.21.54	32	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=54,US)
54.39.214.146	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=146,FR)
54.39.215.32	24	RR	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	UDP: Host Sweep (IP=32,FR)
54.39.215.38	32	RR	None	2020-09-12 00:00:00	2020-12-12 00:00:00	None	Unauthorized Access-Probe // UDP: Host Sweep - TT# 20C03885 (IP=38,CA)
54.39.246.186	24	FT	None	2020-09-11 00:00:00	2020-12-11 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=186,CA)
54.39.41.188	24	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=188,FR)
54.39.50.158	32	RB	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C03767 (IP=158,CA)
54.39.51.192	32	RB	None	2020-08-14 00:00:00	2020-11-14 00:00:00	None	SUnauthorized Access-Probe // UDP: Host Sweep - TT # 20C03708 (IP=192,CA)
54.39.51.31	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user_Failed Logon (IP=31,CA)
54.67.57.56	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=56,US)
54.69.172.205	32	wmp	None	2020-06-19 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=205,US) | updated by wmp Block expiration extended with reason HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=205,US)
54.72.11.253	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=253,IE)
54.72.130.67	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	IE TO-S-2019-0604 Malware Activity
54.72.130.76	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	IE TO-S-2019-0608 Malware Activity
54.72.97.57	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	IE TO-S-2019-0468 Malicious Email Activity
54.77.87.119	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=119,IE)
54.78.227.17	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=17,IE)
54.80.43.230	32	CR	None	2020-09-07 00:00:00	2020-12-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=230,US)
54.81.0.173	32	DT	None	2020-07-10 00:00:00	2020-10-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=173,US)
54.81.111.2	32	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=2,US)
54.81.114.215	32	DT	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=215,US)
54.81.211.66	32	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Generic ArcSight scan attempt (IP=66,US)
54.81.251.19	32	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=19,US)
54.81.39.197	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=197,US)
54.81.77.132	32	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=132,US)
54.82.142.185	32	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=185,US)
54.82.163.113	32	RW	None	2020-07-18 00:00:00	2020-10-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=113,US)
54.82.185.0	32	BMP	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=0,US)
54.83.121.101	32	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=101,US)
54.83.147.61	32	DT	None	2020-06-14 00:00:00	2020-09-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=61,US)
54.83.166.241	32	DT	None	2020-06-08 00:00:00	2020-09-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire - (IP=241,US)
54.83.74.215	32	BMP	None	2020-07-23 00:00:00	2020-10-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=215,US)
54.84.175.28	32	RW	None	2020-04-18 00:00:00	2020-07-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=28,US)
54.85.157.97	24	RW	None	2020-03-10 00:00:00	2020-06-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=97,US)
54.87.129.218	32	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=218,US)
54.87.133.140	32	RW	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=140,US)
54.87.45.52	32	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=52,US)
54.88.201.98	32	DT	None	2020-07-05 00:00:00	2020-10-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=98,US)
54.89.121.250	32	BMP	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=250,US)
54.89.229.93	32	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=93,US)
54.89.245.181	32	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=181,US)
54.89.56.37	32	GM	None	2020-09-09 00:00:00	2020-12-08 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C03867 (IP=37,US)
54.89.86.152	32	CR	None	2020-03-23 00:00:00	2020-06-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=152,US)
54.91.111.155	32	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=155,US)
54.91.206.33	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=33,US)
54.91.21.188	32	DT	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=188,US)
54.91.40.242	32	RW	None	2020-08-08 00:00:00	2020-11-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=242,US)
54.91.89.210	32	RW	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=210,US)
54.92.194.188	32	DT	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=188,US)
54.92.231.59	32	BMP	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=59,US)
54.93.230.90	32	RW	None	2020-03-12 00:00:00	2020-04-12 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - TT# 20C02126(IP=90,DE)
54.93.230.90	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Sourcefire (IP=90,DE)
54.94.132.101	24	RR	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=101,BR)
54.94.167.229	24	BMP	None	2020-07-15 00:00:00	2020-10-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=229,BR)
54.95.190.65	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=65,JP)
56.26.0.0	16	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	MY TO-S-2019-0952 Malicious Email Activity
58.1.134.41	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=41,JP)
58.115.160.196	24	BMP	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=196,TW)
58.118.0.233	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=233,CN)
58.119.3.77	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=77,CN)
58.124.226.95	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=95,KR)
58.125.102.211	24	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	UDP: Host Sweep (IP=211,KR)
58.126.201.20	24	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Invalid user - Failed Logons (IP=20,KR)
58.126.56.174	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=174,KR)
58.137.254.25	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=25,TH)
58.142.8.85	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=85,KR)
58.144.150.233	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=233,CN)
58.144.208.115	24	GM	None	2020-03-21 00:00:00	2020-06-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=115,CN)
58.150.46.6	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Invalid user - 6hr Logons (IP=6,KR)
58.151.77.38	24	GM	None	2019-06-17 00:00:00	2020-01-28 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=77,KR) | updated by RW Block was inactive. Reactivated on 20191028 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt
58.152.114.71	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=71,HK)
58.152.91.40	24	RW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=40,HK)
58.152.99.107	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_6 hr web attacks (IP=107,HK)
58.153.199.231	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=231,HK)
58.16.127.164	24	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Illegal user - Failed Logons (IP=164,CN)
58.16.67.32	24	RB	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 hr web attacks (IP=32,CN)
58.164.204.22	24	RR	None	2020-08-16 00:00:00	2020-11-14 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks(IP=22,AU)
58.164.205.149	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=149,AU)
58.165.112.49	24	KF	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=49,AU)
58.17.243.151	24	RR	None	2017-11-11 06:00:00	2020-01-31 00:00:00	None	Illegal user (IP=151,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=151,CN) | 2020-01-31 | 2018-02-09
58.171.194.231	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	AU TO-S-2019-0577 Malicious Email Activity
58.171.88.250	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=250,AU)
58.176.129.240	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	Authentication Failed_Failed Logon (IP=40,HK)
58.176.185.182	24	BMP	None	2020-08-05 00:00:00	2020-11-03 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6r Web Attacks (IP=HK,182)
58.180.56.181	32	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	KR TO-S-2019-0839 Malware Activity
58.181.61.45	24	RW	None	2019-07-20 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 12 hr web attacks (IP=45,KR) | updated by KF Block was inactive. Reactivated on 20191102 with reason HTTP: SQL Injection Attempt Detected_Web Attacks (IP=45,KR) | updated by KF Block expiration ext
58.186.20.93	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=93,VN)
58.186.21.122	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=122,VN)
58.187.209.146	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=146,VN)
58.187.54.18	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=18,VN)
58.19.0.84	32	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	HTTP: vBulletin 5.1.2 Unserialize Code Execution - TT# 20C03890 (IP=84,CN)
58.20.129.76	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=76,CN)
58.20.239.14	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 hr Failed Logons (IP=14,CN)
58.210.177.15	24	KF	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=15,CN)
58.210.183.181	24	RW	None	2020-05-04 00:00:00	2020-08-04 00:00:00	None	HTTP: PHP CGI Argument Injection Remote Vulnerability (CVE-2012-2335) - 6hr web attacks (IP=181,CN)
58.210.54.10	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=10,CN)
58.210.85.22	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=22,CN)
58.210.94.98	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password_Failed Logon (IP=98,CN)
58.210.96.156	24	MLJ	None	2017-12-11 06:00:00	2020-02-14 00:00:00	None	ET SCAN LibSSH Based Frequent SSH Connections Likely Brute Force Attack (IP=156,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=156,CN) | 2020-02-14 | 2018-03-11
58.212.139.229	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	Failed password - 6 hr Failed Logon (IP=229,CN)
58.213.107.106	24	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=106,HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks)
58.213.130.67	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=67,CN)
58.214.9.174	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password - Failed Logons (IP=174,CN)
58.215.215.134	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Illegal user_Faield Logon (IP=34,CN)
58.216.139.42	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Illegal user - Failed Logons (IP=42,CN)
58.216.158.82	24	RB	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_12 hr web attacks (IP=82,CN)
58.216.216.2	24	RB	None	2020-04-29 00:00:00	2020-07-29 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6 hr web attacks (IP=2,CN)
58.216.218.174	24	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=174,CN)
58.216.250.227	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logon (IP=,CN)
58.216.47.50	24	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	TCP: SYN Host Sweep (IP=50,CN)
58.217.68.120	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=120,CN)
58.218.213.214	32	KF	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03237 (IP=214,CN)
58.218.213.214	32	KF	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03237 (IP=214,CN)
58.218.67.230	32	RW	None	2020-07-09 00:00:00	2020-08-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03403 (IP=230,CN)
58.219.159.49	32	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C02948 (IP=49,CN)
58.219.200.139	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Web attacks (IP=39,CN)
58.219.213.100	24	KF	None	2020-06-12 00:00:00	2020-09-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=100,CN)
58.219.213.87	32	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	HTTP: HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02920 (IP=87,CN)
58.219.236.38	24	BMP	None	2020-03-10 00:00:00	2020-06-08 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=38,CN)
58.219.237.104	24	RR	None	2020-01-21 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=104,CN) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=104,CN)
58.219.239.225	32	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C02786 (IP=225,CN)
58.22.99.135	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password for invalid user - Failed Logon (IP=135,CN)
58.220.253.253	32	RR	None	2020-06-25 00:00:00	2020-09-23 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03285 (IP=253,CN)
58.220.46.28	24	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	TCP: SYN Host Sweep (IP=28,CN)
58.221.62.93	32	CR	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03463 (IP=93,CN)
58.225.75.151	24	RB	None	2017-01-29 06:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP Setup.php access (IP=151,KR) | updated by RR with reason Generic ArcSight scan attempt (IP=147,KR)
58.229.121.12	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX function call access - SourceFire (IP=12,KR)
58.229.208.18	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=18,KR)
58.236.139.20	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=20,KR)
58.236.21.178	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=178,KR)
58.240.52.86	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=86,CN)
58.241.46.14	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=14,CN)
58.242.68.178	24	RR	None	2017-11-10 06:00:00	2020-01-14 00:00:00	None	Illegal user (IP=178,CN) | updated by CR with reason Illegal user_6 hr Failed Logon (IP=178,CN)
58.243.133.36	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=36,CN)
58.244.110.172	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=172,CN)
58.244.220.95	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=95,CN)
58.244.255.27	32	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03053 (IP=27,CN)
58.244.255.45	32	BMP	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02865 (IP=45,CN)
58.246.125.198	24	KF	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Authentication Failed - 6 Hr Failed Logons (IP=198,CN)
58.246.21.186	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=186,CN)
58.246.51.190	24	GM	None	2020-01-08 00:00:00	2020-04-08 00:00:00	None	Illegal user - Failed Logons (IP=190,CN)
58.246.83.114	24	RB	None	2020-08-23 00:00:00	2020-11-21 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attack (IP=114,CN)
58.248.254.12	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Invalid user_Failed Logon (IP=12,CN)
58.254.132.140	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=140,CN)
58.26.0.0	16	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	MY TO-S-2019-0952 Malicious Email Activity
58.27.236.194	24	RR	None	2020-07-19 00:00:00	2020-10-17 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=194,PK)
58.37.225.126	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logons (IP=126,CN)
58.44.246.111	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=111,CN)
58.44.253.13	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=13,CN)
58.45.10.11	24	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=11 CN)
58.45.6.92	24	BMP	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=92,CN)
58.45.8.148	24	BMP	None	2020-01-09 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=148,CN) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=148,CN)
58.46.248.72	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=72,CN)
58.46.248.72	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=72,CN)
58.56.15.114	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=114,CN)
58.56.187.83	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Invalid user -Failed Logons (IP=83,CN)
58.56.189.109	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Generic ArcSight scan attempt (IP=109,CN)
58.56.33.221	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Invalid user - Failed Logons (IP=221,CN)
58.56.9.3	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password_6 hr Failed Logons (IP=3 CN)
58.57.46.181	24	RW	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=181,CN)
58.57.53.134	24	BMP	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=134,CN)
58.58.34.134	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=134,CN)
58.62.207.50	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Invalid user_Failed Logon (IP=50,CN)
58.64.167.14	24	GM	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=14,HK)
58.64.180.110	24	RR	None	2019-01-13 06:00:00	2020-04-12 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=110,HK) | updated by CW with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=51,HK)
58.64.180.51	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=51,HK)
58.64.206.216	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_Web Attacks (IP=16,HK)
58.65.129.173	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	PK TO-S-2020-0109.01 Malicious Email Activity
58.65.159.74	24	ABC	None	2019-10-07 00:00:00	2020-01-05 00:00:00	None	Generic ArcSight scan attempt (IP=74,PK)
58.65.241.43	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3604 COLS-NA-TIP-20-0262 (IP=43,ID)
58.65.241.43	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=43,ID)
58.69.106.196	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=196,PH)
58.69.139.168	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Generic ArcSight scan attempt (IP=168,PH)
58.69.250.188	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Generic ArcSight scan attempt (IP=188,PH)
58.69.58.87	24	RW	None	2020-09-14 00:00:00	2020-12-14 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=87,PH)
58.71.203.252	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=252,MY)
58.8.152.81	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - Failed Logons (IP=81,TH)
58.82.158.6	24	RW	None	2020-09-26 00:00:00	2020-12-26 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=6,TH)
58.82.176.0	21	jky	None	2016-11-14 06:00:00	2020-04-18 00:00:00	None	TH TO-S-2017-0160 Country Block | updated by BMP with reason Illegal user - 6hr Logons (IP=95,TH) | 2020-04-12 | 2017-11-14 | updated by KF with reason Failed password (IP=95,TH)
58.82.183.95	24	BMP	None	2020-01-13 00:00:00	2020-04-24 00:00:00	None	Illegal user - 6hr Logons (IP=95,TH) | updated by KF Block expiration extended with reason Failed password (IP=95,TH)
58.82.215.6	24	RR	None	2020-07-27 00:00:00	2020-10-25 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=6,HK)
58.82.248.25	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Command Injection Attempt (IP=25,HK)
58.82.250.8	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=8,HK)
58.82.250.8	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=8,HK)
58.82.250.8	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01586 (IP=8,HK)
58.84.7.229	24	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=229,HK)
58.87.111.2	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=2,CN)
58.87.115.217	24	CR	None	2018-11-16 06:00:00	2020-01-06 00:00:00	None	Hello Peppa Scan (IP=217,CN) | updated by KF Block was inactive. Reactivated on 20191008 with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=217,CN)
58.87.118.250	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Sourcefire (IP=250,CN)
58.87.120.53	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=53,CN)
58.87.67.142	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=142,CN)
58.87.75.59	24	RB	None	2018-12-09 06:00:00	2020-02-19 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=59,CN) | updated by RB with reason Failed password_6 hr Failed Logons (IP=178,CN) | 2020-02-19 | 2019-03-09
58.87.76.32	24	RW	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=32,CN)
58.97.14.227	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent / Mirai Echobot - TT# 020420-00060 (IP=227,US)
58.97.18.91	32	RW	None	2020-03-03 00:00:00	2020-11-21 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01942 (IP=91,TH) | updated by RB Block was inactive. Reactivated on 20200823 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)
59.1.203.122	24	CR	None	2019-04-12 00:00:00	2020-02-02 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=122,KR) | updated by KF with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=135,KR)
59.1.247.176	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	Authentication Failed - Failed Logons (IP=176,KR)
59.10.5.156	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user - Failed Logon (IP=156,KR)
59.102.152.0	21	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	TW TO-S-2020-0012 Malware Activity
59.102.253.191	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=191,TW)
59.102.56.203	24	RR	None	2020-01-20 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=203,AU) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=203,AU)
59.106.0.0	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	JP TO-S-2019-0800 Malicious Email Activity
59.106.13.22	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	JP TO-S-2019-0723 Malicious Email Activity
59.106.13.8	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	JP TO-S-2019-0723 Malicious Email Activity
59.106.171.107	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	JP TO-S-2019-0723 Malicious Email Activity
59.106.19.173	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=173,JP)
59.108.50.17	24	CR	None	2019-12-21 00:00:00	2020-03-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=17,CN)
59.108.72.222	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=222,CN)
59.115.125.160	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=160,TW)
59.115.137.208	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=208,TW)
59.115.198.39	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=39,TW)
59.120.185.230	24	RB	None	2020-01-07 00:00:00	2020-04-06 00:00:00	None	Illegal user_6 hr Failed Logons (IP=230 TW)
59.120.34.20	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=20,TW)
59.120.75.252	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=252,TW)
59.124.242.120	24	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	Illegal user - Failed Logons (IP=120,TW)
59.125.179.244	24	GM	None	2019-06-10 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=244,CN) | updated by ABC Block was inactive. Reactivated on 20191004 with reason Generic ArcSight scan attempt (IP=244,Taiwan)
59.125.62.229	32	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Immediate Inbound Network Block - TT# 20C00941 (IP=229,US)
59.126.211.115	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=115,TW)
59.126.62.28	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=28,TW)
59.126.69.60	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user_Failed Logon (IP=60,TW)
59.127.175.130	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=130,TW)
59.127.189.160	24	ABC	None	2019-01-07 06:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=160,TW) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_12 hr web attacks (IP=160,TW) | 2020-02-07 | 2019-04-07
59.127.9.155	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=155,TW)
59.144.137.134	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Invalid user - Failed Logon (IP=134,IN)
59.145.221.103	24	RR	None	2019-01-13 06:00:00	2020-03-09 00:00:00	None	Illegal user (IP=103,IN) | updated by CW Block was inactive. Reactivated on 20191210 with reason Authentication Failed_Failed Logon (IP=3,IN)
59.148.173.32	24	MWH	None	2016-12-05 06:00:00	2020-02-26 00:00:00	None	ET CINS Active Threat Intelligence Poor Reputation IP & Misc Web Attack (IP=32) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=231,HK)
59.149.128.0	18	jky	None	2017-08-17 05:00:00	2020-04-16 00:00:00	None	HK TO-S-2017-1441 DDOS activity | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=66,HK)
59.149.168.66	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=66,HK)
59.149.237.145	24	RB	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=145,HK)
59.151.12.249	24	RWB	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt - Web Attacks (IP=249,CN)
59.152.110.222	24	BMP	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=222,BD)
59.152.237.118	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=118,HK)
59.153.0.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
59.153.124.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AF TO-S-2020-0109.01 Malicious Email Activity
59.153.74.43	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=43,CN)
59.16.163.132	24	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=132,KR)
59.162.181.92	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	IN TO-S-2019-0640.01 Malicious Email Activity
59.167.178.36	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	AU TO-S-2019-0608 Malware Activity
59.167.178.38	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	AU TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason AU TO-S-2020-0212.01 Malware Activity
59.167.178.43	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	AU TO-S-2019-0631 Malware Activity
59.17.83.93	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Illegal user_6 hr Failed Logons (IP=93,KR)
59.173.12.127	24	ABC	None	2018-01-07 06:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=127,CN) | updated by RB with reason Command Injection Attempt (IP=193,CN) | 2020-01-18 | 2018-04-07
59.173.12.193	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Command Injection Attempt (IP=193,CN)
59.173.253.242	24	KF	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=242,CN)
59.175.15.14	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=14,CN)
59.175.176.252	24	JC	None	2014-10-06 05:00:00	2020-04-07 00:00:00	None	ET SCAN Potential SSH Scan | updated by RB with reason Illegal user_6 hr Failed Logons (IP=233,CN) | 2020-04-07 | 2015-01-06
59.180.233.148	24	RR	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Generic ArcSight scan attempt (IP=148,IN)
59.188.255.180	24	EDBT	None	2017-12-11 06:00:00	2020-03-14 00:00:00	None	ET SCAN Potential SSH Scan (IP=180,HK) | updated by RB with reason HTTP: ThinkPHP CMS Getshell Vulnerability (IP=197 HK) | 20 | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_6 hr web attacks (IP=207,HK) | 2020-03-14 |
59.188.83.78	24	wmp	None	2019-02-06 00:00:00	2020-03-05 00:00:00	None	authentication bypass vulnerability (IP=78,HK) | updated by RB with reason HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=100 HK) | 2020-03-05 | 2019-05-06
59.19.184.187	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=187,KR)
59.2.40.102	24	GM	None	2019-04-14 00:00:00	2020-02-05 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=102,KR) | updated by CW Block was inactive. Reactivated on 20191107 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (
59.23.78.173	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,KR)
59.24.251.184	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason KR TO-S-2020-0212.01 Malware Activity
59.25.197.154	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=154,KR)
59.26.114.155	24	GM	None	2020-09-30 00:00:00	2020-12-30 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=155,KR)
59.26.81.82	24	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=82,KR)
59.3.245.100	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=100,KR)
59.34.233.229	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=229,CN)
59.36.169.180	32	DT	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03538 (IP=180,CN)
59.36.172.96	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=96,CN)
59.36.75.227	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Failed password - Failed Logons (IP=227,CN)
59.37.33.202	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=202,CN)
59.38.126.238	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Command Injection Attempt (IP=238,no ISC data)
59.40.80.166	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=166,CN)
59.42.38.60	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=60,CN)
59.44.212.98	24	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	TCP: SYN Host Sweep (IP=98,CN)
59.46.170.118	24	RB	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_SourceFire (IP=118 CN)
59.46.2.206	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=206,CN)
59.46.229.165	24	BMP	None	2020-04-18 00:00:00	2020-07-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=165,CN)
59.48.40.34	24	RB	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Illegal user_6 hr Failed Logons (IP=34,CN)
59.50.0.219	24	RR	None	2020-01-20 00:00:00	2020-04-20 00:00:00	None	Illegal user - Failed Logons (IP=219,CN) | updated by BMP Block expiration extended with reason Illegal user - 6hr Logon (IP=219,CN)
59.51.103.1	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=1,CN)
59.57.13.172	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=172,CN)
59.58.207.250	24	BMP	None	2020-03-15 00:00:00	2020-06-13 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=250,CN)
59.59.83.32	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=32,CN)
59.6.143.72	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=72,KR)
59.61.167.91	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=91,CN)
59.63.10.38	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=38,CN)
59.63.204.127	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=127,CN)
59.63.208.139	24	RR	None	2020-04-29 00:00:00	2020-07-28 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=139,CN)
59.63.208.139	24	DT	None	2020-04-29 00:00:00	2020-07-28 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=139,CN)
59.63.210.127	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=127,CN)
59.72.122.148	24	KF	None	2019-10-28 00:00:00	2020-01-27 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=148,CN) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=148,CN)
59.88.142.123	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=123,IN)
59.89.0.0	20	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
59.89.11.43	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
59.9.31.195	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user - Failed Logons (IP=195,KR)
59.9.48.26	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=26,KR)
59.90.44.205	24	MLJ	None	2017-11-08 06:00:00	2020-05-16 00:00:00	None	ET SCAN Potential SSH Scan (IP=205,IN) | updated by RR Block was inactive. Reactivated on 20200216 with reason Authentication Failed - Failed Logons (IP=205,IN)
59.91.179.129	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
59.91.184.59	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
59.91.218.196	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
59.91.221.26	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
59.94.192.0	20	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
59.94.4.8	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
59.94.6.58	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
59.95.212.87	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
59.95.235.222	24	RWB	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=222,IN)
59.95.8.50	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=50,IN)
59.96.177.14	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_web attacks (IP=14,IN)
59.96.55.235	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=235,IN)
59.96.84.110	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=110,IN)
59.96.85.103	24	GLM	None	2017-05-18 05:00:00	2020-03-19 00:00:00	None	APP-DETECT failed FTP login attempt (IP=103,IN) | updated by dcg with reason IN TO-S-2019-0034 Indicator associated wit h mal | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=200,IN)
59.96.87.219	24	KF	None	2019-12-11 00:00:00	2020-03-10 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=219,IN)
59.98.116.75	24	BMP	None	2019-12-26 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=75,IN)
59.99.105.32	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
59.99.5.4	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
60.113.85.41	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=41,JP)
60.12.124.24	32	RW	None	2020-09-04 00:00:00	2020-12-04 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03825 (IP=24,CN)
60.121.251.43	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=43,JP)
60.138.28.20	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=20,JP)
60.161.134.154	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=154,CN)
60.165.208.170	24	RW	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=170,CN)
60.165.254.3	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Generic ArcSight scan attempt (IP=3,CN)
60.166.67.209	24	BMP	None	2020-07-10 00:00:00	2020-10-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=209,CN)
60.167.71.10	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=10,CN)
60.170.166.6	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=6,CN)
60.170.209.19	24	RB	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Illegal user_6 hr Failed Logons (IP=19,CN)
60.172.47.2	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=2,CN)
60.174.60.82	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=82,CN)
60.190.149.42	32	CR	None	2020-05-11 00:00:00	2020-08-09 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02714 (IP=42,CN)
60.190.248.10	24	RW	None	2020-03-19 00:00:00	2020-06-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=10,CN)
60.194.241.10	24	RB	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	UDP: Host Sweep_Sauron Report (IP=10,CN)
60.2.43.171	32	GM	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03526 (IP=171,CN)
60.205.184.10	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=10,CN)
60.205.224.140	24	RR	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=140,CN)
60.21.253.82	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	Known Attack Tool User Agent - TT# 20C01890 (IP=82,CN)
60.216.159.222	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=222,CN)
60.221.63.70	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=70,CN)
60.222.13.230	24	GM	None	2020-09-15 00:00:00	2020-12-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=230,CN)
60.222.233.139	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=139,CN)
60.240.14.88	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=88,AU)
60.243.113.134	24	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - Web Attacks (IP=134,IN)
60.243.140.94	24	RR	None	2020-01-21 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=94,IN) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=94,IN)
60.243.95.179	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=179,IN)
60.246.237.120	24	CW	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_web attacks (IP=20,MO)
60.247.88.194	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=194,CN)
60.248.167.25	32	DT	None	2020-09-17 00:00:00	2020-12-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03917 (IP=25,TW)
60.248.28.105	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=105,TW)
60.248.47.149	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,TW)
60.250.128.152	24	KF	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Authentication Failed (IP=152,TW)
60.254.40.190	24	RB	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=190,IN)
60.254.61.101	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=101,IN)
60.28.117.225	32	RW	None	2020-07-07 00:00:00	2020-08-07 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03386 (IP=225,CN)
60.29.69.30	32	KF	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01676 (IP=30,CN)
61.0.211.37	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=37,IN)
61.0.81.116	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=116,IN)
61.0.89.92	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
61.1.110.244	24	FT	None	2020-09-19 00:00:00	2020-12-18 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt (1:24343:4) - SourceFire (IP=244,IN)
61.100.180.9	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	KR TO-S-2020-0012 Malware Activity
61.111.13.51	24	GLM	None	2018-06-25 05:00:00	2020-03-05 00:00:00	None	BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt (IP=51,KR) | updated by RR with reason BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt - SourceFire (IP=55,KR)
61.12.38.162	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
61.12.86.107	24	RB	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=107,IN)
61.124.231.37	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=37,JP)
61.128.42.84	24	GM	None	2020-03-08 00:00:00	2020-06-08 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=84,CN)
61.130.0.0	17	dbc	None	2016-10-26 05:00:00	2020-01-21 00:00:00	None	CN TO-S-2017-0089 Malware Callbacks - Malware Binary | updated by GM with reason Illegal user - Failed Logons (IP=153,CN)
61.132.0.0	17	dbc	None	2016-10-26 05:00:00	2020-01-24 00:00:00	None	CN TO-S-2017-0089 Malware Callbacks - Malware Binary | updated by CR with reason Illegal user (IP=131,CN) | updated by RR wi | updated by KF with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_12 hr Web Attack (I
61.132.225.37	24	KF	None	2020-05-23 00:00:00	2020-05-23 00:00:00	None	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - Sourcefire (IP=37,CN)
61.133.133.207	24	RB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	Invalid user_6 hr Failed Logons (IP=207,CN)
61.133.194.58	24	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=58,CN)
61.133.238.106	24	RB	None	2019-02-12 00:00:00	2020-05-17 00:00:00	None	Authentication Failed (IP=106 CN) | updated by KF Block was inactive. Reactivated on 20191004 with reason Authentication Failed_6 Hr Failed Logons (IP=106 CN) | updated by RR Block was inactive. Reactivated on 20200217 with reason Authentication Fail
61.134.84.92	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=92,CN)
61.135.192.72	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=72,CN)
61.135.37.186	24	RW	None	2020-05-24 00:00:00	2020-08-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SSH Scan (IP=186,CN)
61.136.86.0	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attacks (IP=0,CN)
61.14.210.4	24	YM	None	2018-05-26 05:00:00	2020-06-18 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=4,KR) | updated by dbc with reason KR TO-S-2019-0747 Malicious Email Activity
61.14.211.203	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason KR TO-S-2020-0212.01 Malicious Web Application Activity
61.14.232.200	24	RR	None	2017-12-09 06:00:00	2020-09-19 00:00:00	None	ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack (IP=200,VN) | updated by dbc with reason VN TO-S-2019-1002 Malicious Email Activity
61.140.0.0	14	dbc	None	2016-10-26 05:00:00	2020-04-16 00:00:00	None	CN TO-S-2017-0089 Malware Callbacks - Malware Binary | updated by dcg with reason CN TO-S-2018-1167 associated with Command an | updated by RR with reason Illegal user - Failed Logons (IP=115,CN)
61.140.210.118	24	RR	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Illegal user - Failed Logopns (IP=118,CN)
61.140.228.227	24	KF	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	Illegal user - 6 Hour Failed Logins (IP=227,CN)
61.142.21.22	24	RR	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=22,CN)
61.147.103.122	32	RW	None	2020-02-10 00:00:00	2020-03-10 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C01668(IP=122,CN)
61.147.103.122	32	RW	None	2020-02-10 00:00:00	2020-03-10 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C01668(IP=122,CN)
61.147.103.122	32	RW	None	2020-02-10 00:00:00	2020-03-10 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C01668(IP=122,CN)
61.147.103.136	24	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	TCP: SYN Host Sweep (IP=136,CN)
61.147.54.161	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03007 (IP=161,CN)
61.147.54.161	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03007 (IP=161,CN)
61.147.54.162	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02972 (IP=162,CN)
61.147.54.165	32	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02941 (IP=165,CN)
61.147.54.168	32	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	HTTP: HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02922 (IP=168,CN)
61.147.54.169	32	CR	None	2020-05-26 00:00:00	2020-08-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02911 (IP=169,CN)
61.147.54.17	32	CR	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02886 (IP=17,CN)
61.147.54.172	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02974 (IP=172,CN)
61.147.54.174	32	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02957 (IP=174,CN)
61.147.54.179	32	KF	None	2020-05-23 00:00:00	2020-05-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02891 (IP=179,CN)
61.147.54.181	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02962 (IP=181,CN)
61.147.54.184	32	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02949 (IP=184,CN)
61.147.54.186	32	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02940 (IP=186,CN)
61.147.54.189	32	CR	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C02888 (IP=189,CN)
61.147.54.191	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03007 (IP=191,CN)
61.147.54.191	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03007 (IP=191,CN)
61.147.54.192	32	DT	None	2020-05-26 00:00:00	2020-08-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02917 (IP=192,CN)
61.147.54.193	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03007 (IP=193,CN)
61.147.54.193	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03007 (IP=193,CN)
61.147.54.203	32	CR	None	2020-05-26 00:00:00	2020-08-26 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C02912 (IP=203,CN)
61.147.54.205	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03007 (IP=205,CN)
61.147.54.205	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03007 (IP=205,CN)
61.147.58.186	32	CR	None	2020-05-26 00:00:00	2020-08-26 00:00:00	None	FTKNOX_HRC_IPS Signature: HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02910 (IP=186,CN)
61.147.61.14	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03007 (IP=14,CN)
61.147.61.14	24	KF	None	2020-05-30 00:00:00	2020-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03007 (IP=14,CN)
61.147.61.16	32	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02953 (IP=16,CN)
61.147.61.40	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C02973 (IP=40,CN)
61.148.0.0	18	dbc	None	2016-10-26 05:00:00	2020-02-20 00:00:00	None	CN TO-S-2017-0089 Malware Callbacks - Malware Binary | updated by RR with reason Failed password for invalid user - Failed Logons (IP=162,CN)
61.148.16.162	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user (IP= 162 , CN )
61.149.215.166	24	KF	None	2020-06-28 00:00:00	2020-09-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=166,CN)
61.150.95.53	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=53,CN)
61.150.95.53	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=53,CN)
61.153.224.158	32	GM	None	2020-06-08 00:00:00	2020-08-08 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03098 (IP=158,CN)
61.155.0.0	16	dbc	None	2016-10-26 05:00:00	2020-03-06 00:00:00	None	CN TO-S-2017-0089 Malware Callbacks - Malware Binary | updated by RB with reason Failed password for invalid user(IP=109,CN) | updated by GM with reason Invalid user - Failed Logons (IP=121,CN)
61.156.0.0	16	dbc	None	2016-10-26 05:00:00	2020-02-15 00:00:00	None	CN TO-S-2017-0089 Malware Callbacks - Malware Binary | updated by RB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=219,CN) | 2020-02-15 | 2017-10-26
61.16.1.84	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password_6 hr Failed Logons (IP=84,SG)
61.160.212.235	24	FT	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) TT# 20C03778 (IP=235,CN)
61.160.236.81	32	RW	None	2020-06-16 00:00:00	2020-07-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03189 (IP=81,CN)
61.161.0.0	16	dbc	None	2016-10-26 05:00:00	2020-02-23 00:00:00	None	CN TO-S-2017-0089 Malware Callbacks - Malware Binary | updated by GLM with reason APP-DETECT failed FTP login attempt (IP=218, | updated by RW with reason Authentication Failed - 6 hr failed logon (IP=203,CN) | updated by BP with reason Invalid user
61.162.215.32	32	BMP	None	2019-12-21 00:00:00	2020-01-20 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01196 (IP=32,US)
61.162.219.77	24	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=77,CN)
61.163.0.0	16	dbc	None	2016-10-26 05:00:00	2020-01-31 00:00:00	None	CN TO-S-2017-0089 Malware Callbacks - Malware Binary | updated by CR with reason Illegal user (IP=18,CN) | updated by KF wit | updated by GM with reason Invalid user - Failed Logons (IP=49,CN)
61.164.0.0	16	dbc	None	2016-10-26 05:00:00	2020-02-04 00:00:00	None	CN TO-S-2017-0089 Malware Callbacks - Malware Binary | updated by with reason | updated by RW with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - 6 hr web attacks (IP=21,CN) | updated by RR with reason SERVER-WEBAPP Phpcms user regis
61.164.101.21	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02806 (IP=21,CN)
61.164.207.230	24	KF	None	2019-11-02 00:00:00	2020-02-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=230,CN) | updated by KF Block expiration extended with reason HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability_Web Attacks (IP=230,CN)
61.164.248.187	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=187,CN)
61.171.200.110	24	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=110,CN)
61.172.174.186	24	CR	None	2018-11-26 06:00:00	2020-03-08 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=186,CN) | updated by BP Block was inactive. Reactivated on 20191209 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=186,CN)
61.175.121.76	24	RB	None	2019-01-12 06:00:00	2020-03-05 00:00:00	None	Illegal user (IP=76,CN) | updated by GM with reason Invalid user - Failed Logons (IP=76,CN)
61.175.134.227	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=227,CN)
61.175.194.90	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=90,CN)
61.175.97.108	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=108,CN)
61.178.245.178	16	dlb	None	2014-04-23 05:00:00	2020-01-16 00:00:00	None	TCP Host Sweeps (IP=178, CN) | updated by ABC with reason Bro-observed Port Scanning (IP=242,CN) | updated by dlb with reaso | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=9
61.180.120.68	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=68,CN)
61.186.33.51	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=51,CN)
61.186.48.184	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=184,CN)
61.188.210.186	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=86,CN)
61.188.39.33	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=33,CN)
61.188.39.33	24	KF	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=33,CN)
61.19.145.135	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password_6 hr Failed Logons (IP=135 TH)
61.19.151.189	24	RR	None	2018-12-22 06:00:00	2020-01-18 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=189,TH) | updated by RB with reason Generic ArcSight scan attempt (IP=148,TH) | 2020-01-18 | 2019-03-22
61.19.197.122	32	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C03651 (IP=122,TH)
61.19.203.2	24	CR	None	2019-05-01 00:00:00	2020-01-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_CIRT Web Attacks - Prior 6 hours (IP=2,TH) | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt (IP=2,TH) | 2020-01-02 | 2019-08-01
61.19.22.101	24	BLP	None	2016-10-03 05:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Setup.php access (IP=101,TH) | updated by GLM with reason Illegal user (IP=99,TH) | updated by RR with reason Failed password - Failed Logons (IP=162,TH)
61.19.248.108	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=108,TH)
61.19.249.188	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	TH TO-S-2020-0212.01 Malware Activity
61.19.249.188	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	TH TO-S-2020-0206 Malware Activity
61.19.32.0	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=0,TH)
61.19.40.58	32	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00592 (IP=58,TH)
61.19.54.234	24	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=234,TH)
61.19.71.84	24	BMP	None	2019-12-23 00:00:00	2020-01-23 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01214 (IP=84,TH)
61.19.71.84	24	BMP	None	2019-12-23 00:00:00	2020-01-23 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01214 (IP=84,TH)
61.19.71.84	32	KF	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01677 (IP=84,TH)
61.190.255.186	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Generic ArcSight scan attempt (IP=186,CN)
61.194.0.217	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Invalid user_Faield Logon (IP=17,JP)
61.197.231.1	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=1,JP)
61.2.148.228	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt -Web Attacks (IP=228,IN)
61.2.149.95	24	RW	None	2019-12-12 00:00:00	2020-03-12 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=95,IN)
61.2.150.31	24	CR	None	2020-01-01 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=31,IN)
61.2.153.100	24	RB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire (IP=100,IN)
61.2.155.172	24	RWB	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	Web Application Attack - SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=172,IN)
61.2.178.96	24	RB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_6 hr web attacks (IP=96,IN)
61.2.179.5	24	GM	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=5,CN)
61.2.192.0	20	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
61.2.22.23	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=23,IN)
61.2.7.18	24	RW	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=18,IN)
61.2.9.111	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	IN TO-S-2020-0109.01 Malicious Email Activity
61.216.0.228	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=228,TW)
61.216.13.170	24	GM	None	2019-11-13 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logons (IP=170,TW)
61.216.150.134	24	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=134,TW)
61.216.4.72	24	BMP	None	2020-05-11 00:00:00	2020-08-09 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=72,TW)
61.219.11.151	24	ABC	None	2019-01-07 06:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=151,TW) | updated by GM with reason ABC Generic ArcSight scan attempt (IP=153,TW)
61.219.155.151	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=151,TW)
61.219.221.176	24	ged	None	2015-04-29 05:00:00	2020-03-14 00:00:00	None	ET SCAN Potential SSH Scan (IP=176, TW), | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt -SourceFire (IP=205,TW) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code e
61.219.41.139	24	RB	None	2020-05-29 00:00:00	2020-08-27 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability_6 hr web attacks (IP=139,TW)
61.219.41.139	24	KF	None	2020-05-29 00:00:00	2020-08-27 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=139,TW)
61.219.41.144	32	FT	None	2020-09-19 00:00:00	2020-12-19 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03935 (IP=144,US)
61.220.41.80	24	DT	None	2020-04-20 00:00:00	2020-07-19 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=80,TW)
61.221.58.150	24	ABC	None	2019-10-15 00:00:00	2020-01-13 00:00:00	None	Command Injection Attempt (IP=150,Taiwan)
61.223.129.244	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=244,TW)
61.223.145.217	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=217,TW)
61.223.54.84	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=84,TW)
61.224.178.7	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=7,TW)
61.224.78.174	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=174,TW)
61.227.103.185	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=185,TW)
61.227.132.223	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=223,TW)
61.227.45.34	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=34,TW)
61.228.145.134	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=134,TW)
61.228.217.186	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=186,TW)
61.228.229.57	24	GM	None	2020-06-25 00:00:00	2020-08-25 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=57,TW)
61.230.138.132	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=132,TW)
61.230.202.205	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (IP=205,TW)
61.230.66.201	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=201,TW)
61.238.126.207	24	RR	None	None	2020-06-30 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=207,HK)
61.239.19.112	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=112,HK)
61.239.255.218	24	RR	None	2020-06-17 00:00:00	2020-09-15 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=218,HK)
61.242.59.176	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Invalid user_Failed Logon (IP=76,CN)
61.244.118.142	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=142,HK)
61.245.153.139	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=139,AU)
61.246.38.248	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=248,IN)
61.247.233.65	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=65,IN)
61.250.146.12	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Failed password - Failed Logons (IP=12,KR)
61.252.141.83	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=83,KR)
61.28.231.41	32	BMP	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload- ARCSight Sauron (CVE-2017-12615 and CVE-2017-12617) - TT# 20C02488 (IP=41,VN)
61.33.120.52	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	KR TO-S-2019-0400 Malware Activity
61.36.119.181	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=181,KR)
61.49.78.220	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=220,CN)
61.5.192.2	24	GLM	None	2017-04-04 05:00:00	2020-03-12 00:00:00	None	APP-DETECT failed FTP login attempt (IP=2,AF) | updated by dbc with reason AF TO-S-2019-0488 Malware Activity
61.50.123.182	24	20200120	None	None	2020-01-20 00:00:00	None	Illegal user - Fail Logins (IP=182,CN) | updated by RWB Block was inactive. Reactivated on 20191022 with reason Illegal user - Fail Logins (IP=182,CN)
61.50.213.227	32	nab	None	2020-09-25 00:00:00	2020-12-25 00:00:00	None	HIVE Case #3568 CTR-20-1055 Network scanning (IP=227,CN)
61.50.213.229	32	nab	None	2020-09-25 00:00:00	2020-12-25 00:00:00	None	HIVE Case #3568 CTR-20-1055 Network scanning (IP=229,CN)
61.51.64.68	24	RB	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability_6 hr web attacks (IP=68,CN)
61.52.85.38	24	CW	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=38,CN)
61.53.153.169	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=169,CN)
61.53.83.178	24	RB	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=178,CN)
61.54.165.236	24	RWB	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=236,CN)
61.54.42.240	24	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	SERVER-WEBAPP Atlassian Jira makeRequest server side request forgery attempt - Web Attacks (IP=240,CN)
61.54.69.10	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=10,CN)
61.57.240.213	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=213,TW)
61.6.200.26	24	RB	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt_Sourcefire (IP=26,BN)
61.63.121.125	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=125,TW)
61.65.32.0	20	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	TW TO-S-2020-0012 Malware Activity
61.69.78.78	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Invalid user - 6hr Logons (IP=78,AU )
61.73.182.233	24	RB	None	2019-02-12 00:00:00	2020-02-02 00:00:00	None	Failed password (IP=233 KR) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=233,KR)
61.74.118.139	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=139,KR)
61.76.218.161	24	GM	None	2019-05-15 00:00:00	2020-02-01 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Web Attacks (IP=161,KR) | updated by KF Block was inactive. Reactivated on 20191103 with reason SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution at
61.8.69.98	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=98,ID)
61.82.104.236	24	RR	None	2019-06-08 00:00:00	2020-01-31 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 hr Failed Logons (IP=236,KR) | updated by RR with reason Authentication Failed - Failed Logons (IP=236,KR)
61.85.190.47	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,KR)
61.9.103.80	24	FT	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03827 (IP=80,PH)
61.92.14.168	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=168,HK)
61.93.4.70	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=70,HK) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
61.93.4.70	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=70,HK) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
61.95.186.120	24	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	Illegal user (IP=120,IN)
61.95.233.61	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password (IP=61,IN)
61.97.250.56	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0212.01 Malicious Web Application Activity
61.97.250.56	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	KR TO-S-2020-0206 Malicious Web Application Activity
61.97.250.64	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	KR TO-S-2020-0212.01 Malicious Web Application Activity
61.97.250.64	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	KR TO-S-2020-0206 Malicious Web Application Activity
62.1.212.34	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=34,GR)
62.105.128.0	19	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	RU TO-S-2020-0006 Malicious Email Activity
62.109.0.0	19	jky	None	2017-08-23 05:00:00	2020-01-25 00:00:00	None	RU TO-S-2017-1423 Malware attack | updated by RR with reason Generic ArcSight scan attempt (IP=131,LU)
62.109.22.203	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=203,RU)
62.109.29.196	24	RR	None	2020-08-13 00:00:00	2020-11-11 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=196,RU)
62.11.48.40	24	CR	None	2019-10-16 00:00:00	2020-01-16 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability_Web Attack (IP=40,IT)
62.112.196.10	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	HU TO-S-2019-0723 Malicious Email Activity
62.112.8.162	24	EDBT	None	2017-09-09 05:00:00	2020-02-01 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=162,NL) | updated by RB with reason Generic ArcSight scan attempt (IP=16,NL) | 2020-02-01 | 2017-12-08
62.112.9.25	24	MLJ	None	2017-07-03 05:00:00	2020-01-11 00:00:00	None	ET SCAN Potential SSH Scan (IP=25,BE) | updated by ABC with reason Generic ArcSight scan attempt (IP=237,NL)
62.113.160.0	20	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	FI TO-S-2019-0890.02 Command and Control Exploit
62.113.215.212	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	DE TO-S-2019-0658 Malware Activity
62.113.227.26	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=26,DE)
62.113.86.36	24	RB	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr failed logon (IP=100,RU)
62.117.238.123	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=123,ES)
62.12.115.116	24	RR	None	2019-01-19 00:00:00	2020-02-07 00:00:00	None	Failed password for invalid user (IP=116,EG) | updated by RB with reason Failed password_6 hr Failed Logons (IP=116,KE) | 2020-02-07 | 2019-04-19
62.12.81.84	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=84,CY)
62.129.197.71	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	PL TO-S-2019-0546 Malicious Email Activity
62.138.18.107	24	RR	None	2020-06-11 00:00:00	2020-09-12 00:00:00	None	Phish.URL - Case #2935 (IP=107,DE)
62.138.18.107	24	RR	None	2020-06-11 00:00:00	2020-09-12 00:00:00	None	Phish.URL - Case #2935 (IP=107,DE)
62.138.3.98	24	djs	None	2016-04-08 05:00:00	2020-02-08 00:00:00	None	inbound to mySQL port 3306 (ip=98,DE) | updated by djs with reason inbound to mySQL port 3306 (ip=98,DE) | updated by jky wit | updated by RB with reason Generic ArcSight scan attempt (IP=134,DE) | 2020-02-08 | 2018-01-24
62.138.6.236	24	sjl	None	2016-05-18 05:00:00	2020-02-09 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=236 DE) | updated by KF with reason Generic ArcSight scan attempt (IP=197,DE)
62.141.103.146	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=146,RU)
62.149.140.226	32	dbc	None	2019-02-14 00:00:00	2020-02-15 00:00:00	None	IT TO-S-2019-0400 Malicious Email Activity | updated by dbc with reason IT TO-S-2019-0409 Malicious Email Activity
62.149.156.101	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=101,IT)
62.149.156.161	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=161,IT)
62.149.157.200	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=200,IT)
62.149.157.205	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=205,IT)
62.149.157.207	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=207,IT)
62.149.157.209	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=209,IT)
62.149.157.210	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=210,IT)
62.149.158.221	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=221,IT)
62.152.164.11	32	RW	None	2020-02-05 00:00:00	2020-03-05 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01608(IP=11,DE)
62.16.61.58	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,RU)
62.162.111.33	24	KF	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Authentication Failed - Failed Logins (IP=33,MK)
62.162.228.86	24	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=86,MY)
62.162.58.40	32	GM	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - 20C01649 (IP=40,US)
62.165.30.221	24	RB	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	Illegal user_6 hr Failed Logons (IP=221,RU)
62.169.206.54	24	KF	None	2020-04-22 00:00:00	2020-07-21 00:00:00	None	37621 HTTP DrayTek Vigor Multi-Products keyPath Unauthenticated (IP=54,GR)
62.171.137.47	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Unauthorized Scanning (IP=47,GB)
62.171.144.146	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=146,GB)
62.171.150.59	24	BMP	None	2020-03-10 00:00:00	2020-06-08 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=59,GB)
62.171.158.33	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=33,GB)
62.171.159.164	24	GM	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=164,DE)
62.171.163.90	24	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	UDP: Host Sweep - Automated Block Report (IP=90,DE)
62.171.167.199	24	KF	None	2020-03-31 00:00:00	2020-06-29 00:00:00	None	Unauthorized Scanning - ARCSight Sauron (IP=199,GB)
62.171.173.13	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=13,GB)
62.171.175.20	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=20,GB)
62.171.176.225	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=225,GB)
62.171.180.1	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=1,GB)
62.171.182.159	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=159,GB)
62.171.186.137	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	UDP: Host Sweep (IP=137,GB)
62.171.191.194	24	DT	None	2020-08-30 00:00:00	2020-11-30 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=194,DE)
62.173.140.181	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=181,RU)
62.173.145.159	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=159,RU)
62.173.152.159	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=159,RU)
62.178.15.181	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability (IP=181,AT)
62.183.2.190	32	RB	None	2020-06-09 00:00:00	2020-12-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03110 (IP=190,RU) | updated by RW Block was inactive. Reactivated on 20200927 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03995 (IP=33,DE)
62.195.148.148	24	GM	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=148,NL)
62.199.19.217	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	Authentication Failed_Failed Logon (IP=17,DK)
62.209.143.119	24	RW	None	2020-09-26 00:00:00	2020-12-26 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=119,UZ)
62.209.152.157	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=157,UZ)
62.210.101.81	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=81,FR)
62.210.103.75	24	BLP	None	2016-10-10 05:00:00	2020-03-08 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=75,FR) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=18,FR)
62.210.104.143	24	BMP	None	2020-05-08 00:00:00	2020-08-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=143,FR)
62.210.105.231	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=231,FR)
62.210.111.35	24	RW	None	2020-02-01 00:00:00	2020-05-05 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=35,FR) | updated by RR Block expiration extended with reason FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmi
62.210.116.103	24	CR	None	2020-01-01 00:00:00	2020-04-01 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=103,FR)
62.210.127.245	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	FR TO-S-2020-0031 Malicious Email Activity
62.210.136.228	24	dbc	None	2014-11-07 06:00:00	2020-04-22 00:00:00	None	Failed FTP Login Attempt (IP=228, FR) | updated by djs with reason failed FTP login attempts (ip=6,FR) | updated by ged with
62.210.139.101	24	ged	None	2014-05-11 05:00:00	2020-09-02 00:00:00	None	APP-DETECT failed FTP login attempt (IP=101, FR) | updated by djs with reason Rapid POP3 Scans (ip=94,FR) | updated by jkc w | updated by dbc with reason FR TO-S-2019-0952 Malicious Email Activity
62.210.140.125	24	RR	None	2020-04-24 00:00:00	2020-07-23 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=125,FR)
62.210.141.44	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	UDP: Host Sweep (IP=44,FR)
62.210.142.58	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	FR TO-S-2019-1036 Malicious Email Activity
62.210.144.213	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=213,FR)
62.210.162.202	24	ged	None	2014-05-07 05:00:00	2020-01-29 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (IP=202, FR) | updated by ged with reason ET SCAN Sipvicious User-Agent Detected (IP=36 | updated by GM with reason ABC Generic ArcSight scan attempt (IP=143,FR)
62.210.168.225	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=225,FR)
62.210.172.66	24	DT	None	2020-04-23 00:00:00	2020-07-22 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=66,FR)
62.210.177.42	24	DT	None	2020-04-23 00:00:00	2020-07-22 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=42,FR)
62.210.178.242	24	ged	None	2015-01-10 06:00:00	2020-02-01 00:00:00	None	ET SCAN Potential SSH Scan (IP=242, FR) | updated by RR with reason Illegal user (IP=72,FR) | updated by CW with reason CFM errors/ Unauthorized Access Attempt-TT# 19C02681 (IP=63,FR) | updated by RW with reason Unauthorized Access-Probe - TT# 19C03
62.210.180.226	32	RW	None	2020-01-06 00:00:00	2020-02-06 00:00:00	None	Unauthorized Access-Probe - TT# 20C01358(IP=226,FR)
62.210.180.8	24	RW	None	2020-04-23 00:00:00	2020-07-23 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Sourcefire (IP=8,FR)
62.210.188.203	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=203,FR)
62.210.202.26	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=26,FR)
62.210.204.233	24	RR	None	2020-08-13 00:00:00	2020-11-11 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=233,FR)
62.210.217.205	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=205,FR)
62.210.220.115	24	ABC	None	2018-09-13 05:00:00	2020-04-15 00:00:00	None	SSH Brute Force Login Attempt (IP=115 FR) | updated by RR with reason Worm.Ramnit - Case #1876 (IP=48,FR)
62.210.27.39	24	klb	None	2015-08-29 05:00:00	2020-07-29 00:00:00	None	SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=39 FR) | updated by MLJ with reason ET SCAN Behavioral Unusually fa | updated by dbc with reason FR TO-S-2019-0852 Malware Activity
62.210.30.113	24	BMP	None	2020-05-11 00:00:00	2020-08-09 00:00:00	None	Adware:MSIL/KabanInst - Hive Case 2587 (IP=113,FR)
62.210.31.99	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Failed password for invalid user - 6hr Logons (IP=99,FR)
62.210.75.170	24	djs	None	2014-10-07 05:00:00	2020-02-04 00:00:00	None	shellshock (ip=170,FR) | updated by RR with reason Generic ArcSight scan attempt (IP=202,FR)
62.210.76.202	24	ged	None	2016-02-17 06:00:00	2020-02-10 00:00:00	None	ET SCAN Potential SSH Scan (IP=202, FR) | updated by ABC with reason Generic ArcSight scan attempt (IP=195,FR) | 2018-03-30 | | updated by GM with reason ABC Generic ArcSight scan attempt (IP=243,FR)
62.210.79.219	24	GM	None	2020-04-24 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=219,FR)
62.210.80.96	24	RR	None	2020-01-20 00:00:00	2020-06-09 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=96,FR) | updated by RW Block expiration extended with reason FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit
62.210.83.41	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=41,FR)
62.210.84.69	24	RW	None	2020-04-23 00:00:00	2020-07-23 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Sourcefire (IP=69,FR)
62.210.89.18	32	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	Unauthorized Access-Probe - UDP: Host Sweep - TT# 20C01335 (IP=18,FR)
62.210.94.52	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	TCP: SYN Host Sweep (IP=52,FR)
62.210.94.52	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	TCP: SYN Host Sweep (IP=52,FR)
62.211.125.35	24	GM	None	2020-01-10 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - Web Attacks (IP=35,IT)
62.211.50.169	32	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=169,IT)
62.213.67.199	24	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6 hr Web Attacks (IP=199,RU)
62.215.34.49	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=49,KW)
62.215.6.11	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=11,KW)
62.218.84.53	24	RR	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Invalid user - Failed Logons (IP=53,AT)
62.221.54.35	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=35,UA )
62.231.0.0	19	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
62.231.192.0	18	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	OM TO-S-2019-0409 Malware Activity
62.234.0.146	24	CR	None	2018-12-12 06:00:00	2020-04-04 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=146,CN) | updated by dbc with reason CN TO-S-2019-0571 Malicious Email Act
62.234.107.221	32	RW	None	2020-06-01 00:00:00	2020-09-01 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability(CVE-2019-16759) - TT# 20C03018 (IP=221,CN)
62.234.136.215	32	DT	None	2020-06-24 00:00:00	2020-07-24 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03276 (IP=215,CN)
62.234.183.175	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02815 (IP=175,CN)
62.234.6.68	24	RR	None	2020-02-26 00:00:00	2020-05-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=68,NL)
62.234.74.254	32	FT	None	2020-09-28 00:00:00	2020-12-28 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C04001(IP=254,CN)
62.234.94.212	24	KF	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	Immediate Inbound Network Block - TT# 20C01262 (IP=212,NL)
62.243.151.36	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	DK TO-S-2019-0430 Malware Activity
62.248.185.110	32	GM	None	2020-09-22 00:00:00	2020-12-22 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attack (IP=110,FI)
62.248.35.90	24	CR	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=90,TR)
62.28.217.160	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=160,PT)
62.28.34.125	24	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password (IP=125,PT)
62.28.7.213	24	RR	None	2018-08-18 05:00:00	2020-04-27 00:00:00	None	Authentication Failed (IP=213,PT) | updated by CW Block was inactive. Reactivated on 20200128 with reason Authentication Failed_Failed Logon (IP=13,PT)
62.31.181.67	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	GB TO-S-2019-0608 Malware Activity
62.33.232.23	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C01895 (IP=23,RU)
62.38.159.76	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Sourcefire (IP=76,GR)
62.4.15.110	24	EDBT	None	2016-11-13 06:00:00	2020-02-09 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=110,FR) | updated by MLJ with reason ET SCAN Sipvicious User-Ag | updated by KF with reason Generic ArcSight scan attempt (IP=110,FR)
62.4.7.85	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	FR TO-S-2019-0972 Malicious Email Activity
62.45.227.200	24	CR	None	2019-10-18 00:00:00	2020-01-18 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt _Sourcefire (IP=200,NL)
62.60.103.19	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=19,GB)
62.60.207.106	24	RB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	HTTP: SQL Injection Attempt Detected_6 hr web attacks (IP=106,IR)
62.65.78.153	32	RW	None	2020-03-05 00:00:00	2020-04-05 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C01978(IP=153,US)
62.67.238.136	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	DE TO-S-2019-0626.01 Malware Activity
62.73.4.203	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=203,FR)
62.73.4.75	24	BMP	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr Web Attacks (IP=75,FR)
62.73.4.75	24	BMP	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr Web Attacks (IP=75,FR)
62.75.143.100	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	FR TO-S-2019-1036 Malicious Email Activity
62.75.159.60	24	GM	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=60,FR)
62.75.167.93	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	DE TO-S-2020-0109.01 Malicious Email Activity
62.75.175.142	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password for invalid user - Failed Logons (IP=142,FR)
62.75.187.192	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	FR TO-S-2019-1036 Malicious Email Activity
62.75.191.231	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	FR TO-S-2019-0508 Malware Activity
62.77.50.54	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=54,IT)
62.83.85.12	24	KF	None	2020-04-16 00:00:00	2020-07-15 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=12,ES)
62.86.203.177	24	CW	None	2020-01-24 00:00:00	2020-05-28 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=77,IT) | updated by RW Block expiration extended with reason SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - Sourcefire (IP=177,IT)
62.86.211.49	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=49,IT)
62.86.25.151	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=151,IT)
62.88.146.93	24	RB	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_6 hr web attacks (IP=93,SE)
62.90.235.90	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=90,IL)
62.90.85.225	24	CW	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=25,IL)
62.92.101.254	24	KF	None	2020-06-28 00:00:00	2020-09-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=254,NO)
62.97.195.163	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	NO TO-S-2019-0409 Malicious Email Activity
62.97.84.56	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=56,ES)
62.98.112.144	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=144,IT)
62.98.192.215	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=215,IT)
62.98.198.154	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=154,IT)
62.98.203.152	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=152,IT)
62.98.219.217	24	RB	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=217 IT)
62.98.222.105	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=5,IT)
62.98.237.249	24	RWB	None	2020-01-16 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=249,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=249,IT)
62.98.24.103	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=103,IT)
62.98.31.129	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=129,IT)
62.98.45.200	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=200,IT)
62.98.62.233	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=33,IT)
62.98.64.26	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
62.98.72.122	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=122,IT)
62.98.77.129	24	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_6 hr web attacks (IP=129,IT)
62.98.90.242	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=42,IT)
63.128.21.214	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=214,US)
63.141.242.168	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	NL TO-S-2020-0006 Malicious Email Activity
63.143.53.142	32	GLM	None	2018-07-19 05:00:00	2020-04-19 00:00:00	None	APP-DETECT failed FTP login attempt (IP=142,US) | updated by RW Block was inactive. Reactivated on 20200119 with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Sourcefire (IP=142,US)
63.143.57.26	32	RR	None	2020-01-17 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=26,US) | updated by KF with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=26,US)
63.143.57.26	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Sourcefire (IP=26,US)
63.143.75.142	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=142,JM)
63.147.161.70	32	RB	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01681 (IP=70,CN)
63.217.208.177	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	US TO-S-2019-0634 Malicious Email Activity
63.245.56.11	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=11,GD)
63.249.200.121	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	US TO-S-2019-0926 Malicious Email Activity
63.250.32.85	32	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	TCP: SYN Host Sweep (IP=85,US)
63.250.36.209	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=209,US)
63.250.38.63	32	GM	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=63,US)
63.32.76.223	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
63.84.88.203	32	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=203,US)
636.5v.pl	---	RR	None	2020-01-15 00:00:00	2020-04-14 00:00:00	2023-01-19 22:36:12	Malicious.LIVE.DTI.URL
64.111.105.222	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=222,US)
64.111.122.152	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
64.111.125.1	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
64.13.192.153	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	US TO-S-2019-0831 Malicious Email Activity
64.13.192.74	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malware Activity
64.13.192.76	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malware Activity
64.13.225.150	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
64.13.232.149	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malware Activity
64.136.55.37	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=37,US)
64.140.168.170	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
64.140.171.162	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0610 Malware Activity
64.15.129.119	24	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=119,CA)
64.151.229.46	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=46,CA)
64.156.26.74	32	wmp	None	2020-08-26 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=74,US) | updated by wmp Block expiration extended with reason HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=74,US)
64.182.79.171	32	DT	None	2020-09-30 00:00:00	2020-12-30 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C04026 (IP=171,US)
64.184.48.7	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=7,US)
64.196.25.178	32	KF	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	Known Attack Tool User Agent - TT# 010420-00025 (IP=178,US)
64.20.44.202	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
64.20.63.132	32	GM	None	2020-04-13 00:00:00	2020-07-13 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=132,US) | unblocked: No D-LINK DSL ROUTERS ON CORPSNET
64.201.56.163	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	BOT: Mirai Echobot Activity Detected - TT# 020420-00051 (IP=163,CA)
64.202.184.219	32	BMP	None	2020-06-01 00:00:00	2020-09-01 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6hr Web Attacks (IP=219,US)
64.202.187.15	32	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Invalid user - Failed Logons (IP=15,US)
64.202.187.152	32	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=152,US)
64.225.118.231	32	FT	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=231,US)
64.225.15.75	32	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=75,US)
64.225.45.204	32	GM	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=204,US)
64.225.59.34	32	CR	None	2020-04-25 00:00:00	2020-07-25 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02559 (IP=34,US)
64.225.64.45	24	CW	None	2020-01-06 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt_SourceFire (IP=45,NL)
64.225.7.115	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=115,CA)
64.225.7.138	32	BP	None	2019-12-13 00:00:00	2020-03-12 00:00:00	None	MALWARE-OTHER Win.Backdoor.Chopper inbound request attempt - SourceFire (IP=138,US)
64.225.72.103	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=103,NL)
64.225.73.254	32	DT	None	2020-06-23 00:00:00	2020-09-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=254,US)
64.225.79.144	24	CR	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=144,NL)
64.227.105.121	32	wmp	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=121,US)
64.227.109.156	32	BMP	None	2020-09-08 00:00:00	2020-12-08 00:00:00	None	SERVER-WEBAPP Cisco ASA directory traversal attempt - SourceFire (IP=156,US)
64.227.17.204	32	GM	None	2020-04-24 00:00:00	2020-07-24 00:00:00	None	Double-URI Traffic Detected - TT# 20C02555 (IP=204,US)
64.227.23.158	32	RR	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt - Web Attacks (IP=158,US)
64.227.31.135	32	GM	None	2020-03-13 00:00:00	2020-06-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=135,US)
64.227.33.8	32	BMP	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	Unauthorized Access-Probe - TT# 20C01830 (IP=32,US)
64.227.40.75	24	RR	None	2020-04-19 00:00:00	2020-07-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=75,GB)
64.227.41.93	24	RW	None	2020-04-11 00:00:00	2020-07-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=93,US)
64.227.48.8	32	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - 20C01703 (IP=8,US)
64.227.63.118	32	RW	None	2020-07-09 00:00:00	2020-08-09 00:00:00	None	Signature: TO-S-2020-0674 / IP attempted communication - TT# 20C03399 (IP=118,US)
64.227.79.212	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=212,CA)
64.227.90.85	32	RR	None	2020-08-28 00:00:00	2020-11-26 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=85,US)
64.228.43.229	24	RR	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=229,CA)
64.233.177.132	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0781 Malicious Email Activity
64.233.185.132	32	dbc	None	2019-06-27 00:00:00	2020-07-23 00:00:00	None	US TO-S-2019-0781 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0839 Malicious Email Activity
64.233.191.105	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=105,US)
64.233.191.153	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=153,US)
64.235.35.183	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Web Application Activity
64.235.37.176	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
64.235.37.215	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	NL TO-S-2019-0831 Malicious Email Activity
64.235.39.45	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malware Activity
64.235.60.123	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malware Activity
64.238.191.247	32	RW	None	2020-04-03 00:00:00	2020-05-03 00:00:00	None	Known Attack Tool User Agent - TT# 20C02349 (IP=247,US)
64.251.19.214	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0777 Malicious Email Activity
64.251.19.217	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0777 Malicious Email Activity
64.251.19.232	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0777 Malicious Email Activity
64.251.30.233	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
64.254.242.175	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	US TO-S-2019-0608 Malicious Email Activity
64.26.60.164	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
64.26.60.165	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
64.26.60.166	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
64.26.60.168	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
64.26.60.170	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
64.26.60.171	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
64.26.60.172	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
64.26.60.182	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
64.26.60.183	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
64.26.60.185	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
64.27.54.188	32	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - sourcefire (IP=188,US)
64.31.6.82	32	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Generic ArcSight scan attempt (IP=82,US)
64.32.11.61	24	RR	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=61,NV)
64.32.6.209	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
64.32.7.74	32	RW	None	2020-02-19 00:00:00	2020-03-19 00:00:00	None	Unauthorized Access-Probek - TT# 20C01778(IP=74,US)
64.34.171.237	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=237,CA)
64.34.253.155	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Web Application Activity
64.34.65.10	24	wmp	None	2018-09-12 05:00:00	2020-05-06 00:00:00	None	COLS-NA TIP 18-0333 (IP=10,CA) | updated by dbc with reason CA TO-S-2018-1149 Spear Phishing - Malicious Email Activity | updated by dbc with reason CA TO-S-2019-0640.01 Malicious Email Activity
64.34.67.235	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	CA TO-S-2019-0508 Malicious Email Activity
64.37.51.69	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=69,US)
64.37.52.109	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
64.40.126.97	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=97,CA)
64.40.253.183	32	RW	None	2020-04-03 00:00:00	2020-05-03 00:00:00	None	Known Attack Tool User Agent - TT# 20C02348 (IP=183,CA)
64.41.200.105	24	RW	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=146,IN)
64.41.82.125	32	dbc	None	2019-12-25 00:00:00	2020-12-25 00:00:00	None	US TO-S-2020-0212 Malicious Web Activity
64.41.86.36	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	US TO-S-2019-0608 Malicious Email Activity
64.44.133.133	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malware Activity
64.44.40.210	32	RB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=210,US)
64.44.44.147	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	US TO-S-2019-0613 Malicious Email Activity
64.44.80.76	32	ABC	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	Generic ArcSight scan attempt (IP=76,US)
64.50.186.8	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0610 Malicious Email Activity
64.52.109.143	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	US TO-S-2019-0800 Malicious Email Activity
64.52.87.27	32	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=27,US)
64.58.121.60	32	RW	None	2020-05-08 00:00:00	2020-08-08 00:00:00	None	Malicious IP - Hive Case 2679 (IP=60,US)
64.58.126.236	32	BMP	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	Malicious.SSL.MonetizUs - Hive Case 2906 (IP=236,US)
64.64.104.10	32	RW	None	2020-02-05 00:00:00	2020-08-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=10,US) | not blocked because No valid destinations in IDS Report | updated by RW Block was inactive. Reactivated on 20200406 with reason INDICATOR-SCAN DNS version.bind
64.64.4.158	32	RR	None	2019-07-01 00:00:00	2020-01-02 00:00:00	None	Authentication Failed - 6 hr Falied Logons (IP=158,US) | updated by RR with reason Authentication Failed - Failed Logons (IP=158,US)
64.71.158.54	32	KF	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=54,US)
64.71.33.182	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
64.71.34.90	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
64.71.77.30	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Generic ArcSight scan attempt (IP=30,US)
64.71.79.132	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	UDP: Host Sweep (IP=132,US)
64.76.6.126	24	RR	None	2018-12-06 06:00:00	2020-04-19 00:00:00	None	Failed password (IP=126,AR) | updated by RR with reason Illegal user - Failed Logons (IP=126,AR)
64.78.48.45	32	wmp	None	2020-09-10 00:00:00	2020-12-09 00:00:00	None	HIVE Case #3826 COLS-NA-TIP-20-0285 (IP=45,US)
64.79.90.83	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malware Activity
64.90.34.166	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
64.90.40.144	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
64.90.40.39	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
64.90.41.62	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	US TO-S-2019-0468 Malware Activity
64.91.226.20	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
64.91.243.96	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
64.98.145.30	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	CA TO-S-2019-0430 Malicious Email Activity
64.98.42.132	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	CA TO-S-2019-0409 Malicious Email Activity
64.98.42.220	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	CA TO-S-2019-0409 Malicious Email Activity
64.98.42.33	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	CA TO-S-2019-0409 Malicious Email Activity
64.98.42.49	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	CA TO-S-2019-0409 Malicious Email Activity
65.103.162.178	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	Possible SQLi attempt - TT# 20C02975 (IP=178,US)
65.113.205.146	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=146,US) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=146,US)
65.116.218.130	32	RW	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02759 (IP=130,CN)
65.116.218.211	32	GM	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03467 (IP=211,NL)
65.116.218.90	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
65.153.45.34	32	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=34,US)
65.154.226.109	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Web Application Activity
65.155.30.101	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Web Application Activity
65.158.47.113	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malware Activity
65.158.47.16	32	dbc	None	2020-01-08 00:00:00	2020-05-27 00:00:00	None	US TO-S-2020-0236 Application Vulnerability Exploit | unblocked: TO-S-2020-0570 Lift block since mitigations from TO-S-2019-0236 on this IP is no longer required
65.158.47.83	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
65.158.47.97	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
65.18.114.113	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=113,MM)
65.181.124.24	32	GM	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	ABC Generic ArcSight scan attempt (IP=24,US)
65.183.138.158	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
65.186.61.125	32	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=125,US)
65.189.1.108	32	ALJ	None	2018-09-08 05:00:00	2020-05-08 00:00:00	None	Authentication Failed (ip=108,us) | updated by GM Block was inactive. Reactivated on 20200208 with reason Authentication Failed - Failed Logons (IP=108,US)
65.19.174.198	32	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=198,US)
65.245.186.116	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 020420-00071 (IP=116,US)
65.254.227.224	32	dbc	None	2019-09-19 00:00:00	2020-12-14 00:00:00	None	US TO-S-2019-1002 Malicious Web Application Activity | unblocked TO-S-2020-0036.01 ARCYBER G33 directs immediate lift of blocked IP due to mission requirements. | updated by RW Block was inactive. Reactivated on 20200914 with reason 36192: HTTP: China Cho
65.254.250.119	32	wmp	None	2020-06-24 00:00:00	2020-09-24 00:00:00	None	HIVE Case #3110 COLS-NA-TIP-20-0193 (IP=119,US)
65.34.20.242	32	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=242,US)
65.39.128.36	32	wmp	None	2020-08-03 00:00:00	2020-11-03 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=36,CA)
65.39.176.118	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	CA TO-S-2020-0056 Malicious Email Activity
65.39.193.40	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	CA TO-S-2019-0400 Malicious Email Activity
65.39.193.60	32	dbc	None	2019-01-24 00:00:00	2020-02-15 00:00:00	None	CA TO-S-2019-0351 Malicious Email Activity | updated by dbc with reason CA TO-S-2019-0409 Malicious Email Activity
65.40.106.134	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=134,US)
65.49.192.153	32	dbc	None	2019-02-27 00:00:00	2020-02-27 00:00:00	None	US TO-S-2019-0444 Malicious Reconnaissance Activity
65.52.169.39	24	BP	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Failed password for invalid user - 6hr Logons (IP=39,HK)
65.52.29.109	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=109,US)
65.60.4.134	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
65.61.162.77	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
65.70.31.19	32	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=19,US)
65.75.139.105	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
65.99.152.25	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=25,SW)
65.99.205.123	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0747 Malicious Email Activity
65.99.228.20	32	RR	None	2019-03-19 00:00:00	2020-04-19 00:00:00	None	SQL use of sleep function with and - likely SQL injection (IP=20,US) | updated by dbc with reason US TO-S-2019-0608 Malicious
65.99.237.153	32	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=153,US)
65.99.237.153	32	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr Web Attacks (IP=153,US)
65.99.237.153	32	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=153,US)
65.99.237.153	32	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr Web Attacks (IP=153,US)
65.99.237.153	32	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr web attacks (IP=153,US)
65.99.237.153	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=153,US)
65.99.237.153	32	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=153,US)
65.99.237.153	32	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr Web Attacks (IP=153,US)
65.99.237.153	32	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=153,US)
65.99.237.153	32	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr Web Attacks (IP=153,US)
65.99.237.153	32	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr web attacks (IP=153,US)
65.99.237.153	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=153,US)
65.99.237.208	32	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=208,US)
66.102.236.198	32	RB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Possible SQLi attempt/HTTP: Blind SQL Injection - Timing - TT# 20C01189 (IP=198,US)
66.11.12.100	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
66.11.152.125	32	wmp	None	2020-09-11 00:00:00	2020-12-10 00:00:00	None	HIVE Case #3840 COLS-NA-TIP-20-0287 (IP=125,CA)
66.110.130.146	24	ABC	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	Generic ArcSight scan attempt (IP=146,CA)
66.111.4.54	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0734.01 Malicious Email Activity
66.112.216.105	32	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=105,US)
66.112.216.105	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=105,US)
66.113.163.81	32	RR	None	2020-07-07 00:00:00	2020-10-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=81,US)
66.113.195.92	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
66.113.224.151	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0610 Malicious Email Activity
66.115.121.190	32	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Invalid user - Failed Logon (IP=,US)
66.115.168.3	24	CR	None	2019-05-28 00:00:00	2020-02-10 00:00:00	None	8316: HTTP: Cross Site Scripting (String.fromCharCode) - TT# 19C02169 (IP=3,US) | updated by GM with reason ABC Generic ArcSight scan attempt (IP=8,US)
66.115.169.201	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3576 CTO-20-226 (IP=201,US)
66.115.169.211	32	RR	None	2019-12-18 00:00:00	2020-01-17 00:00:00	None	Known Attack Tool User Agent//OpenVAS Vulnerability Scanner - TT# 20C01172 (IP=211,us)
66.115.173.146	32	CR	None	2019-06-14 00:00:00	2020-06-26 00:00:00	None	PROTOCOL-VOIP Cisco Meeting Server SIP SDP media description buffer overflow attempt - SourceFire (IP=114,US) | updated by BP Block was inactive. Reactivated on 20200328 with reason Unauthorized Access-Probe - TT# 20C02238 (IP=146,US)
66.116.62.10	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
66.117.5.101	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
66.119.103.96	32	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=96,US)
66.143.231.89	32	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=89,US)
66.147.240.96	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=96, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
66.147.242.161	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
66.147.242.165	32	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=165,US)
66.147.242.192	32	KF	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	SQL HTTP URI blind injection attempt (IP=192,US)
66.147.244.100	24	sym	None	2014-09-24 05:00:00	2020-04-26 00:00:00	None	BOT: ZeusVM Request Detected (ip=100,US) | updated by tjh with reason US TO-S-2016-0515 | updated by tjh with reason US TO-S
66.148.113.107	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malware Activity
66.152.183.26	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	US TO-S-2019-0613 Malicious Email Activity
66.152.183.8	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
66.154.102.144	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	CA TO-S-2019-0430 Malware Activity
66.154.113.243	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
66.154.14.145	32	BMP	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=145,US)
66.155.39.56	32	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=56,US)
66.163.184.243	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=243,US)
66.163.184.98	32	wmp	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=98,US)
66.163.185.214	32	wmp	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=214,US)
66.163.187.31	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=31,US)
66.163.188.43	32	wmp	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=43,US)
66.163.189.173	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=173,US)
66.163.190.146	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=146,US)
66.165.225.178	32	RR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=178,US)
66.165.227.59	32	KF	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=59,US)
66.172.33.234	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
66.175.219.54	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	AU TO-S-2019-0608 Malware Activity
66.175.220.73	32	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=73,US)
66.177.76.130	24	RW	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=10,HK)
66.187.75.122	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
66.195.138.88	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
66.198.240.52	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
66.198.245.225	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
66.198.250.93	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
66.198.252.48	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
66.201.89.2	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=2,US)
66.206.84.222	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malicious Email Activity
66.210.153.11	32	wmp	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	HIVE Case #3554 COLS-NA-TIP-20-0257 (IP=11,US)
66.212.52.134	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=134,JM)
66.212.54.246	24	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=246,JM)
66.220.149.1	24	RR	None	2020-07-29 00:00:00	2020-10-27 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=1,AU)
66.225.225.225	32	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=225,US)
66.228.52.100	32	KF	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	Self Report/Web Scanner - TT# 20C02217 (IP=100,US)
66.23.235.195	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	Unaffiliated TO-S-2019-0816 Malicious Email Activity
66.232.20.18	32	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=18,US)
66.232.20.44	32	ABC	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	Generic ArcSight scan attempt (IP=44,US)
66.235.200.112	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=112,US)
66.235.200.146	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=146,US)
66.249.65.205	32	GM	None	2019-10-09 00:00:00	2020-01-09 00:00:00	None	APP-DETECT failed FTP login attempt
66.33.213.34	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	US TO-S-2019-0800 Malicious Email Activity
66.33.221.167	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
66.33.222.47	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
66.35.110.70	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
66.35.71.192	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
66.38.90.47	32	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=47,US)
66.38.91.235	32	BMP	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=235,US)
66.39.114.223	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=223, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
66.42.49.100	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	SG TO-S-2020-0056 Malware Activity
66.42.64.0	18	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	IN TO-S-2019-0734.01 Malicious Email Activity
66.42.83.118	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
66.42.87.202	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Web Application Activity
66.45.245.146	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=146,US)
66.45.251.242	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
66.55.14.118	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
66.60.166.66	32	RR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C02984 (IP=66,US)
66.61.208.202	32	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=202,US)
66.63.79.202	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=202,US)
66.64.41.14	32	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=14,US)
66.67.88.230	32	RW	None	2020-02-12 00:00:00	2020-03-12 00:00:00	None	IR2020-047 Burst Network Traffic - Possible DDoS Attempt - TT# 20C01700(IP=230,US)
66.7.196.108	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=108,US)
66.7.209.209	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0610 Malware Activity
66.70.132.76	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=76,CA)
66.70.150.86	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	CA TO-S-2019-0972 Malware Activity
66.70.173.48	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	FR TO-S-2019-0604 Malware Activity
66.70.188.12	32	RR	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Illegal user - Failed Logons (IP=12,US)
66.70.189.236	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=236,GA)
66.70.191.145	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
66.70.201.173	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	CA TO-S-2019-0382 Malicious Email Activity
66.70.218.41	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=41,FR)
66.70.245.115	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SQL HTTP URI blind injection attempt - SourceFire (IP=115,CA)
66.70.247.98	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
66.85.147.18	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0363.01 Malicious Email Activity
66.85.156.68	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	US TO-S-2019-0800 Malicious Email Activity
66.85.156.75	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	IN TO-S-2019-0608 Malware Activity
66.85.88.15	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
66.96.133.203	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3290 COLS-NA-TIP-20-0214 (IP=203,US)
66.96.144.171	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=171,US)
66.96.147.202	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
66.96.149.1	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=1,US)
66.96.149.31	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
66.96.183.53	32	BMP	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6hr Web Attacks (IP=53,US)
66.96.185.4	32	wmp	None	2020-09-11 00:00:00	2020-12-10 00:00:00	None	HIVE Case #3845 COLS-NA-TIP-20-0289 (IP=4,US)
66.96.186.2	32	wmp	None	2020-09-11 00:00:00	2020-12-10 00:00:00	None	HIVE Case #3845 COLS-NA-TIP-20-0289 (IP=2,US)
66.96.187.9	32	wmp	None	2020-09-11 00:00:00	2020-12-10 00:00:00	None	HIVE Case #3845 COLS-NA-TIP-20-0289 (IP=9,US)
66.96.188.9	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=9,US)
66.96.189.7	32	wmp	None	2020-09-11 00:00:00	2020-12-10 00:00:00	None	HIVE Case #3845 COLS-NA-TIP-20-0289 (IP=7,US)
66.96.204.68	24	GLM	None	2017-01-03 06:00:00	2020-08-22 00:00:00	None	ET SCAN Potential SSH Scan (IP=68,SG) | updated by RR with reason ET SCAN Potential SSH Scan (IP=46,US) | 2017-12-06 | 2017-0 | updated by dbc with reason SG TO-S-2019-0926 Malicious Reconnaissance Activity
66.96.208.78	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=78,SG)
66.96.211.54	24	EDBT	None	2017-07-09 05:00:00	2020-08-22 00:00:00	None	ET SCAN Potential SSH Scan (IP=54,SG) | updated by CR with reason Authentication Failed (IP=198,SG)Â Â  | updated by dbc with reason SG TO-S-2019-0926 Malicious Reconnaissance Activity
66.96.215.215	24	EDBT	None	2017-06-25 05:00:00	2020-08-22 00:00:00	None	ET SCAN Potential SSH Scan (IP=215,SG) | updated by dbc with reason SG TO-S-2019-0926 Malicious Reconnaissance Activity
66.96.239.34	24	KF	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02361 (IP=34,ID)
66.97.230.8	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
66.97.34.0	24	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	AR TO-S-2019-0577 Malicious Email Activity
66.98.79.132	24	jkc	None	2015-11-29 06:00:00	2020-04-03 00:00:00	None	ET SCAN Potential SSH Scan (IP=132 , DO) | updated by CR with reason Illegal user (IP=181,DO) | updated by KF with reason | updated by RR with reason Illegal user - Failed Logons (IP=181,DO)
67.100.142.50	32	CW	None	2020-01-12 00:00:00	2020-02-12 00:00:00	None	Unauthorized Access Attempt-TT# 20C01426 (IP=50,US)
67.151.109.137	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	US TO-S-2019-0409 Malicious Service Disruption Activity
67.161.215.117	32	GM	None	2019-10-01 00:00:00	2020-01-01 00:00:00	None	Illegal user - Failed logons (IP=117,US)
67.161.243.252	32	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=252,US)
67.164.35.219	32	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=219,US)
67.166.253.180	32	GM	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=180,US)
67.171.240.38	32	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Hive case 2094 (IP=38,US)
67.198.130.224	32	DT	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02723 (IP=224,US)
67.198.131.201	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=201,US)
67.199.248.12	32	dbc	None	2019-08-15 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity | updated by wmp Block expiration extended with reason HIVE Case #3038 CTO-20-168 (IP=12,US)
67.199.248.13	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
67.199.248.14	32	dbc	None	2019-08-27 00:00:00	2020-11-24 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity | updated by wmp Block expiration extended with reason HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=14,US) | updated by wmp Block expiration extended with reason HIVE Case #3270 COLS-NA-TIP-20-0210 (
67.199.248.16	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
67.20.121.71	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malicious Email Activity
67.20.169.200	32	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	FTPP_FTP_RESPONSE_LENGTH_OVERFLOW - sourcefire (IP=200,US)
67.20.76.89	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malicious Email Activity
67.20.85.132	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
67.204.9.66	24	RR	None	2020-01-29 00:00:00	2020-06-23 00:00:00	None	Possible SQLi attempt - TT# 20C01552 (IP=66,US) | updated by KF Block expiration extended with reason HTTP: SQL Injection - Exploit - Web Attacks (IP=66,CA)
67.205.138.202	32	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=202,US)
67.205.145.198	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malware Activity
67.205.145.46	32	RR	None	2020-08-28 00:00:00	2020-11-26 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - 6hr Web Attacks (IP=46,US)
67.205.146.204	32	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=204,US)
67.205.149.117	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
67.205.151.119	32	Unauthorized	None	2019-10-07 00:00:00	2020-01-05 00:00:00	None	Access-Probe/TCP: SYN Port Scan - TT# 20C00212 (IP=119,US)
67.205.152.46	32	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Generic ArcSight scan attempt (IP=46,US)
67.205.184.80	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=80,US)
67.207.83.127	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=127,US)
67.207.91.182	32	GM	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	SERVER-WEBAPP Atvise denial of service attempt - Web Attacks (IP=182,US)
67.207.91.201	32	GM	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=201,US)
67.207.94.29	32	DT	None	2020-04-22 00:00:00	2020-05-22 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02552 (IP=29,US)
67.208.103.172	32	wmp	None	2020-03-13 00:00:00	2020-06-13 00:00:00	None	McAfee NSM Report IP Fragments Overlap Attack (IP=172,US) | unblocked: dockside connection for a dredge based out of NWP
67.209.191.132	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
67.21.115.77	24	RR	None	2019-02-14 00:00:00	2020-02-11 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (IP=77,BR) | updated by GM with reason ABC Generic ArcSight scan attempt (IP=196,US)
67.210.101.85	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
67.210.126.60	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
67.210.98.105	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
67.210.98.30	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
67.211.213.194	32	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=194,US)
67.211.95.150	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
67.212.166.170	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
67.212.182.180	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
67.212.65.43	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	CA TO-S-2020-0187 Malicious Web Application Activity
67.213.75.130	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed password_6 Hr Failed Logons (IP=130,CA)
67.214.183.219	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
67.215.12.210	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=210,CA)
67.215.228.74	32	BMP	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=74,US)
67.215.233.25	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=25,US)
67.215.233.6	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=6,US)
67.217.127.134	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malware Activity
67.218.96.150	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=150,US)
67.219.145.35	32	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=35,US)
67.219.150.82	32	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	Generic ArcSight scan attempt (IP=82,US)
67.219.197.14	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malicious Email Activity
67.219.246.112	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=112,US)
67.219.250.113	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=113,US)
67.22.108.47	32	wmp	None	2020-09-11 00:00:00	2020-12-10 00:00:00	None	HIVE Case #3840 COLS-NA-TIP-20-0287 (IP=47,CA)
67.220.187.210	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
67.222.108.13	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0363.01 Malicious Email Activity
67.222.110.133	32	dbc	None	2019-07-29 00:00:00	2020-12-02 00:00:00	None	US TO-S-2019-0852 Malware Activity | updated by wmp Block was inactive. Reactivated on 20200903 with reason HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=133,US)
67.222.130.108	32	wmp	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	HIVE Case #3555 COLS-NA-TIP-20-0254 (IP=108,US)
67.222.136.146	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=146,US)
67.222.152.235	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
67.222.36.204	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=204,US)
67.222.39.77	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
67.223.102.149	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	CA TO-S-2019-0734.01 Malicious Email Activity
67.225.147.209	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
67.225.158.54	32	RB	None	2020-08-22 00:00:00	2020-11-20 00:00:00	None	Hive Case # 3547 (IP=54,US)
67.225.161.150	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
67.225.166.241	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
67.225.171.70	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
67.225.176.147	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Email Activity
67.225.255.28	32	wmp	None	2020-08-26 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=28,US) | updated by wmp Block expiration extended with reason HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=28,US)
67.227.154.14	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malicious Email Activity
67.227.154.48	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
67.227.156.34	32	dbc	None	2019-07-23 00:00:00	2020-07-23 00:00:00	None	US TO-S-2019-0839 Malicious Email Activity
67.227.157.57	32	dbc	None	2019-03-28 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0551.02 Malicious Email Activity
67.227.187.78	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=78, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
67.227.188.220	32	wmp	None	2020-07-07 00:00:00	2020-09-15 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=220,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0750 Malicious Email Activity | unblock CTO 20-255 Hive Case 3896
67.227.188.74	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=74, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
67.227.206.106	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
67.227.213.137	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=137,US)
67.229.93.31	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=31,US)
67.229.98.154	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malicious Web Application Activity
67.23.226.158	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	IN TO-S-2019-0409 Malicious Email Activity
67.23.226.169	32	dbc	None	2019-07-05 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0800 Malicious Email Activity | updated by dbc with reason US TO-S-2019-0864 Malicious Email Activity
67.23.226.189	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
67.23.238.10	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malicious Email Activity
67.23.238.114	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
67.23.238.98	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
67.23.255.162	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=162,US)
67.230.183.193	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Failed password for invalid user - Failed Logon (IP=193,CA)
67.231.152.5	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3904 COLS-NA-TIP-20-0292 (IP=5,US)
67.231.154.164	32	wmp	None	2020-09-03 00:00:00	2020-12-03 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=164,US) | updated by wmp Block expiration extended with reason HIVE Case #3755 COLS-NA-TIP-20-0278 (IP=164,US)
67.231.253.141	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
67.242.34.164	32	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=164,US)
67.244.13.28	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malicious Email Activity
67.251.192.90	32	GM	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	Automated Block Calculations (IP=90,US) | unblocked: False Positive DrayTek and DD-WRT signature hits.
67.44.161.187	32	RB	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	HTTP: Adobe Acrobat JavaScript getIcon Method Buffer Overflow - TT# 20C02381 (IP=187,CN)
67.52.216.238	32	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=238,US)
67.55.118.179	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	IN TO-S-2019-0382 Malicious Email Activity
67.6.55.80	32	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=80,US) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
67.7.39.22	32	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=22,US)
67.78.255.106	32	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=106,US)
67.79.118.252	32	RB	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	Known Attack Tool User Agent V2 TT# 20C03638 (IP=252,US)
68.0.62.84	32	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=84,US)
68.142.51.165	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malware Activity
68.145.144.121	24	RR	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=121,CA)
68.145.57.104	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt_SourceFire (IP=4,CA)
68.148.176.91	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
68.148.177.33	32	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	Immediate Inbound Network Block - TT# 20C01570 (IP=33,CA)
68.148.188.123	32	GM	None	2020-02-27 00:00:00	2020-05-27 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - TT# 20C01846 (IP=123,US)
68.15.36.46	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2/BOT: Mirai Echobot Activity Detected - TT# 20C02407 (IP=46,US)
68.168.143.126	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malicious Web Application Activity
68.168.220.4	32	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - TT# 20C01500 (IP=4,US)
68.171.218.31	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=31,US)
68.183.107.9	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
68.183.110.46	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
68.183.112.210	32	RB	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution - TT# 20C03910 (IP=210,US)
68.183.118.18	32	RB	None	2019-02-13 00:00:00	2020-09-02 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (IP=18,US) | updated by dbc with reason US TO-S-2019-0952 Malware Activity
68.183.127.93	32	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=93,US)
68.183.154.156	32	dbc	None	2019-02-27 00:00:00	2020-02-27 00:00:00	None	US TO-S-2019-0444 Malicious Email Activity
68.183.157.244	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=244,US)
68.183.167.43	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=43,US)
68.183.179.222	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	SG TO-S-2020-0031 Malicious Email Activity
68.183.179.84	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=84,SG)
68.183.184.186	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=186,SG)
68.183.188.21	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	malware-callback -Hive Case #922 (IP=21,SG)
68.183.197.85	24	RR	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=85,CA)
68.183.199.207	32	DT	None	2020-09-16 00:00:00	2020-12-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=207,US)
68.183.203.101	24	CR	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=101,CA)
68.183.205.175	24	RR	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=175,CA)
68.183.209.149	24	CW	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt_SourceFire (IP=49,DE)
68.183.228.130	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
68.183.231.229	24	CW	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt_SourceFire (IP=29,SG)
68.183.236.66	24	RB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	Failed password_6 hr Failed Logons (IP=66,SG)
68.183.33.11	24	GM	None	2020-05-25 00:00:00	2020-08-25 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=11,GB)
68.183.34.236	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=236,GB)
68.183.35.240	32	RR	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C02138 (IP=240,US)
68.183.37.169	24	CR	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=169,GB)
68.183.54.160	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malicious Email Activity
68.183.82.222	32	DT	None	2020-06-08 00:00:00	2020-09-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire - (IP=222,US)
68.183.85.42	32	RB	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	Unauthorized Access-Probe - TT# 20C02833 (IP=42,US)
68.183.85.75	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=75,IN)
68.183.86.198	24	BMP	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt -SourceFire (IP=198,IN)
68.183.90.244	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	IN TO-S-2019-0546 Malicious Email Activity
68.183.91.128	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=128,IN)
68.183.91.25	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=25,IN)
68.184.156.189	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Web Attacks (IP=89,SA)
68.190.218.22	24	RR	None	None	2020-07-09 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - Web Attacks (IP=22,US)
68.191.241.9	32	GLM	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	ABC Generic ArcSight scan attempt (IP=9,US)
68.194.230.145	32	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=145,US)
68.2.223.197	32	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=197,US)
68.228.98.246	32	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=246,US)
68.233.238.184	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
68.233.241.66	32	dbc	None	2019-07-12 00:00:00	2020-10-17 00:00:00	None	US TO-S-2019-0816 Malicious Email Activity | updated by wmp Block was inactive. Reactivated on 20200717 with reason HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=66,US)
68.32.83.238	32	GM	None	2020-01-29 00:00:00	2020-05-02 00:00:00	None	Authentication Failed - Failed Logons (IP=238,US) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=238,US) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(
68.37.159.82	32	GM	None	2019-10-18 00:00:00	2020-01-18 00:00:00	None	Illegal user - Failed Logons (IP=82,US)
68.46.227.138	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=138,US)
68.46.232.179	32	BMP	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=179,US)
68.47.147.138	32	GM	None	2019-12-10 00:00:00	2020-03-10 00:00:00	None	APP-DETECT failed FTP login attempt - Sourcefire (IP=138,US)
68.47.224.14	32	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Invalid user - Failed Logons (IP=14,US)
68.48.240.245	32	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=245,US)
68.5.101.90	24	RR	None	2019-12-11 00:00:00	2020-03-10 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - Web Attacks (IP=90,US)
68.51.19.20	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=20,US)
68.59.92.206	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=206,US)
68.64.23.244	24	JKC	None	2020-03-16 00:00:00	2020-06-14 00:00:00	None	Malicious callout activity Hive Case 2109 (IP=244, JP)
68.64.26.254	32	JKC	None	2020-03-16 00:00:00	2020-06-14 00:00:00	None	Malicious callout activity Hive Case 2109 (IP=254, US)
68.65.121.151	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0781 Malicious Email Activity
68.65.123.87	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
68.66.193.104	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
68.66.197.110	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
68.66.200.198	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malware Activity
68.66.200.204	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malware Activity
68.66.200.206	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
68.66.205.251	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
68.66.209.89	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
68.66.216.13	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity
68.66.216.31	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
68.66.216.56	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
68.66.216.59	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
68.66.224.22	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=22,US)
68.66.224.35	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
68.66.248.22	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
68.70.164.24	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
68.74.124.41	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=41,US)
68.94.227.128	32	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (IP=128,US)
68.99.240.26	32	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=26,US)
69.10.61.250	32	RB	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	Known Attack Tool User Agent V2 / 20086 HTTP Muieblackcat Security Scanner - TT# 20C02465 (IP=250,US)
69.10.63.86	32	GL	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	HIVE Case #3466 CTO-20-211 JFHQ-DODIN (IP=86,US)
69.121.173.191	32	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Authentication Failed (IP= 191 , US )
69.13.176.70	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=70,US)
69.134.155.135	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
69.14.117.20	32	RR	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02136 (IP=20,US)
69.142.184.239	32	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Sourcefire (IP=239,US)
69.145.184.50	32	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=50,US)
69.147.88.0	24	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	BM TO-S-2019-0852 Malicious Email Activity
69.158.207.1	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=1,CA)
69.16.209.21	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	US TO-S-2019-0864 Malicious Email Activity
69.16.237.245	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=245,US)
69.16.238.141	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3430 COLS-NA-TIP-20-0237 (IP=141,US)
69.16.238.192	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
69.160.38.10	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malicious Email Activity
69.160.60.129	32	RW	None	2020-04-18 00:00:00	2020-05-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02534(IP=129,US)
69.162.106.10	32	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=10,US)
69.162.106.70	32	RW	None	2020-01-16 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=70,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=70,US)
69.162.110.226	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=226,US)
69.162.123.230	32	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SQL 1 = 1 - possible sql injection attempt- 6 hr Web Attacks (IP=230,US)
69.162.123.62	32	RWB	None	2020-01-16 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=62,US) | updated by KF with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=62,US)
69.162.123.62	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Sourcefire (IP=62,US)
69.162.126.62	32	RR	None	2020-01-17 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=62,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=62,US)
69.162.66.90	32	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=90,US)
69.162.68.54	32	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=54,US)
69.162.69.222	32	RR	None	2020-01-17 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=222,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=222,US) |
69.162.78.0	24	tjh	None	2015-05-04 05:00:00	2020-04-19 00:00:00	None	US TO-S-2015-0664 | updated by RR with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - SourceFire (IP=10,US) | updated by KF with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=10,US)
69.162.78.43	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
69.163.152.99	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=99,US)
69.163.172.156	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
69.163.226.1	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
69.163.226.106	32	dbc	None	2019-02-27 00:00:00	2020-02-27 00:00:00	None	US TO-S-2019-0444 Malicious Web Application Activity
69.163.227.164	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
69.163.229.130	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
69.163.33.82	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
69.164.211.247	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
69.164.221.98	32	CR	None	2020-05-25 00:00:00	2020-09-23 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C02905 (IP=98,US) | updated by RR Block was inactive. Reactivated on 20200625 with reason INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over
69.167.154.177	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
69.167.184.158	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	US TO-S-2019-0769 Malicious Email Activity
69.167.31.66	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
69.168.97.48	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malware Activity
69.171.192.58	32	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=58,US)
69.171.73.9	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Illegal user_Failed Logon (IP=9,CA)
69.172.210.110	24	JC	None	2014-10-06 05:00:00	2020-05-01 00:00:00	None	ET SCAN Potential SSH Scan | updated by dbc with reason US TO-S-2019-0431 Malicious Web Application Activity | updated by dbc with reason US TO-S-2019-0634 Malicious Web Application Activity
69.172.87.212	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password - Failed Logons (IP=212,HK)
69.174.115.23	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=23,US)
69.175.101.218	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0363.01 Malicious Email Activity
69.175.12.116	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	EG TO-S-2019-0409 Malware Activity
69.176.89.37	24	GM	None	2019-10-17 00:00:00	2020-03-29 00:00:00	None	ABC Command Injection Attempt (IP=37,HK) | updated by GM with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=37,US) | updated by KF with reason Immediate Inbound Network Block - TT# 20C01284 (IP=53,US)
69.176.95.4	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=4,US)
69.176.95.77	32	ABC	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	Generic ArcSight scan attempt (IP=77,US)
69.192.65.221	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	NL TO-S-2019-0777 Malicious Email Activity
69.193.218.146	32	RW	None	2020-04-06 00:00:00	2020-05-06 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Mirai Echobot Activity Detected - TT# 20C02435 (IP=146,US)
69.194.8.237	32	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password - 6hr Logon (IP=237,US)
69.195.124.121	32	KF	None	2019-12-02 00:00:00	2020-03-01 00:00:00	None	SQL HTTP URI blind injection attempt (IP=121,US)
69.195.124.138	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=138,US)
69.195.124.140	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
69.195.124.142	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	US TO-S-2020-0190 Malware Activity
69.195.124.146	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
69.195.124.203	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
69.195.124.222	32	RB	None	2018-07-15 05:00:00	2020-03-02 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=222,US) | updated by KF Block was inactive. Reactivated on 20191203 with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=222,US)
69.195.124.227	32	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=227,US)
69.195.124.50	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	US TO-S-2019-0532 Malicious Email Activity
69.195.124.51	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=51,US)
69.195.124.57	32	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	US TO-S-2019-0985 Application Vulnerability Exploit
69.195.124.71	32	RW	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=71,US)
69.195.124.78	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malicious Email Activity
69.195.124.92	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
69.195.155.100	32	RB	None	2020-03-28 00:00:00	2020-06-26 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=100,US)
69.197.166.66	32	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Unauthorized Access-Probe - TT# 20C01722 (IP=66,US)
69.197.184.214	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=214,US)
69.198.141.210	32	BMP	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=210,US)
69.229.7.137	32	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=137,US)
69.24.197.75	24	RW	None	2020-07-19 00:00:00	2020-10-19 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Sourcefire (IP=75,PR)
69.245.220.97	32	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=97,US)
69.25.136.130	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
69.250.156.161	32	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=161,US)
69.251.82.109	32	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=109,US)
69.252.207.43	32	wmp	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	HIVE Case #3484 COLS-NA-TIP-20-0249
69.254.107.46	32	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=46,US)
69.30.232.138	32	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=138,US)
69.30.233.50	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malicious Email Activity
69.30.246.202	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0363.01 Malicious Email Activity
69.36.170.42	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
69.41.190.114	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
69.44.202.220	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=220,MP)
69.46.27.130	32	KF	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02015 (IP=130,US)
69.49.201.170	32	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=170,US)
69.5.90.90	32	wmp	None	2020-07-17 00:00:00	2020-10-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=90,US)
69.50.139.168	32	RWB	None	2019-12-22 00:00:00	2020-01-21 00:00:00	None	Signature: HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01202 (IP=168,US)
69.55.49.194	32	RB	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Failed password_6 hr Failed Logons (IP=194,US)
69.63.172.104	32	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Timeout before authentication for - Failed Logons (IP=104,US)
69.64.155.14	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
69.64.85.167	32	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	US TO-S-2019-0515 Malicious Web Application Activity
69.65.33.18	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
69.65.79.99	32	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=99,US)
69.7.161.157	32	BMP	None	2020-02-25 00:00:00	2020-05-25 00:00:00	None	Illegal user - 6hr Logons (IP=157,US)
69.70.13.74	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02414 (IP=74,CA)
69.70.76.74	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=74,CA)
69.72.148.71	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0747 Malicious Email Activity
69.73.180.180	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=180,US)
69.85.70.44	32	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Invalid user - Failed Logons (IP=44,US)
69.89.18.3	32	wmp	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HIVE Case #3479 COLS-NA-TIP-20-0246 (IP=3,US)
69.89.20.226	32	RR	None	2016-11-21 06:00:00	2020-11-15 00:00:00	None	BROWSER-IE Microsoft Internet Explorer CSS memory corruption attempt (IP=226,US) | updated by wmp Block was inactive. Reactivated on 20200817 with reason HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=226,US)
69.89.31.103	32	BMP	None	2020-01-31 00:00:00	2020-05-02 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=103,US) | updated by KF Block expiration extended with reason HTTP: SQL Injection - Exploit II (IP=103,US)
69.89.31.127	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=127,US)
69.89.31.145	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=145,US)
69.89.31.155	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0781 Malicious Email Activity
69.89.31.208	32	KF	None	2019-12-02 00:00:00	2020-03-02 00:00:00	None	SQL HTTP URI blind injection attempt (IP=208,US) | updated by KF Block expiration extended with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=208,US)
69.89.31.237	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=237,US)
69.89.31.76	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity
69.89.31.87	32	GLM	None	2018-07-19 05:00:00	2020-03-02 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=87,US) | updated by KF Block was inactive. Reactivated on 20191203 with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=87,US)
69.89.31.97	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
69.90.104.70	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	CA TO-S-2019-0532 Malicious Email Activity
69.90.66.80	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	CA TO-S-2019-0631 Malicious Email Activity
69.94.68.200	32	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	CZ TO-S-2020-0077 Malicious Email Activity
70.106.217.87	32	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=87,US)
70.117.245.110	32	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=110,US)
70.118.38.142	32	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=178,US)
70.125.44.63	32	RW	None	2020-02-05 00:00:00	2020-03-05 00:00:00	None	IP block request - TT# 20C01614(IP=63,US)
70.127.20.156	32	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	US TO-S-2019-0593 Malware Activity
70.161.93.28	32	RW	None	2020-01-18 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=28,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=28,US)
70.168.123.114	32	RW	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6 hr web attacks (IP=114,US)
70.184.31.2	32	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Possible SQLi attempt/HTTP: Blind SQL Injection - Timing - TT# 20C00796 (IP=2,US)
70.27.174.205	32	RR	None	2020-09-02 00:00:00	2020-12-01 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and CVE-2017-12617) - TT# 20C03809 (IP=205,CA)
70.31.206.66	24	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP Cisco ASA directory traversal attempt - Sourcefire (IP=66,CA)
70.32.0.105	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=105,US)
70.32.0.121	32	RR	None	2019-09-14 00:00:00	2020-09-19 00:00:00	None	Known Attack Tool User Agent - TT# 19C03237 (IP=121,US) | updated by dbc with reason US TO-S-2019-1002 Malicious Reconnaissance Activity
70.32.0.124	32	DT	None	2020-08-16 00:00:00	2020-11-14 00:00:00	None	Possible SQLi attempt - TT# 20C03720 (IP=124,US)
70.32.0.143	32	RR	None	2019-12-06 00:00:00	2020-01-05 00:00:00	None	Possible SQLi attempt / HTTP: Blind SQL Injection - Timing - TT# 20C01111 (IP=143,US)
70.32.0.55	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=55,US)
70.32.0.66	32	KF	None	2019-09-04 00:00:00	2020-09-10 00:00:00	None	Immediate Inbound Network Block - TT# 19C03126 (IP=66,US) | updated by dbc with reason US TO-S-2019-0972 Malicious Reconnaissance Activity
70.32.0.97	32	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=97,US)
70.32.23.10	32	dbc	None	2019-04-08 00:00:00	2020-11-18 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity | updated by wmp Block was inactive. Reactivated on 20200820 with reason HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=10,US)
70.32.23.11	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
70.32.23.13	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
70.32.23.41	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=41,US)
70.32.23.50	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=50,US)
70.32.23.53	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=53,US)
70.32.28.66	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
70.35.192.53	32	BMP	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - SourceFire (IP=53,US)
70.35.197.239	32	CR	None	2019-01-10 06:00:00	2020-08-27 00:00:00	None	Illegal user (IP=239,US) | updated by DT Block was inactive. Reactivated on 20200527 with reason SERVER-WEBAPP RevSlider information disclosure attempt - Web Attacks (IP=239,US)
70.36.107.34	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malware Activity
70.36.99.138	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
70.36.99.139	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
70.36.99.140	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Email Activity
70.38.17.192	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	CA TO-S-2020-0056 Malicious Email Activity
70.38.38.57	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=57,CA)
70.40.214.164	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
70.40.217.118	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=118, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
70.40.220.109	32	KF	None	2019-12-02 00:00:00	2020-03-02 00:00:00	None	SQL HTTP URI blind injection attempt (IP=109,US) | updated by BP Block expiration extended with reason SQL HTTP URI blind injection attempt - SourceFire (IP=109,US)
70.42.131.189	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Web Application Activity
70.42.23.244	32	wmp	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=244,US)
70.42.242.100	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Web Application Activity
70.45.133.188	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=188,PR)
70.60.108.245	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=245,US)
70.60.171.10	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=10,US)
70.65.174.69	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Invalid user - Failed Logon (IP=69,CA)
70.71.148.228	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=228,CA)
70.81.4.114	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=114,CA)
71.1.214.2	32	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=2,US)
71.105.113.251	32	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Invalid user - Failed Logons (IP=251,US)
71.105.130.142	32	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=142,US)
71.105.48.58	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=58,US)
71.120.223.96	32	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=96,US)
71.161.75.39	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
71.161.80.83	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malware Activity
71.167.119.2	32	RW	None	2020-04-03 00:00:00	2020-05-03 00:00:00	None	Known Attack Tool User Agent - TT# 20C02341 (IP=2,US)
71.177.42.130	32	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (1:52277:1) (IP=130,US)
71.183.124.68	32	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	Known Attack Tool User Agent - TT# 20C02351 (IP=68,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=68,US)
71.183.227.6	32	KF	None	2020-06-04 00:00:00	2020-09-02 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=6,US)
71.183.231.64	32	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=64,US)
71.19.248.95	32	GM	None	2019-11-19 00:00:00	2020-01-04 00:00:00	None	HTTP: OpenVAS Vulnerability Scanner - 20C01007 (IP=95,US) | updated by CR Block expiration extended with reason Self Report / HTTP Request Attack - TT# 20C01082 (IP=95,US)
71.198.50.141	32	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=141,US)
71.203.151.180	32	RR	None	2020-08-03 00:00:00	2020-11-01 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03616 (IP=180,US)
71.221.32.243	32	BMP	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=243,US)
71.234.174.96	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malware Activity
71.244.154.129	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malware Activity
71.40.108.99	32	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	US TO-S-2019-0593 Malicious Email Activity
71.40.145.134	32	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=134,US)
71.42.32.187	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02403 (IP=187,US)
71.54.163.11	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=11,US)
71.6.132.198	32	RW	None	2020-04-29 00:00:00	2020-07-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=198,US)
71.6.134.123	32	DT	None	2020-05-06 00:00:00	2020-08-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=123,US)
71.6.186.29	32	RW	None	2019-10-28 00:00:00	2020-01-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=29,US)
71.6.202.253	32	RB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	HTTP: Citrix Application Delivery Controller (ADC) - TT# 20C01503 (IP=253,US)
71.6.220.119	32	RR	None	2020-05-02 00:00:00	2020-07-31 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=119,US)
71.6.233.10	24	GLM	None	2019-01-07 06:00:00	2020-02-15 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=10,US) | updated by dbc with reason US TO-S-2019-04
71.6.233.182	32	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=182,US)
71.72.12.0	32	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=0,US)
71.78.133.84	32	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	UDP: Host Sweep (IP=84,US)
71.81.183.114	32	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - WebAttacks (IP=114,US)
71.91.6.14	32	RW	None	2020-04-24 00:00:00	2020-05-24 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02557 (IP=14,US)
71.91.60.6	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malware Activity
72.0.225.155	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
72.14.184.74	32	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=74,US)
72.167.131.39	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=39,US)
72.167.190.178	32	KF	None	2020-06-11 00:00:00	2020-09-09 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=178,US)
72.167.190.197	32	RWB	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Web Application Attack - SQL HTTP URI blind injection attempt - SourceFire (IP=197,US)
72.167.190.50	32	RB	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03223 (IP=50,US)
72.167.190.84	32	RW	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=84,US)
72.167.227.36	32	BMP	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	SQL generic convert injection attempt - GET parameter - SourceFire (IP=36,US)
72.167.9.245	32	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=245,US)
72.174.42.154	32	RB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	9220: PHP: Malicious Obfuscated PHP Program Access - TT# 20C01189 (IP=154,US)
72.18.128.171	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malware Activity
72.184.255.93	32	GM	None	2019-12-11 00:00:00	2020-03-11 00:00:00	None	APP-DETECT failed FTP login attempt - Sourcefire (IP=93,US)
72.192.75.129	32	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=129,US)
72.2.249.173	32	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=173,US)
72.2.249.219	32	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=219,US)
72.2.251.69	32	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=69,US)
72.21.91.23	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
72.217.212.132	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
72.217.22.129	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
72.224.252.150	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2/BOT: Mirai Echobot Activity Detected - TT# 20C02409 (IP=150,US)
72.227.176.137	32	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=137,US)
72.249.30.68	24	djs	None	2014-08-05 05:00:00	2020-04-26 00:00:00	None	c2 Callout maid 2250 (ip=68,MX) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
72.249.37.49	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	US TO-S-2020-0012 Malicious Email Activity
72.249.60.198	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
72.252.118.213	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=213,JM)
72.255.111.152	32	RW	None	2020-04-03 00:00:00	2020-06-03 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02329 (IP=152,US)
72.26.218.74	24	klb	None	2015-01-23 06:00:00	2020-09-02 00:00:00	None	TCP Host Sweeps (IP=74 NL) | updated by dbc with reason NL TO-S-2019-0952 Malicious Web Application Activity
72.26.218.81	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	NL TO-S-2020-0088 Malicious Email Activity
72.27.151.187	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=187,JM)
72.27.161.181	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=181,JA)
72.27.183.10	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=10,JM)
72.27.91.59	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=59,JM)
72.29.74.183	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	US TO-S-2020-0065 Malicious Email Activity
72.29.79.3	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	US TO-S-2019-0608 Malicious Email Activity
72.34.42.196	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=196,US)
72.34.46.198	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
72.4.144.119	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malware Activity
72.41.84.2	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Command and Control Exploit
72.47.228.74	32	wmp	None	2020-07-29 00:00:00	2020-10-29 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=74,US)
72.47.237.205	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
72.47.248.48	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
72.48.42.60	32	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - 6hr web attacks (IP=60,US)
72.52.128.102	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
72.52.133.189	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Email Activity
72.52.180.8	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malicious Email Activity
72.52.202.47	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	US TO-S-2019-0551.02 Malicious Email Activity
72.52.202.58	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
72.52.229.105	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	US TO-S-2019-0626.01 Malicious Email Activity
72.52.229.133	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	US TO-S-2019-0431 Malicious Email Activity
72.52.243.16	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
72.52.252.218	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	US TO-S-2019-0926 Malicious Email Activity
72.55.136.201	32	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	Immediate Network Block TT# 20C01526 (IP=1,CA)
72.55.165.75	24	dbc	None	2014-11-03 06:00:00	2020-06-07 00:00:00	None	Shellshock Activity (IP=75, CA) | updated by dbc with reason CA TO-S-2019-0723 Malicious Email Activity
72.74.179.84	32	RB	None	2020-09-21 00:00:00	2020-12-20 00:00:00	None	HTTP: Adobe Acrobat JavaScript getIcon Method Buffer Overflow - TT# 20C03958 (IP=84,US)
72.79.210.4	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
72.8.157.21	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=21, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
72.83.40.81	32	BP	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Invalid user - 6hr Logons (IP=81,US)
72.9.109.66	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=66,US)
72.95.50.172	32	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=172,US)
73.1.28.27	32	FT	None	2020-09-28 00:00:00	2020-12-28 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03999(IP=27,US)
73.113.191.78	32	GM	None	2020-03-22 00:00:00	2020-06-22 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 20C02195 (IP=78,US)
73.114.22.236	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
73.126.103.216	32	RR	None	2020-04-20 00:00:00	2020-07-19 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=216,US)
73.136.48.66	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=66,US)
73.15.1.56	32	RR	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=56,US)
73.153.76.169	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C00101 (IP=169,US)
73.155.127.104	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=104,US)
73.162.222.176	32	RW	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6hr Web Attack (IP=176,US)
73.164.118.33	32	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=33,US)
73.177.101.8	32	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=8,US)
73.18.136.31	32	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=31,US)
73.180.153.177	32	DT	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	SQL injection - Web Attacks (IP=177,US)
73.186.173.195	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
73.201.38.227	32	RR	None	2019-12-20 00:00:00	2020-01-19 00:00:00	None	Possible SQLi attempt/HTTP: Blind SQL Injection - TT# 20C01191 (IP=227,US)
73.202.228.48	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C00115 (IP=48,US)
73.206.208.189	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=189,US)
73.206.43.165	32	ABC	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	Command Injection- ARCSight Sauron (IP=165,US)
73.207.212.65	32	RW	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=65,US)
73.219.252.120	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
73.239.220.42	32	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Illegal user - Failed Logons (IP=42,US)
73.242.200.160	32	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=160,US)
73.246.30.134	32	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=134,US)
73.254.61.25	24	RW	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Sourcefire (IP=146,IN)
73.57.139.54	32	BMP	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=54,US)
73.57.141.179	32	GM	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	Automated Block Calculations (IP=179,US) | unblocked: False Positive DrayTek and DD-WRT signature hits.
73.58.172.62	32	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=62,US)
73.6.76.76	32	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - 6hr Web Attacks (IP=76,US)
73.85.251.188	32	RW	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt - Sourcefire (IP=188,US) | unblocked: DMVPN spokes
73.90.129.233	32	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=233,US)
73.93.102.54	32	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=54,US)
74.105.122.60	32	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed - 6hr Logon (IP=60,US)
74.105.241.2	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02387 (IP=2,US)
74.114.154.17	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=17,CA)
74.114.154.18	24	GM	None	2020-09-17 00:00:00	2020-12-17 00:00:00	None	FIREEYE Web: Riskware - Hive Case # 3593 (IP=18,CA)
74.114.72.98	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2/BOT: Mirai Echobot Activity Detected - TT# 20C02397 (IP=98,CA)
74.116.59.147	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	JM TO-S-2019-0409 Malicious Email Activity
74.117.219.199	32	wmp	None	2020-09-24 00:00:00	2020-12-23 00:00:00	None	HIVE Case #3974 COLS-NA-TIP-20-0301 (IP=199,KY)
74.117.221.144	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	KY TO-S-2019-0723 Malicious Email Activity
74.119.219.82	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	US TO-S-2019-0400 Malware Activity
74.120.156.10	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=10,US)
74.120.157.10	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=10,US)
74.120.200.170	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=170,US)
74.120.9.89	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malicious Web Application Activity
74.121.151.158	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	CA TO-S-2019-0734.01 Malicious Email Activity
74.121.52.106	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=106,US)
74.124.211.156	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=156,US)
74.124.211.90	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
74.124.212.229	32	RR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=229,US)
74.125.201.139	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3269 COLS-NA-TIP-20-0206 (IP=139,US)
74.125.201.153	32	wmp	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3506 COLS-NA-TIP-20-0252 (IP=153,US)
74.125.21.132	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	NL TO-S-2019-0781 Malicious Email Activity
74.202.142.113	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
74.203.180.228	32	GM	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	ABC Generic ArcSight scan attempt (IP=228,US)
74.207.230.64	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	US TO-S-2020-0088 Malicious Email Activity
74.207.241.149	32	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=149,US)
74.208.120.90	32	BMP	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - SourceFire (IP=90,US)
74.208.120.94	32	BMP	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - SourceFire (IP=94,US)
74.208.128.173	32	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=173,US)
74.208.128.46	32	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=46,US)
74.208.135.205	32	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=205,US)
74.208.135.220	32	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=220,US)
74.208.135.72	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=72,US)
74.208.177.18	32	wmp	None	2020-08-26 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=18,US) | updated by wmp Block expiration extended with reason HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=18,US)
74.208.186.121	32	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=121,US)
74.208.186.74	32	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=74,US)
74.208.189.13	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
74.208.204.25	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malware Activity
74.208.225.37	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
74.208.235.181	32	BMP	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - SourceFire (IP=181,US)
74.208.235.239	32	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=239,US)
74.208.235.70	32	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=70,US)
74.208.235.85	32	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=85,US)
74.208.236.130	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
74.208.236.169	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
74.208.236.249	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	US TO-S-2019-0546 Malicious Web Application Activity
74.208.236.41	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
74.208.239.206	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=206,US)
74.208.247.127	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	US TO-S-2019-0631 Malware Activity
74.208.4.194	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=194,US)
74.208.56.63	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malware Activity
74.208.65.52	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	UDP: Host Sweep (IP=52,DE)
74.218.85.187	32	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=187,US)
74.219.6.92	32	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=92,US)
74.220.207.111	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
74.220.207.118	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
74.220.207.147	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
74.220.207.148	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malware Activity
74.220.207.72	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
74.220.215.101	24	RR	None	2019-01-28 00:00:00	2020-04-08 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (IP=101,US) | updated by dbc with reason US TO-S-2019-0431 M
74.220.219.104	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity
74.220.219.123	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	US TO-S-2019-0382 Malicious Email Activity
74.220.219.145	32	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=145,US)
74.220.219.56	32	GLM	None	2018-07-20 05:00:00	2020-04-22 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=56,US) | updated by dbc with reason US TO-S-2019-0613 Malicious Email Activit
74.222.1.0	24	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	RU TO-S-2020-0077 Malicious Web Application
74.222.2.141	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
74.222.24.25	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	US TO-S-2019-0604 Malicious Email Activity
74.50.21.18	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
74.50.26.50	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
74.53.32.50	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
74.58.22.68	24	CW	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	SQL generic sql exec injection attempt - GET parameter_web attacks (IP=68,CA)
74.6.128.59	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=59,US)
74.6.128.83	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=83,US)
74.6.129.109	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=109,US)
74.6.130.100	32	wmp	None	2020-07-08 00:00:00	2020-10-08 00:00:00	None	HIVE Case #3253 COLS-NA-TIP-20-0203 (IP=100,US)
74.6.135.233	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=233,US)
74.63.195.166	32	RR	None	2019-01-17 00:00:00	2020-04-19 00:00:00	None	APP-DETECT failed FTP login attempt (IP=166,US) | updated by RW Block was inactive. Reactivated on 20200119 with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Sourcefire (IP=166,US)
74.63.216.227	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	US TO-S-2019-0430 Malicious Email Activity
74.63.217.234	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=234,US)
74.63.228.198	32	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	UDP: Host Sweep (IP=198,US)
74.63.237.154	32	GLM	None	2016-12-20 06:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP Mambo upload.php access (IP=154,US) | updated by KF with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=154,US)
74.63.237.154	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=154,US)
74.63.246.42	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Sourcefire (IP=42,US)
74.63.250.6	32	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=6,US)
74.63.253.190	32	RW	None	2020-01-16 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=190,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=190,US)
74.64.106.104	32	RW	None	2019-10-30 00:00:00	2020-11-05 00:00:00	None	TO-S-2020-80/Pulse 205700-19 (DoD IP used as Proxy) - TT# 20C00742 (IP=104,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0088 Malicious Web Application Activity
74.70.223.71	32	wmp	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	McAfee NSM Suspicious Scanning Activity (IP=71,US)
74.71.194.180	32	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Generic ArcSight scan attempt (IP=180,US)
74.79.131.125	32	KF	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	Known Attack Tool User Agent V2 / UDS-Paros_RC8766 - TT# 20C02562 (IP=125,US)
74.82.204.62	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	CA TO-S-2019-0734.01 Malicious Email Activity
74.85.244.120	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malicious Email Activity
74.85.245.121	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
74.89.164.214	32	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=214,US)
74.91.22.250	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=250,US)
74.91.90.81	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3289 COLS-NA-TIP-20-0211 (IP=81,CN)
74.96.142.68	32	GM	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	SQL injection - Web Attacks (IP=68,US)
75.101.206.142	32	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=142,US)
75.101.219.186	32	FT	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt attempt - SourceFire (IP=186,US) 106.45.1.164/24
75.103.67.222	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	US TO-S-2019-0571 Malicious Email Activity
75.107.10.33	32	nab	None	2020-08-21 00:00:00	2020-11-21 00:00:00	None	HIVE Case #3568 CTR-20-1055 Network scanning (IP=33,US)
75.109.52.208	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=208,US) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=208,US)
75.119.200.195	32	wmp	None	2020-08-03 00:00:00	2020-11-03 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=195,US)
75.119.201.207	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	US TO-S-2019-1036 Malicious Email Activity
75.119.209.236	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
75.126.100.13	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=13,US)
75.126.11.105	32	BMP	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt - SourceFire (IP=105,US)
75.127.14.170	32	djs	None	2014-10-08 05:00:00	2020-09-30 00:00:00	None	UPnP device scans (ip=170,US) | updated by dbc Block was inactive. Reactivated on 20190930 with reason US TO-S-2019-1036 Malicious Email Activity
75.127.6.10	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=10,US)
75.138.74.226	32	RB	None	2020-02-12 00:00:00	2020-03-12 00:00:00	None	Generic Scanning - TT# 20C01716 (IP=226,US)
75.145.126.193	32	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=193,US)
75.145.58.53	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=53,US) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=53,US)
75.147.11.33	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	US TO-S-2019-0952 Malware Activity
75.147.20.116	32	KF	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=116,US)
75.148.156.244	32	KF	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=244,US)
75.15.243.201	32	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=201,US)
75.150.82.121	32	DT	None	2020-08-15 00:00:00	2020-11-13 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03719 (IP=121,US)
75.158.43.91	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=91,CA) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=91,CA)
75.190.1.186	32	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=186,US)
75.26.105.44	32	RR	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03479 (IP=44,US)
75.67.224.173	32	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=173,US)
75.69.35.123	32	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed - 6hr Logon (IP=123,US)
75.75.128.38	32	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=38,US)
75.75.140.113	32	GM	None	2020-06-25 00:00:00	2020-08-25 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - Sourcefire (IP=113,US)
75.98.144.15	32	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password - 6hr Logon (IP=15,US)
75.98.175.112	32	KF	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=112,US)
75.98.175.73	32	DT	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire - (IP=73,US)
75.98.175.79	24	SYM	None	2014-10-31 05:00:00	2020-04-17 00:00:00	None	Potential SSH Scan (ip=79,US) | updated by dlb with reason SERVER-WEBAPP RevSlider information disclosure attempt (IP=112, US)
75.98.233.2	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=2,US)
76.10.144.74	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	CA TO-S-2019-0577 Malicious Email Activity
76.111.220.138	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=138,US) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=138,US)
76.118.0.94	32	RB	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	HTTP: Adobe Acrobat JavaScript getIcon Method Buffer Overflow - TT# 20C03109 (IP=94,US)
76.123.176.110	32	RW	None	2020-04-03 00:00:00	2020-05-03 00:00:00	None	FTKNOX_HRC_IPS Signature: Known Attack Tool User Agent - TT# 20C02339 (IP=110,US)
76.123.178.98	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=98,US)
76.127.17.138	32	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=138,US)
76.167.209.190	32	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=190,US)
76.170.1.119	32	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Illegal user - Failed Logons (IP=119,US)
76.174.49.213	32	DT	None	2020-04-23 00:00:00	2020-07-22 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=213,US)
76.176.75.215	32	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=215,US)
76.183.198.17	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C00115 (IP=17,US)
76.218.231.32	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	US TO-S-2020-0031 Malicious Email Activity
76.243.179.77	32	GM	None	2020-07-11 00:00:00	2020-10-11 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - Web Attacks (IP=77,US)
76.27.163.60	32	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - Failed Logons (IP=60,US)
76.30.200.225	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=225,US)
76.64.254.38	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=38,CA)
76.67.120.251	32	BMP	None	2020-04-03 00:00:00	2020-06-03 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 020420-00077 (IP=251,CA)
76.69.38.83	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=83,CA)
76.72.33.62	32	RW	None	2020-08-01 00:00:00	2020-11-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=62,US)
76.74.148.29	32	RW	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=29,US)
76.74.177.199	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
76.79.114.181	32	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt - SourceFire (IP=181,US) | unblocked: DMVPN spokes
76.79.206.58	32	GM	None	2020-03-11 00:00:00	2020-06-11 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=58,US)
76.97.201.147	32	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=147,US)
77.10.216.19	24	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	Authentication Failed - Failed Logons (IP=19,DE)
77.103.24.117	24	RR	None	2018-06-06 05:00:00	2020-01-29 00:00:00	None	Authentication Failed (IP=117,GB) | updated by GM with reason Authentication Failed - Failed Logons (IP=117,GB)
77.104.154.211	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	BG TO-S-2019-0431 Malicious Email Activity
77.104.158.0	24	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	RO TO-S-2019-0382 Malicious Email Activity
77.104.162.251	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	US TO-S-2020-0187 Malicious Email Activity
77.104.80.41	24	RR	None	2019-02-10 00:00:00	2020-02-08 00:00:00	None	Failed password for invalid user (IP=41,IR) | updated by RB with reason INDICATOR-SCAN SSH brute force login attempt (IP=41,IR) | 2020-02-08 | 2019-05-11
77.106.0.0	18	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	RU TO-S-2020-0006 Malicious Email Activity
77.108.19.77	24	GM	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	ABC Generic ArcSight scan attempt (IP=77,IT)
77.109.0.0	18	dbc	None	2019-01-30 00:00:00	2020-01-30 00:00:00	None	UA TO-S-2019-0370 Correction to TO-S-2015-0875 Malicious Activity
77.11.39.172	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Authentication Failed - 6hr Logon (IP=172,DE)
77.110.148.13	24	RR	None	2020-09-12 00:00:00	2020-12-11 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=13,HU)
77.111.107.114	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed Password - 6 Hr Failed Logons (IP=114,HU)
77.111.240.59	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	DK TO-S-2019-0631 Malicious Email Activity
77.116.0.0	14	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	AT TO-S-2019-0816 Malicious Email Activity
77.120.145.83	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=83,UA)
77.121.164.8	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Illegal user - Failed Logons (IP=8,UA)
77.122.0.0	16	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	UA TO-S-2019-1036 Malicious Email Activity
77.123.34.54	24	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=54,UK)
77.125.0.0	20	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
77.133.126.3	24	RW	None	2020-01-18 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=3,FR) | updated by GM Block expiration extended with reason Authentication Failed - Failed Logons (IP=3,FR)
77.138.104.0	21	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
77.138.251.193	24	RB	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt_6 hr web attacks (IP=193,IL)
77.146.169.58	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=58,FR)
77.147.91.221	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=221,FR)
77.157.9.101	24	KF	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02014 (IP=101,FR)
77.161.231.45	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	Authentication Failed_Failed Logon
77.185.12.218	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=218,DE)
77.191.218.199	24	GM	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	Illegal user - Failed Logons (IP=199,DE)
77.195.112.140	24	FT	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	SMBv1 opord 2016-191F9 sid:1000011 - Sourcefire (IP=140,FR)
77.198.213.196	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user - Failed Logon (IP=196,FR)
77.20.107.79	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password - Failed Logon (IP=79,DE)
77.218.61.232	32	RB	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02382 (IP=232,SE)
77.221.130.147	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=147,RU)
77.221.130.147	24	RR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=147,RU)
77.221.2.51	24	RW	None	2020-05-12 00:00:00	2020-08-12 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=51,BA)
77.223.131.20	24	klb	None	2015-01-23 06:00:00	2020-07-29 00:00:00	None	ET SCAN Potential VNC Scan 5900-5920 (IP=20 TR) | updated by dbc with reason TR TO-S-2019-0852 Malware Activity
77.224.10.26	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=26,ES)
77.228.153.19	24	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=19,ES)
77.228.62.60	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Authentication Failed - Failed Logons (IP=60,ES)
77.231.220.190	32	RB	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=190,ES)
77.232.107.152	24	RW	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Generic ArcSight scan attempt (IP=152,SA)
77.232.109.211	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=211,SA)
77.232.128.87	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=87,RU)
77.233.4.133	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=133,RU)
77.234.41.252	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Web Application Activity
77.234.44.64	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	US TO-S-2019-0972 Malicious Web Application Activity
77.234.45.231	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malware Activity
77.235.58.236	24	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=236, NL) | updated by dbc with reason NL TO-S-2019-0626.01 Malicious Email Activity
77.236.233.138	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=138,RU)
77.237.77.207	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=207,IR)
77.240.170.172	32	RW	None	2020-04-03 00:00:00	2020-06-03 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02331 (IP=172,RU)
77.240.170.172	24	RWB	None	2020-01-16 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=172,RU) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=172,RU)
77.240.19.28	32	wmp	None	2020-08-03 00:00:00	2020-11-03 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=28,FI)
77.243.119.197	24	RB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Malicious IP - Hive Case 1660 (IP=197,RU)
77.243.181.196	24	CW	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	Illegal user_Failed Logon (IP=96,DE)
77.243.189.248	24	djs	None	2016-04-04 05:00:00	2020-04-16 00:00:00	None	China Chopper PHP/Backdoor Detected (ip=248,EU) | updated by dbc with reason NL TO-S-2019-0593 Malware Activity
77.243.23.229	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=229,RS)
77.243.38.78	32	RW	None	2020-03-16 00:00:00	2020-11-14 00:00:00	None	3959 HTTP Cross-Site Scripting (Cookie Manipulation) - TT# 20C02157(IP=78,US) | updated by GM Block was inactive. Reactivated on 20200814 with reason HTTP: MS Outlook Web Access Login Form Remote URI Redirection Vulnerability - TT # 20C03704 (IP=78,DK)
77.244.145.228	24	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=228,TJ)
77.244.208.0	20	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	RU TO-S-2020-0031 Malicious Email Activity
77.244.243.53	32	dbc	None	2019-02-22 00:00:00	2020-02-22 00:00:00	None	AT TO-S-2019-0431 Malicious Email Activity
77.245.149.38	24	BMP	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=38,TR)
77.245.96.0	20	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	KZ TO-S-2019-1036 Malicious Email Activity
77.246.188.74	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	ES TO-S-2019-0420 Malicious Email Activity
77.246.191.233	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	ES TO-S-2019-0613 Malicious Email Activity
77.246.248.0	22	jky	None	2017-07-03 05:00:00	2020-04-17 00:00:00	None	UA TO-S-2017-1236 Phishing activity | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=171,UK)
77.247.109.29	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=29,XX)
77.247.109.31	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=31,XX)
77.247.110.126	24	CR	None	2019-06-10 00:00:00	2020-01-17 00:00:00	None	PROTOCOL-VOIP SIP REGISTER flood attempt - SourceFire (IP=126,IN) | updated by RR with reason Generic ArcSight scan attempt (IP=173,NL)
77.247.111.6	24	KF	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	Immediate Inbound Network Block - TT# 20C01261 (IP=6,EE)
77.247.127.195	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=195,GB)
77.247.16.179	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=179,UK)
77.27.176.2	24	RR	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - Failed Logons (IP=2,ES)
77.30.213.125	24	RR	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=125,SA)
77.30.214.236	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=236,SA)
77.30.228.86	24	RB	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=86,SA)
77.30.237.192	24	CR	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt_Sourcefire (IP=192,SA)
77.31.224.211	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_SourceFire (IP=11,SA)
77.31.248.95	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=95,SA)
77.40.0.0	17	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	RU TO-S-2019-0468 Malicious Web Application Activity
77.42.251.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	LB TO-S-2019-0626.01 Malware Activity
77.43.133.41	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=41,RU)
77.43.161.149	24	RR	None	2020-07-26 00:00:00	2020-10-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=149,RU)
77.43.220.208	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=208,RU)
77.45.111.126	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	PL TO-S-2020-0088 Malicious Email Activity
77.45.175.68	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
77.45.177.170	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=170,RU)
77.45.72.249	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	PL TO-S-2019-0409 Malicious Email Activity
77.52.145.242	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	US TO-S-2019-0747 Malware Activity
77.52.199.202	32	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Immediate Inbound Network Block - TT# 20C00814 (IP=202,US)
77.52.209.254	32	DT	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03382 (IP=254,UA)
77.53.230.44	24	KF	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02175 (IP=44,SE)
77.54.236.229	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	Illegal user - Failed Logons (IP=229,PT)
77.55.211.33	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password - Failed Logon (IP=33,PL)
77.55.235.148	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=148,PL)
77.58.124.151	24	BMP	None	2020-09-23 00:00:00	2020-12-23 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=151,CH)
77.61.11.131	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password - Failed Logons (IP=131,NL)
77.68.11.121	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	GB TO-S-2019-0577 Malicious Email Activity
77.68.16.186	32	CW	None	2019-12-19 00:00:00	2020-01-19 00:00:00	None	Unauthorized Access Attempt-TT# 20C01185 (IP=186,US)
77.68.2.229	24	RR	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - SourceFire (IP=229,GB)
77.68.2.34	24	KF	None	2020-03-15 00:00:00	2020-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C02141 (IP=34,GB)
77.68.2.90	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=90,GB)
77.68.20.150	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	GB TO-S-2019-0658 Malware Activity
77.68.24.183	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=183,GB)
77.68.3.204	24	BMP	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr Web Attacks (IP=204,GB)
77.68.3.46	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=46,GB)
77.68.64.13	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	US TO-S-2019-0351 Malicious Email Activity
77.68.89.84	24	RR	None	2020-08-13 00:00:00	2020-11-11 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=84,GB)
77.68.95.101	24	RB	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=101,GB)
77.69.163.234	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=234,BH)
77.70.13.111	24	RR	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Authentication Failed - Failed Logons (IP=111,BG)
77.70.96.195	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=195,BG)
77.71.128.0	17	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	MT TO-S-2019-0890.01 Malware Activity
77.72.169.210	32	nab	None	2020-09-21 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3906 CTR-20-1171 Suspicious network activity (IP=210,NL)
77.74.27.53	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=53,RU)
77.79.199.3	24	KF	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Failed password - 6 Hr Failed Logons (IP=3,PL)
77.79.246.200	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	PL TO-S-2019-0658 Malware Activity
77.81.104.0	21	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	RO TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason RO TO-S-2019-0864 Malware Activity
77.81.191.142	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=142,GB)
77.81.191.142	24	RW	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	UDP: Host Sweep (IP=142,GB)
77.81.191.142	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=142,GB)
77.81.229.207	24	BP	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=207,IT)
77.81.230.143	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=143,IT)
77.81.238.70	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user (IP=70,IT)
77.81.54.130	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Sourcefire (IP=130,RO)
77.81.8.0	21	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	RO TO-S-2019-0626.01 Malicious Email Activity
77.83.173.137	24	GM	None	2019-08-16 00:00:00	2020-09-10 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - Sourcefire (IP=137,NL) | updated by dbc with reason NL TO-S-2019-0972 Malware Activity
77.83.231.12	24	RW	None	2019-10-28 00:00:00	2020-01-28 00:00:00	None	- 6hr Failed Logon (IP=70,FR)
77.85.199.209	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=209,BG)
77.85.72.170	24	BMP	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr Web Attacks (IP=170,BG)
77.86.183.21	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=21,FI)
77.87.212.95	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=95,RU)
77.88.252.18	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=18,UA)
77.90.136.129	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	DE TO-S-2020-0190 Malware Activity
77.92.137.4	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	TR TO-S-2019-0613 Malware Activity
77.92.137.46	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	TR TO-S-2019-0613 Malware Activity
77.92.137.76	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	TR TO-S-2019-0613 Malware Activity
77.92.158.55	24	GLM	None	2018-08-09 05:00:00	2020-09-10 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=55,TR) | updated by dbc with reason TR TO-S-2019-0972 Malware Activity
77.98.190.7	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=7,GB)
78.100.194.80	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=80,QA)
78.100.218.107	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=107,QA)
78.100.232.133	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=133,QT)
78.100.254.193	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=193,QA)
78.100.87.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	QA TO-S-2019-0626.01 Malware Activity
78.101.173.197	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=197,QT)
78.101.94.130	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=130,QT)
78.104.145.227	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	AU TO-S-2019-0617 Malware Activity
78.105.153.150	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt- ARCSight Sauron (IP=150,GB)
78.105.250.26	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=26,GB)
78.106.78.54	24	BMP	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	Illegal user - 6hr Logons (IP=54, RU)
78.107.253.24	24	RR	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	Authentication Failed - Failed Logons (IP=24,RU)
78.108.69.2	24	GM	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	ABC Generic ArcSight scan attempt (IP=2,RU)
78.108.80.33	24	RB	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=33,RU)
78.109.16.0	20	dbc	None	2016-08-02 05:00:00	2020-02-11 00:00:00	None	UA TO-S-2016-0949 (16.0-31.255) Malicious Activity | updated by RR with reason Generic ArcSight scan attempt (IP=30,UA)
78.110.163.2	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	GB TO-S-2019-0409 Malicious Service Disruption Activity
78.110.50.131	24	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=131,RU)
78.110.50.154	24	RR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=154,RU)
78.111.248.0	24	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	RU TO-S-2019-0604 Malware Activity
78.116.57.55	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=55,FR)
78.128.112.78	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=78,BG)
78.129.129.75	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	GB TO-S-2020-0006 Command and Control Exploit
78.129.129.76	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	GB TO-S-2020-0006 Command and Control Exploit
78.129.138.116	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SQL HTTP URI blind injection attempt _SourceFire (IP=16,GB)
78.129.139.148	24	wmp	None	2018-12-18 06:00:00	2020-08-15 00:00:00	None	Powemuddy C&C (IP=148,GB) | updated by dbc with reason GB TO-S-2019-0890.01 Malicious Email Activity
78.129.234.106	24	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=106,GB)
78.13.22.194	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=194,IT)
78.130.144.40	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	BG TO-S-2019-0400 Malware Activity
78.130.212.201	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=201,BG)
78.131.11.10	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=10,HU)
78.134.17.52	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Authentication Failed - Failed Logons (IP=52,IT)
78.134.24.45	24	RR	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=45,IT)
78.134.24.45	24	RR	None	2020-04-25 00:00:00	2020-07-24 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=45,IT)
78.134.240.81	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=81,HR)
78.135.112.21	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=21,TR)
78.136.224.235	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	GB TO-S-2019-0430 Malware Activity
78.136.225.38	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	GB TO-S-2019-0430 Malware Activity
78.136.226.239	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	GB TO-S-2019-0430 Malware Activity
78.136.227.137	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	GB TO-S-2019-0430 Malware Activity
78.136.228.91	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	GB TO-S-2019-0430 Malware Activity
78.136.231.160	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	GB TO-S-2019-0430 Malware Activity
78.137.168.50	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	IE TO-S-2019-0634 Malicious Email Activity
78.139.64.0	18	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	RU TO-S-2019-0409 Malicious Email Activity
78.14.154.26	24	KF	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 78.14.154.26 (IP=26,IT)
78.140.221.0	24	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	RU TO-S-2019-1002 Malicious Email Activity
78.141.192.180	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	NL TO-S-2019-0852 Malicious Email Activity
78.141.202.155	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	GB TO-S-2019-1036 Malware Activity
78.141.208.92	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	NL TO-S-2019-0852 Malicious Email Activity
78.142.19.168	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	BG TO-S-2019-0831 Malicious Email Activity
78.142.208.211	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	TR TO-S-2020-0047 Malicious Email Activity
78.142.208.233	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	TR TO-S-2020-0006 Malicious Email Activity
78.142.29.152	32	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	BG TO-S-2020-0077 Malicious Web Application
78.142.47.14	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=14,BG)
78.142.63.57	24	djs	None	2015-12-28 06:00:00	2020-02-15 00:00:00	None	Webapp admin.php access attempts (ip=57,BG) | updated by dbc with reason BG TO-S-2019-0240.01 Malicious Email Activity | upd
78.146.96.246	32	RW	None	2020-06-08 00:00:00	2020-09-08 00:00:00	None	8316 HTTP Cross Site Scripting (String.fromCharCode) - TT# 20C03101 (IP=246,UK)
78.148.128.25	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	Authentication Failed (IP=25,GB)
78.148.130.253	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Authentication Failed (IP= 253 , GB )
78.15.157.197	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	IT TO-S-2019-0972 Malicious Web Application Activity
78.15.68.27	24	RW	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=27,CN)
78.15.97.189	24	RB	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=189,IT)
78.151.91.104	24	RB	None	2020-01-07 00:00:00	2020-04-06 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_Soucefire (IP=104 GB)
78.157.0.0	19	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	MK TO-S-2019-0409 Malicious Email Activity
78.157.209.34	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	ABC Generic ArcSight scan attempt (IP=34,GB)
78.157.212.10	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	GB TO-S-2019-0400 Malicious Email Activity
78.160.170.185	24	RR	None	2020-01-18 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=185,TR) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=185,TR) | updated by KF with reason SERVER-WEBAPP MVPower
78.161.189.201	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	TR TO-S-2019-0972 Malicious Web Application Activity
78.161.191.79	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=79,TR)
78.166.166.242	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=242,TR)
78.166.246.198	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=198,TR)
78.167.133.232	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=232,TR)
78.168.196.20	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=20,TR)
78.168.216.66	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=66,TR)
78.173.108.129	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,TR)
78.173.233.36	24	ABC	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	Generic ArcSight scan attempt (IP=36,TR)
78.174.204.79	24	RB	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_Sourcefire) (IP=79,TR)
78.175.69.132	32	RW	None	2020-04-03 00:00:00	2020-06-03 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02330 (IP=132,TR)
78.179.109.90	24	RB	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_6 hr web attacks (IP=90 TR) | updated by RW Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=90,TR)
78.179.134.189	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=189,TR)
78.179.254.177	24	RB	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	Failed password_6 hr Failed Logons (IP=177 TR)
78.180.15.134	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=134,TR)
78.180.221.140	24	RR	None	2020-01-17 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=140,TR) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=140,TR) | updated by RWB with reason Attempted Administra
78.181.173.54	32	RW	None	2020-04-03 00:00:00	2020-05-03 00:00:00	None	Known Attack Tool User Agent - TT# 20C02352 (IP=54,TR)
78.181.236.225	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=225,TR)
78.183.160.232	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=232,TR)
78.183.208.191	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=191,TR)
78.183.228.63	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
78.185.198.51	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=51,TR)
78.185.60.7	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	TR TO-S-2020-0006 Malicious Email Activity
78.186.12.146	24	DT	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=146,TR)
78.186.157.176	24	RR	None	None	2020-06-26 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=176,TR)
78.186.191.10	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=10,TR)
78.186.200.80	24	KF	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=80,TR)
78.186.220.249	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=249,TR)
78.186.248.243	24	RR	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=243,TR) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=243,TR)
78.186.46.248	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=248,TR)
78.186.62.137	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=137,TR)
78.186.71.23	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
78.187.133.243	24	RR	None	2017-12-01 06:00:00	2020-01-21 00:00:00	None	Severe network attack (IP=243,TR) | updated by GM with reason Illegal user - Failed Logons (IP=26,TR)
78.187.133.26	24	RW	None	2020-01-03 00:00:00	2020-04-03 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=26,TR)
78.187.19.88	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=88,TR)
78.187.213.180	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web attacks (IP=80,TR)
78.187.33.82	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=82,TR)
78.188.152.134	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=134,TR)
78.188.180.91	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=91,TR)
78.188.193.106	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=106,TR)
78.188.76.90	24	dbc	None	2014-03-22 05:00:00	2020-04-21 00:00:00	None	TCP Port Sweeps (ip=90,TR) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=96,TR)
78.188.76.96	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
78.188.76.96	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=96,TR)
78.189.141.203	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=168,QA)
78.189.29.56	24	KF	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=56,TR)
78.189.60.96	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=96,TR)
78.190.105.6	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=6,TR)
78.191.103.120	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=120,TR)
78.191.163.216	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=216,TR)
78.191.220.26	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=26,TR)
78.191.58.17	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	TR TO-S-2020-0006 Malicious Email Activity
78.195.178.119	24	KF	None	2018-08-29 05:00:00	2020-04-23 00:00:00	None	Authentication Failed (IP=119,) | updated by CW Block was inactive. Reactivated on 20200124 with reason Authentication Failed_Failed Logon (IP=19,FR)
78.198.69.64	24	EDBT	None	2017-11-13 06:00:00	2020-01-23 00:00:00	None	ET SCAN Potential SSH Scan (IP=64,FR) | updated by RR with reason Authentication Failed (IP=64,FR) | updated by CW Block was inactive. Reactivated on 20191025 with reason Authentication Failed_Failed Logon (IP=64,FR)
78.199.156.122	24	BMP	None	2019-12-21 00:00:00	2020-03-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=122,FR)
78.201.227.55	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	Authentication Failed - Failed Logons (IP=55,FR)
78.204.123.164	24	RR	None	2018-08-07 05:00:00	2020-04-07 00:00:00	None	Authentication Failed (IP=164,FR) | updated by KF with reason Authentication Failed (IP=164,FR) | updated by RW Block was inactive. Reactivated on 20200107 with reason Authentication Failed - 6hr Failed Logon(IP=164,FR)
78.22.13.155	24	RR	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Authentication Failed - Failed Logons (IP=155,BE)
78.22.215.162	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=162,BE)
78.220.252.101	24	RR	None	2019-10-16 00:00:00	2020-01-14 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=101,FR)
78.225.3.244	24	KF	None	2020-02-02 00:00:00	2020-05-08 00:00:00	None	Authentication Failed (IP=244,FR) | updated by GM Block expiration extended with reason Authentication Failed - Failed Logons (IP=244,FR)
78.228.85.81	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=81,FR)
78.229.102.39	24	RW	None	2019-10-02 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6 hr web attacks (IP=39,FR)
78.237.19.53	24	RR	None	2018-01-24 06:00:00	2020-05-17 00:00:00	None	Authentication Failed (IP=53,FR) | updated by CR with reason Authentication Failed (IP=53,FR)   | updated by RR Block was inactive. Reactivated on 20200217 with reason Authentication Failed - Failed Logons (IP=53,FR)
78.237.216.72	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=72,FR)
78.24.102.86	24	CR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Tomato router web interface bruteforce scan attempt - Web Attacks (IP=86,RU)
78.24.216.0	21	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	RU TO-S-2019-1036 Malicious Email Activity
78.245.214.158	24	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=158,FR)
78.246.12.231	24	CR	None	2020-01-13 00:00:00	2020-04-13 00:00:00	None	Authentication Failed - 6 hr Failed Logon (IP=231,FR)
78.246.35.3	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=3,FR)
78.26.3.53	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=53,NO)
78.28.49.145	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	PL TO-S-2019-0468 Malicious Email Activity
78.29.32.105	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=105,RU)
78.29.44.9	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=9,RU)
78.29.44.9	24	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=168,QA)
78.30.197.232	32	RW	None	2020-01-16 00:00:00	2020-02-16 00:00:00	None	UDS-Paros_RC8766 - TT# 20C01468(IP=232,UA)
78.31.71.113	24	CW	None	2019-12-27 00:00:00	2020-03-26 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt _SourceFire (IP=13,DE)
78.31.96.98	24	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=98,RU)
78.35.38.35	24	BP	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password for invalid user (IP= 35 , DE )
78.36.94.99	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	HTTP: SQL Injection - Exploit_Web attacks (IP=99,RU)
78.36.97.216	24	KF	None	2019-11-23 00:00:00	2020-02-21 00:00:00	None	Failed password (IP=216,RU)
78.37.70.231	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=231,RU)
78.40.230.121	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	TR TO-S-2019-0604 Malicious Email Activity
78.40.230.192	32	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	TR TO-S-2019-0515 Malicious Web Application Activity
78.41.93.6	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=6,RU)
78.43.55.100	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=100,DE)
78.46.153.217	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	DE TO-S-2019-0890.01 Malicious Email Activity
78.46.38.163	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	DE TO-S-2019-0382 Malicious Email Activity
78.46.48.115	24	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=115,DE)
78.46.52.232	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=232,DE)
78.46.69.126	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	DE TO-S-2019-0551.02 Malicious Email Activity
78.46.91.134	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=134,DE)
78.46.91.171	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=171,DE)
78.46.94.242	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Illegal user (IP=242,DE)
78.46.94.242	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Failed password (IP=242,DE)
78.46.97.243	24	ged	None	2016-07-18 05:00:00	2020-07-29 00:00:00	None	ET SCAN Potential SSH Scan (IP=243, DE) | updated by dbc with reason DE TO-S-2019-0734.01 Malicious Email Activity | updated by dbc with reason DE TO-S-2019-0852 Malicious Email Activity
78.47.111.50	24	GM	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=50,DE)
78.47.235.33	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=33,DE)
78.47.238.206	24	RR	None	2020-08-06 00:00:00	2020-11-04 00:00:00	None	SERVER-WEBAPP Cisco ASA directory traversal attempt - SourceFire (IP=206,DE)
78.47.26.210	24	RR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=210,DE)
78.47.51.201	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=201,DE)
78.47.65.201	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=201,DE)
78.47.73.197	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	DE TO-S-2019-0604 Malware Activity
78.47.84.159	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=159,DE)
78.47.89.169	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=169,DE)
78.57.162.165	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=165,LT)
78.68.228.150	24	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=150,SE)
78.68.7.64	24	BMP	None	2020-03-10 00:00:00	2020-04-10 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02109 (IP=64,SE)
78.70.250.235	24	RR	None	2020-03-13 00:00:00	2020-06-11 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=235,SW)
78.71.183.200	24	RR	None	2020-03-05 00:00:00	2020-06-03 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=200,SE)
78.71.183.200	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=200,SE)
78.72.16.149	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability_Web Attacks (IP=49,SE)
78.72.255.180	32	KF	None	2020-03-07 00:00:00	2020-06-05 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02050 (IP=180,US)
78.83.94.45	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=45,BG)
78.9.28.241	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password (IP=241,PL)
78.90.67.126	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=126,BR)
78.92.211.179	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=179,HU)
78.92.235.225	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=225,HU)
78.94.162.39	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	Failed password for invalid user_Failed Logon (IP=39,DE)
78.98.29.8	24	RW	None	2019-12-25 00:00:00	2020-03-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=8,SK)
78.99.96.85	24	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Authentication Failed - 6hr Logons (IP=85,SK)
79.10.33.19	24	RB	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt_6 hr web attacks (IP=19,IT)
79.101.0.0	16	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	RS TO-S-2019-0952 Malware Activity
79.105.0.0	16	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	RU TO-S-2019-0952 Malware Activity
79.106.26.146	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=146,AL)
79.11.236.114	24	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=114,IT)
79.110.24.44	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=44,NL)
79.110.24.49	24	RR	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Phish.Url  (IP=49,NL)
79.110.253.0	24	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	RU TO-S-2020-0006 Malicious Email Activity
79.110.27.11	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	CZ TO-S-2020-0056 Malicious Web Application Activity
79.110.27.59	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	CZ TO-S-2020-0056 Malicious Web Application Activity
79.110.27.61	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	CZ TO-S-2020-0056 Malicious Web Application Activity
79.110.27.73	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	CZ TO-S-2020-0056 Malicious Web Application Activity
79.118.133.87	24	RR	None	2020-01-17 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=87,RO) | updated by RWB with reason Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,RO)
79.119.218.40	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=40,RO)
79.120.196.13	24	RW	None	2020-04-07 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=13,HU)
79.120.49.36	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=36,RU)
79.121.58.41	24	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=41,HU)
79.124.49.78	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	BG TO-S-2019-1036 Malicious Web Application Activity
79.124.60.124	24	RB	None	2017-10-28 05:00:00	2020-03-13 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=124,BG) | updated by dbc with reason BG TO-S-2019-0492 Malware Activity
79.124.62.18	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=18,BG)
79.124.75.164	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=164,BG)
79.124.78.166	32	dbc	None	2020-08-04 00:00:00	2020-08-04 00:00:00	None	HIVE Case #3470 CTO-20-210 EUCOM JCC SR 101-20 (IP=166,BG)
79.124.8.110	24	RB	None	2019-09-23 00:00:00	2020-02-02 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=110,GB) | updated by RR with reason Unauthorized Access-Probe - TT# 20C01323 (IP=3,NL)
79.124.8.95	32	GM	None	2020-04-21 00:00:00	2020-07-21 00:00:00	None	Firewall Logs IP Block - TT # 20C02544 (IP=95,NL)
79.126.0.0	17	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
79.126.143.87	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=87,MK)
79.13.200.36	24	BMP	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=36,IT)
79.13.202.183	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=183,IT) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=183,IT)
79.133.27.17	24	BMP	None	2020-03-23 00:00:00	2020-06-21 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=17,FI)
79.133.6.141	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Illegal user (IP=41,FI)
79.134.235.87	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=87,CN)
79.134.235.89	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=89,CN)
79.135.245.89	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=89,RU)
79.135.35.227	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=227,IT)
79.136.121.145	24	BMP	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C01927 (IP=145,SE)
79.136.57.130	24	BMP	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent/ BOT: Mirai Echobot Activity Detected - TT# 20C01963 (IP=130,SE)
79.137.104.163	32	KF	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Immediate Inbound Network Block - TT# 20C00918 (IP=163,US)
79.137.34.89	24	KF	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=89,FR)
79.137.35.70	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password_6 Hr Failed Logons (IP=70,FR)
79.137.65.179	24	RW	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	Unauthorized Scanning (IP=179,FR)
79.137.72.121	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=121,FR)
79.137.75.32	24	CR	None	2019-01-17 00:00:00	2020-02-06 00:00:00	None	Failed password for invalid user user (IP=32,IT) | updated by RR with reason Failed password - Failed Logons (IP=5,FR)
79.137.79.167	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Authentication Failed - 6hr Logon (IP=167,FR)
79.137.85.223	32	wmp	None	2020-07-13 00:00:00	2020-10-13 00:00:00	None	HIVE Case #3322 CTO-20-193 (IP=223,FR)
79.137.86.70	24	GLM	None	2018-06-30 05:00:00	2020-03-11 00:00:00	None	INDICATOR-SC AN SSH brute force login attempt (IP=70,IT) | updated by dbc with reason FR TO-S-2019-0468 Malicious Email Activi
79.139.128.0	17	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
79.140.30.34	24	RW	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Generic ArcSight scan attempt (IP=34,RU)
79.141.160.0	20	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	SE TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason SE TO-S-2020-0212.01 Malware Activity
79.143.181.158	24	ged	None	2016-01-07 06:00:00	2020-08-22 00:00:00	None	ET SCAN Potential SSH Scan (IP=158, DE) | updated by dcg with reason DE TO-S-2019-0034 Indicator associated with malware activ | updated by dbc with reason DE TO-S-2019-0926 Malicious Email Activity
79.143.182.188	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=188,DE)
79.143.182.254	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	DE TO-S-2019-1036 Malicious Email Activity
79.143.183.86	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=86,DE)
79.143.62.101	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=101,GB)
79.143.62.13	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=13,DE)
79.146.70.186	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C01899 (IP=186,ES)
79.16.87.181	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=181,IT)
79.161.114.38	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - Failed Logons (IP=38,NO)
79.162.241.131	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	PL TO-S-2020-0006 Malware Activity
79.167.119.124	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=124,GR)
79.170.198.81	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=81,GB)
79.170.94.244	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	NL TO-S-2019-0571 Malicious Email Activity
79.172.0.0	18	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
79.172.126.171	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=171,RU)
79.172.252.112	32	wmp	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HIVE Case #3445 COLS-NA-TIP-20-0243 (IP=112,HU)
79.172.252.26	24	JC	None	2014-12-03 06:00:00	2020-06-18 00:00:00	None	TCP HOST SWEEPS (IP=26 , HU) | updated by dbc with reason HU TO-S-2019-0747 Malicious Email Activity
79.173.243.92	24	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=92,JO)
79.174.1.20	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	TR TO-S-2019-0658 Malware Activity
79.175.216.82	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=82,PL)
79.177.65.203	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=203,IL)
79.178.170.195	24	GM	None	2020-09-30 00:00:00	2020-12-30 00:00:00	None	FTP Login Failed - Failed Logons (IP=195,IL)
79.18.202.120	24	GM	None	2020-07-24 00:00:00	2020-10-24 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=120,IT)
79.182.64.79	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=79,CN)
79.183.44.192	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=192,IL)
79.187.90.22	24	RB	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Illegal user_6 hr Failed Logons (IP=22,PL)
79.188.68.90	24	RR	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Invalid user - Failed Logons (IP=90,)
79.190.119.50	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=50,PL)
79.192.39.137	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=137,DE)
79.198.48.63	24	RR	None	2018-03-21 05:00:00	2020-01-14 00:00:00	None	Authentication Failed (IP=63,DE) | updated by RR with reason Authentication Failed - Failed Logons (IP=119,DE)
79.2.138.202	24	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - Failed Logons (IP=202,IT)
79.23.240.194	24	RR	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Authentication Failed - Failed Logons (IP=194,IT)
79.23.35.156	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Sourcefire (IP=156,IT)
79.23.93.170	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=170,IT)
79.24.39.184	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=184,IT)
79.25.20.31	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=31,IT)
79.27.188.148	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=148,IT)
79.27.233.215	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=15,IT)
79.27.52.203	24	RR	None	2020-01-17 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=203,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=203,IT)
79.3.12.121	24	CR	None	2020-04-04 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=121,IT)
79.3.199.89	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt_Web attacks (IP=89,IT)
79.3.225.210	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=210,IT)
79.3.6.207	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=207,IT)
79.31.0.17	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=17,IT)
79.31.11.29	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=29,IT)
79.36.118.118	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=118,IT)
79.41.12.68	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Authentication Failed (IP=68,IT)
79.41.139.11	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=11,IT)
79.46.136.99	24	RW	None	2020-01-09 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=99,IT) | updated by GM Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=99,IT)
79.47.224.48	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=48,IT)
79.49.222.61	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=61,IT)
79.49.231.195	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=195,IT)
79.51.219.103	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=103,IT)
79.52.28.230	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=230,IT)
79.53.42.252	24	KF	None	2019-12-11 00:00:00	2020-03-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=252,IT)
79.53.62.93	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=93,IT)
79.54.81.141	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Authentication Failed - Failed Logons (IP=141,IT)
79.55.26.214	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Sourcefire (IP=214,IT)
79.56.148.97	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=97,IT)
79.58.199.241	24	RB	None	2020-04-08 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (IP=241,IT) | not blocked: This is a signature for home routers.
79.58.50.145	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=145,IT)
79.60.48.2	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=2,IT)
79.62.158.81	32	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	Possible SQLi attempt / HTTP: Blind SQL Injection - Timing - TT# 20C02367 (IP=81,IT)
79.7.146.245	24	GM	None	2020-07-24 00:00:00	2020-10-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=245,IT)
79.7.196.34	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=34,IT)
79.7.234.85	24	RW	None	2019-12-23 00:00:00	2020-03-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=85,IT)
79.77.189.207	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=207,UK)
79.79.56.144	24	RB	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt_SourceFire (IP=144,GB)
79.8.100.126	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=126,IT)
79.8.100.126	32	RR	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Mirai Echobot Activity Detected - TT# 20C02451 (IP=126,IT)
79.8.225.68	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (1:52277:1) (IP=68,IT)
79.8.64.93	24	RR	None	2019-05-18 00:00:00	2020-10-27 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=93,IT) | updated by CR Block was inactive. Reactivated on 20200727 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=93,
79.8.96.118	24	GM	None	2020-07-05 00:00:00	2020-10-05 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=118,IT)
79.93.126.67	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=67,FR)
79.96.133.187	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	PL TO-S-2019-0631 Malicious Email Activity
79.96.169.123	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	PL TO-S-2019-0577 Malicious Email Activity
79.96.208.74	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	PL TO-S-2019-0351 Malicious Email Activity
79.98.129.246	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password_6 hr Failed Logons (IP=246 TR)
8.208.0.0	16	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	CN TO-S-2019-0972 Malicious Email Activity
8.208.0.0	12	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	CN TO-S-2019-1036 Malicious Web Application Activity
8.208.23.225	32	wmp	None	2020-07-20 00:00:00	2020-10-20 00:00:00	None	HIVE Case #3374 COLS-NA-TIP-20-0228 (IP=225,GB)
8.209.77.22	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	DE TO-S-2019-0972 Malicious Email Activity
8.210.221.67	32	RR	None	2020-07-18 00:00:00	2020-10-16 00:00:00	None	Known Attack Tool User Agent V2/BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C03500 (IP=67,SG)
8.26.21.120	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0777 Malicious Email Activity
8.26.21.220	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	US TO-S-2019-0777 Malicious Email Activity
8.31.233.159	32	wmp	None	2020-08-12 00:00:00	2020-11-12 00:00:00	None	HIVE Case #3477 COLS-NA-TIP-20-0244 (IP=159,US)
8.42.79.215	32	KF	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	Known Attack Tool User / BOT: Mirai Echobot - TT# 010420-00018 (IP=215,US)
80.103.163.66	24	BP	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=66,ES)
80.109.225.76	24	KF	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=76,AT) 202.79.173.12/24
80.11.44.112	24	RR	None	2018-12-21 06:00:00	2020-04-03 00:00:00	None	Illegal user (IP=112,FR) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=105,FR)
80.110.34.113	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=113,AS)
80.114.37.232	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=232,NL)
80.119.20.113	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=113,FR)
80.12.87.219	24	RR	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=219,FR) | updated by RW Block expiration extended with reason SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Sourcefire
80.127.254.181	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	NL TO-S-2019-0734.01 Malicious Email Activity
80.13.111.77	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=77,FR)
80.13.145.60	24	GLM	None	2018-07-24 05:00:00	2020-05-31 00:00:00	None	SERVER-WEBAPP AirLink101 SkyIPCam snwrite.cgi command injection attempt (IP=60,FR) | updated by GM Block was inactive. Reactivated on 20200301 with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=60,F
80.135.227.186	24	CW	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=86,DE)
80.14.148.237	24	wmp	None	2018-06-26 05:00:00	2020-03-28 00:00:00	None	command injection attempt (IP=237,FR) | updated by BMP Block was inactive. Reactivated on 20200228 with reason Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01877 (IP=237,FR)
80.147.173.186	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	DE TO-S-2019-0658 Malware Activity
80.147.238.88	24	RW	None	2020-09-04 00:00:00	2020-12-04 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=88,DE)
80.15.121.187	24	MLJ	None	2017-12-11 06:00:00	2020-03-15 00:00:00	None	ET SCAN Potential SSH Scan (IP=187,BR) | updated by KF Block was inactive. Reactivated on 20191216 with reason Illegal user (IP=187,FR)
80.15.167.107	24	GLM	None	2018-08-09 05:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=107,FR) | updated by dlb with reason FR TO-S-20 | updated by GM Block was inactive. Reactivated on 20200229 with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi comma
80.15.21.65	24	RW	None	2020-03-10 00:00:00	2020-06-10 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=65,FR)
80.150.162.146	24	GM	None	2019-12-06 00:00:00	2020-03-06 00:00:00	None	Invalid user - Failed Logons (IP=146,DE)
80.16.11.78	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - 6hr web attacks (IP=78,IT)
80.17.57.197	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt_Web attacks (IP=97,IT)
80.17.64.74	24	RB	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt_6 hr web attacks (IP=74 IT)
80.172.234.14	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	PT TO-S-2019-0613 Malicious Email Activity
80.172.234.15	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	PT TO-S-2019-0532 Malware Activity
80.173.224.81	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	ES TO-S-2019-0734.01 Malicious Email Activity
80.175.48.130	24	RR	None	2018-02-25 06:00:00	2020-04-08 00:00:00	None	APP-DETECT failed FTP login attempt (IP=130,GB) | updated by dbc with reason GB TO-S-2019-0577 Malicious Web Application Acti
80.18.113.223	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=23,IT)
80.18.67.238	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=38,IT)
80.180.55.117	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=117,IT)
80.183.230.208	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=8,IT)
80.184.96.0	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=0,KW)
80.189.238.22	24	KF	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=22,GB)
80.19.160.157	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - SourceFire (IP=157,IT)
80.2.140.189	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=189,GB)
80.209.249.242	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	PL TO-S-2019-0610 Malicious Email Activity
80.21.229.186	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - Web Attacks (IP=186,IT)
80.21.75.143	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt_Web attacks (IP=43,IT)
80.210.18.115	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_12 hr web attacks (IP=115,IR)
80.211.0.160	24	RWB	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed password - sourcefire (IP=160,IT)
80.211.117.21	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=21,IT)
80.211.128.151	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password for invalid user_Failed Logon (IP=51,IT)
80.211.136.132	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=132,IT)
80.211.136.132	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (IP=132,IT)
80.211.137.114	24	RR	None	2018-02-08 06:00:00	2020-03-08 00:00:00	None	ET SCAN Potential SSH Scan (IP=114,DK) | updated by GLM with reason Illegal user (IP=86,IT) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=12,IT)
80.211.141.225	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan
80.211.141.225	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=225,IT)
80.211.154.102	24	EDBT	None	2017-11-19 06:00:00	2020-02-01 00:00:00	None	ET SCAN Potential SSH Scan (IP=102,IT) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=91,IT)
80.211.159.61	24	RR	None	2018-05-31 05:00:00	2020-02-04 00:00:00	None	ET SCAN Potential SSH Scan (IP=61,DK) | updated by RW with reason Authentication Failed - 6hr Failed Logon(IP=118,IT)
80.211.169.93	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=93,IT)
80.211.171.77	24	YM	None	2018-03-22 05:00:00	2020-03-07 00:00:00	None	ET SCAN Potential SSH Scan (IP=77,DK) | updated by MLJ with reason ET SCAN Potential SSH Scan (IP=77,DK) | updated by GM with reason Invalid user - Failed Logons (IP=78,IT)
80.211.172.61	24	ABC	None	2018-02-11 06:00:00	2020-01-29 00:00:00	None	Generic ArcSight scan attempt (IP=61,XX) | updated by RB with reason Failed password_6 hr Failed Logons (IP=45 IT) | 2020-01-29 | 2018-05-12
80.211.179.154	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=154,IT)
80.211.180.23	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=23,IT)
80.211.189.181	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=181,IT)
80.211.221.154	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=154,Czech Republic)
80.211.237.71	24	RR	None	2017-12-14 06:00:00	2020-03-01 00:00:00	None	ET SCAN Potential SSH Scan (IP=71,DK) | updated by RB with reason Failed password_6 hr Failed Logons (IP=180,IT) | 2020-03-01 | 2018-03-14
80.211.240.4	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	ABC Generic ArcSight scan attempt (IP=4,PL)
80.211.241.202	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Unauthorized Scanning (IP=202,no ISC data)
80.211.243.183	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=183,no ISC data)
80.211.244.62	24	CR	None	2019-02-14 00:00:00	2020-02-12 00:00:00	None	RECONNAISSANCE - UDP PORTSCAN (IP=62,PL) | updated by GM with reason Invalid user - Failed Logons (IP=72,PL)
80.211.245.65	24	RB	None	2019-01-12 06:00:00	2020-01-31 00:00:00	None	Illegal user (IP=65,PL) | updated by RB with reason Generic ArcSight scan attempt (IP=232,PL) | 2020-01-31 | 2019-04-12
80.211.246.121	24	GM	None	2019-01-11 06:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=121,PL) | updated by GLM with reason ABC Generic ArcSight scan attempt (IP=191,PL)
80.211.249.150	24	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=150,PL)
80.211.251.77	24	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=77,PL)
80.211.30.166	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=166,IT)
80.211.35.16	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
80.211.42.205	24	RR	None	2018-05-19 05:00:00	2020-04-03 00:00:00	None	ET SCAN Potential SSH Scan (IP=205,DK) | updated by MLJ with reason ET SCAN Potential SSH Scan (IP=205, | updated by GM with reason Illegal user - Failed Logons (IP=136,IT)
80.211.45.85	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=85,IT)
80.211.48.154	24	RR	None	2018-05-24 05:00:00	2020-02-04 00:00:00	None	ET SCAN Potential SSH Scan (IP=154,DK) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=46,IT)
80.211.48.41	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	IT TO-S-2019-1036 Malicious Email Activity
80.211.51.116	24	KF	None	2019-12-10 00:00:00	2020-03-09 00:00:00	None	Failed password (IP=116,IT)
80.211.57.189	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=189,IT)
80.211.59.139	24	wmp	None	2018-06-14 05:00:00	2020-01-31 00:00:00	None	known scanner tool muieblackcat IT | updated by RB with reason Failed password_6 hr Failed Logons (IP=160,IT) | 2020-01-31 | 2018-09-14
80.211.67.245	24	RB	None	2018-10-12 05:00:00	2020-02-19 00:00:00	None	DLINK Command Injection - New Exploit URL (IP=245,IT) | updated by RB with reason Failed password_6 hr Failed Logons (IP=90,IT) | 2020-02-19 | 2019-01-10
80.211.78.155	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
80.211.79.117	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=117,IT)
80.211.86.245	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Failed password -Failed Logons (IP=245,IT)
80.211.9.209	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	IT TO-S-2019-1002 Malware Activity
80.211.9.57	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=57,IT)
80.212.153.176	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=176,NO)
80.212.155.115	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Authentication Failed (IP=115,NO)
80.212.220.16	24	CR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	Authentication Failed - 6 hr Failed Logon (IP=16,NO)
80.217.187.167	24	BMP	None	2020-03-17 00:00:00	2020-06-16 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=167,SE)
80.22.178.53	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=53,IT)
80.22.196.102	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=102,IT)
80.22.20.166	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=66,IT)
80.22.8.239	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - SourceFire (IP=239,IT)
80.227.11.110	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (IP=110,AE)
80.228.202.171	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=171,DE)
80.228.4.194	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Failed password - Failed Logons (IP=194,DE)
80.229.157.225	24	RR	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - Failed Logopns (IP=225,GB)
80.229.242.89	24	CW	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	Authentication Failed_Failed Logon (IP=89,GB)
80.229.253.212	24	RR	None	2018-12-07 06:00:00	2020-01-23 00:00:00	None	Timeout before authentication for (IP=212,GB) | updated by CW Block was inactive. Reactivated on 20191025 with reason Illegal user_Failed Logon (IP=12,GB)
80.232.246.116	24	KF	None	2019-10-28 00:00:00	2020-01-27 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=116,LV) | updated by KF with reason Failed password_6 Hr Failed Logons (IP=116,LV)
80.233.128.0	17	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	LV TO-S-2020-0187 Malicious Email Activity
80.233.134.250	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	EE TO-S-2019-0613 Malware Activity
80.24.44.11	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2/BOT: Mirai Echobot Activity Detected - TT# 20C02418 (IP=11,ES)
80.24.44.11	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=11,ES) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=11,ES)
80.24.45.133	32	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00945 (IP=133,ES)
80.240.21.179	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	DE TO-S-2020-0088 Malicious Web Application Activity
80.240.22.44	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	DE TO-S-2019-0640.01 Malware Activity
80.240.23.80	24	CR	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Sourcefire (IP=80,DE)
80.240.28.242	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	DE TO-S-2020-0190 Malware Activity
80.241.210.59	24	MLJ	None	2018-02-12 06:00:00	2020-08-22 00:00:00	None	ET SCAN Potential SSH Scan (IP=59,DE) | updated by dbc with reason DE TO-S-2019-0926 Malicious Email Activity
80.241.221.121	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	DE TO-S-2019-0926 Malicious Email Activity
80.241.231.192	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=192,IT)
80.245.104.0	23	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	HK TO-S-2019-0852 Malicious Email Activity
80.245.106.4	24	CR	None	2018-09-24 05:00:00	2020-04-21 00:00:00	None	FIREEYE Web: Malware Callback Detected (IP=4,FR) | updated by RW with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 19C03121 (IP=3,US) | updated by RR with reason INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (I
80.247.226.157	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=157,FR)
80.248.10.251	24	RR	None	2020-04-13 00:00:00	2020-07-12 00:00:00	None	UDP: Host Sweep (IP=251,NG)
80.248.18.233	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	IS TO-S-2019-0468 Malicious Email Activity
80.249.112.0	22	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,IR)
80.249.144.0	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=0,RU)
80.249.163.142	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	HU TO-S-2019-0972 Malicious Email Activity
80.25.146.165	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Authentication Failed - 6hr Logons (IP=165,ES)
80.250.82.94	24	RR	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=94,RU)
80.250.82.94	32	RB	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C04013 (IP=94,RU)
80.253.245.36	24	RR	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=36,TR)
80.253.248.34	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	TR TO-S-2019-0604 Malicious Email Activity
80.253.29.58	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=58,RU)
80.255.10.229	32	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	DE TO-S-2019-0515 Malware Activity
80.255.130.19	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Invalid user - Failed Logons (IP=19,RU)
80.255.3.0	24	tjh	None	2015-10-07 05:00:00	2020-04-26 00:00:00	None	DE TO-S-2016-0003 | updated by jky with reason DE TO-S-2017-1189 Malicious activity | updated by jky with reason DE TO-S-201
80.26.159.222	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=222,ES)
80.26.35.18	24	GM	None	2019-11-11 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=18,ES)
80.37.216.40	24	DT	None	2020-04-20 00:00:00	2020-07-19 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=40,ES)
80.4.210.162	24	BMP	None	2020-01-15 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=162,GB) | updated by RB Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=162 GB)
80.43.205.224	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Web Attacks(IP=224,GB)
80.52.199.93	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Invalid user_6 hr Failed Logons (IP=93 PL)
80.58.139.96	24	GM	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=96,ES)
80.58.157.231	24	RR	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Failed password - Failed Logons (IP=231,)
80.6.71.97	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=97,UK)
80.66.85.2	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=2,RU)
80.67.18.14	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	DE TO-S-2019-0409 Malicious Email Activity
80.67.220.6	24	GM	None	2020-03-01 00:00:00	2020-05-01 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=6,RU)
80.68.105.7	24	RR	None	2020-08-04 00:00:00	2020-11-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=7,SW)
80.69.49.25	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	Illegal user (IP=25,AZ)
80.74.137.24	24	sjl	None	2014-09-09 05:00:00	2020-06-18 00:00:00	None	MALWARE-CNC: OSINT : China Chopper PHP/Backdoor Detected (IP=24 | updated by dbc with reason CH TO-S-2019-0734.01 Malicious Email Activity
80.74.158.140	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	CH TO-S-2019-0546 Malicious Email Activity
80.74.227.71	24	GM	None	2020-08-11 00:00:00	2020-11-10 00:00:00	None	SERVER-WEBAPP pChart script parameter directory traversal attempt - Sourcefire (IP=71,GB)
80.74.227.71	32	FT	None	2020-08-10 00:00:00	2020-11-10 00:00:00	None	SERVER-WEBAPP pChart script parameter directory traversal attempt - Sourcefire (IP=214,GB)
80.74.75.244	24	RR	None	2020-05-09 00:00:00	2020-08-07 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=244,FR)
80.77.157.82	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	MK TO-S-2019-0658 Malware Activity
80.78.250.21	24	BLP	None	2016-09-23 05:00:00	2020-02-20 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=21,RU) | updated by dbc with reason RU TO-S-2019-0420 Malicious Email Activity
80.79.179.2	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Failed password for invalid user - Failed Logons (IP=2,RU)
80.80.163.110	24	MWH	None	2016-12-05 06:00:00	2020-08-15 00:00:00	None	ET CINS Active Threat Intelligence Poor Reputation IP & Misc Web Attack (IP=110) | updated by dbc with reason RS TO-S-2019-0890.01 Malicious Email Activity
80.81.85.205	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=205,ES)
80.82.65.13	24	dbc	None	2014-03-23 05:00:00	2020-01-17 00:00:00	None	DNS query amplification (ip=13,NL) | updated by ABC with reason Bro-observed Port Scanning (IP=186, NL) | updated by ged wit | updated by RR with reason Generic ArcSight scan attempt (IP=40,NL)
80.82.65.190	24	RR	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=190,NL)
80.82.67.40	24	EDBT	None	2016-12-31 06:00:00	2020-02-15 00:00:00	None	ET SCAN Potential VNC Scan 5900-5920 (IP=40,NL) | updated by jkc with reason ET SCAN Potential VNC Scan 5900-5920 (IP=40, NL)
80.82.70.138	24	djs	None	2014-05-18 05:00:00	2020-01-19 00:00:00	None	DNS Scans (ip=138,NL 53 | updated by ABC with reason Bro-observed Port Scanning (IP=198, NL) | updated by wmp with reason Su | updated by GM with reason ABC Generic ArcSight scan attempt (IP=239,SC)
80.82.70.178	24	RB	None	2020-08-22 00:00:00	2020-11-20 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat - Sourcefire (IP=178,SC)
80.82.77.33	24	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - sourcefire (IP=33,NL)
80.82.78.100	24	djs	None	2014-03-10 05:00:00	2020-01-17 00:00:00	None	TCP Host Sweep (ip=100,NL) | updated by klb with reason SCAN Potential VNC Scan 5900-5920 (IP=166 NL) | updated by sjl with | updated by RR with reason Generic ArcSight scan attempt (IP=100,NL)
80.83.224.0	20	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
80.85.86.175	24	CR	None	2019-12-21 00:00:00	2020-03-21 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt_Sourcefire (IP=175,GB)
80.85.87.122	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	GB TO-S-2019-1036 Malicious Email Activity
80.87.203.9	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=9,RU)
80.88.87.159	32	wmp	None	2020-07-22 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=159,IT) | updated by wmp Block expiration extended with reason HIVE Case #3430 COLS-NA-TIP-20-0237 (IP=159,IT)
80.90.87.201	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	AL TO-S-2019-0890.01 Malicious Email Activity
80.93.90.133	24	dbc	None	2015-03-24 05:00:00	2020-06-18 00:00:00	None	Potential SSH Scan (IP=133, FR) | updated by dbc with reason FR TO-S-2019-0747 Malware Activity
80.94.52.76	24	GM	None	2019-03-27 00:00:00	2020-04-17 00:00:00	None	Malicious IP (IP=76,SK) | updated by dbc with reason SK TO-S-2019-0604 Malicious Email Activity
80.95.45.181	24	EDBT	None	2017-11-19 06:00:00	2020-01-16 00:00:00	None	ET SCAN Potential SSH Scan (IP=181,RU) | updated by MLJ with reason ET SCAN Potential SSH Scan (IP=143,RU) | updated by GM | updated by RR with reason Known Malicious URL (IP=118,RU)
80.98.98.180	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=180,HU)
81.10.23.139	32	RR	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=139,EG)
81.11.180.43	24	KF	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=43,BE)
81.130.193.35	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password for invalid user - Failed Logons (IP=35,GB)
81.130.234.235	24	RR	None	2019-01-19 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid user (IP=235,GB) | updated by CW Block was inactive. Reactivated on 20191201 with reason Failed password for invalid
81.133.111.101	24	RR	None	2018-12-22 06:00:00	2020-04-24 00:00:00	None	Illegal user (IP=101,GB) | updated by GM with reason Illegal user - Failed Logons (IP=101,GB) | updated by RW Block was inactive. Reactivated on 20200124 with reason Authentication Failed - 6hr Failed Logon(IP=101,UK)
81.133.12.221	24	RR	None	2018-12-06 06:00:00	2020-01-27 00:00:00	None	Illegal user (IP=221,GB) | updated by GM with reason Illegal user - Failed Logons (IP=221,GB)
81.133.142.45	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=174,CN)
81.133.189.239	24	YM	None	2017-10-27 05:00:00	2020-05-17 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt (IP=239,GB) | updated by CR with reason Timeout before authenticatio | updated by GM with reason Illegal user - Failed Logons (IP=239,GB) | updated by RR Block was inactive. Reactivated on 2020
81.133.216.92	24	YM	None	2017-10-23 05:00:00	2020-04-04 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt (IP=92,GB) | updated by GLM with reason Illegal user (IP=92,GB) | updated by CW Block was inactive. Reactivated on 20200105 with reason Illegal user_Failed Logon (IP=92,GB)
81.136.255.20	24	YM	None	2017-10-23 05:00:00	2020-01-23 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt (IP=20,GB) | updated by RR with reason Timeout before authentication | updated by RR with reason Illegal user - Failed Logons (IP=20,GB)
81.139.39.150	24	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	SQL generic sql update injection attempt - GET parameter - Web Attacks (IP=150,GB)
81.139.60.251	24	GM	None	2019-03-27 00:00:00	2020-01-06 00:00:00	None	Illegal user (IP=251,GB) | updated by RR with reason Authentication Failed - Failed Logons (IP=251,GB)
81.140.212.197	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=197,GB)
81.140.228.186	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=186,GB)
81.145.158.178	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=178,UK) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
81.147.16.124	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=124,GB)
81.149.117.127	24	BMP	None	2019-12-23 00:00:00	2020-03-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - SourceFire (IP=127,GB)
81.149.211.134	24	RR	None	2017-11-28 06:00:00	2020-01-15 00:00:00	None	Illegal user (IP=134,GB) | updated by GLM with reason Failed password (IP=134,GB) | updated by GM with reason Illegal user - Failed Logons (IP=134,GB)
81.154.171.85	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=85,GB)
81.156.12.173	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Authentication Failed_Failed Logon (IP=73,GB)
81.16.0.0	20	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	AM TO-S-2020-0012 Malware Activity
81.16.136.29	32	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Immediate Inbound Network Block - TT# 20C00502 (IP=29,US)
81.16.28.133	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	NL TO-S-2020-0065 Malicious Email Activity
81.161.209.156	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=56,RU)
81.161.213.252	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=252,RU)
81.161.67.95	24	FT	None	2020-08-31 00:00:00	2020-11-30 00:00:00	None	MALWARE-OTHER Executable control panel file download request - Sourcefire (IP=95,CZ) | updated by RR Block expiration extended with reason SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=95,CZ)
81.169.131.112	24	sjl	None	2014-07-24 05:00:00	2020-02-14 00:00:00	None	ET SCAN Potential SSH Scan (IP=112, DE) | updated by dbc with reason DE TO-S-2019-0400 Malicious Email Activity
81.169.140.14	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	DE TO-S-2019-1036 Malicious Email Activity
81.169.144.135	24	RB	None	2017-01-13 06:00:00	2020-09-03 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=135,DE) | updated by RR Block was inactive. Reactivated on 20200603 with reason HTTP: SQL Injection - Exploit II - Web Attacks (IP=135,DE)
81.169.145.156	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=156,DE)
81.169.145.158	32	tjh	None	2014-05-02 05:00:00	2020-11-29 00:00:00	None	DE TO-S-2014-0668 | updated by jky with reason DE TO-S-2018-0178 Malware activity | updated by wmp Block was inactive. Reactivated on 20200831 with reason HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=158,DE)
81.169.145.159	24	RR	None	2020-09-03 00:00:00	2020-12-03 00:00:00	None	Phish.URL.Emotet - Case #3670 (IP=159,DE)
81.169.145.162	32	wmp	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=162,DE)
81.169.145.163	24	klb	None	2015-03-19 05:00:00	2020-06-07 00:00:00	None	Trojan.Drixed callbacks (IP=163 DE) | updated by jky with reason DE TO-S-2017-0293 Malicious Spearphishing email | updated b | updated by dbc with reason DE TO-S-2019-0723 Malicious Email Activity
81.169.145.68	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=68,DE)
81.169.145.86	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=86,DE)
81.169.145.90	32	wmp	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=90,DE)
81.169.235.54	32	wmp	None	2020-08-19 00:00:00	2020-11-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=54,DE)
81.17.149.238	24	RR	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Illegal user - Failed Logons (IP=238,RU)
81.17.16.149	24	RR	None	2020-07-19 00:00:00	2020-10-17 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=149,CH)
81.17.20.6	32	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	CH TO-S-2019-0515 Malware Activity
81.17.255.247	24	MLJ	None	2017-11-14 06:00:00	2020-04-17 00:00:00	None	SQL generic convert injection attempt - GET parameter (IP=247,IE) | updated by dbc with reason IE TO-S-2019-0604 Malicious Em
81.17.56.249	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	GB TO-S-2019-0626.01 Malware Activity
81.170.214.154	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	Illegal user - Failed Logons (IP=154,SE)
81.170.216.236	24	KF	None	2019-10-14 00:00:00	2020-01-12 00:00:00	None	Failed password_6 Hr Failed Logons (IP=236,SE)
81.170.22.132	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=132,GB)
81.171.21.182	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	NL TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason NL TO-S-2019-0864 Malware Activity
81.171.22.10	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	NL TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason NL TO-S-2019-0864 Malware Activity
81.171.22.16	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	NL TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason NL TO-S-2019-0864 Malware Activity
81.171.58.171	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	DE TO-S-2019-0734.01 Malicious Email Activity
81.171.6.101	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Illegal user - 6hr Logons (IP=101,NL)
81.171.8.134	24	CR	None	2020-01-02 00:00:00	2020-04-02 00:00:00	None	Malware Callback - Hive Case 1764 (IP=134,NL)
81.171.81.71	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	NL TO-S-2020-0187 Malware Activity
81.174.34.1	24	GM	None	2020-06-23 00:00:00	2020-08-23 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=1,CN)
81.174.8.105	24	RR	None	2017-11-10 06:00:00	2020-04-11 00:00:00	None	Illegal user (IP=105,IT) | updated by BMP Block was inactive. Reactivated on 20200112 with reason Illegal user - 6hr Logon (IP=105,IT)
81.177.124.86	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password (IP=86,RU)
81.177.135.251	32	BMP	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03515 (IP=251,RU)
81.177.139.160	24	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=160,RU)
81.177.139.211	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	HTTP: SQL Injection - Exploit II_Web attacks (IP=11,RU)
81.177.140.221	24	RB	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=221,RU)
81.177.141.71	24	RR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=71,RU)
81.177.165.21	24	CW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	HTTP: SQL Injection - Exploit II_Web attacks (IP=21,RU)
81.177.165.52	32	wmp	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=52,RU)
81.177.167.39	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=39,RU)
81.177.174.12	24	RR	None	2020-01-11 00:00:00	2020-04-11 00:00:00	None	Malicious Callback (IP=12,NL)
81.177.174.30	32	GM	None	2020-07-11 00:00:00	2020-10-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03433 (IP=30,RU)
81.177.180.201	24	RR	None	2020-08-13 00:00:00	2020-11-11 00:00:00	None	SQL use of sleep function with and - likely SQL injection - SourceFire (IP=201,RU)
81.177.49.3	32	RW	None	2020-06-29 00:00:00	2020-07-29 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03315 (IP=3,RU)
81.178.153.94	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=94,GB)
81.182.155.129	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt_SourceFire (IP=29,HU)
81.183.213.222	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=222,HU)
81.19.0.70	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CZ TO-S-2019-0952 Malicious Email Activity
81.19.104.15	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	DE TO-S-2019-0626.01 Malware Activity
81.19.104.18	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	DE TO-S-2019-0626.01 Malware Activity
81.19.210.149	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	GB TO-S-2019-0890.01 Malicious Email Activity
81.19.251.66	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=66,DK)
81.190.54.245	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=245,PL)
81.192.103.47	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=47,MA)
81.193.21.176	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=176,PT)
81.194.38.139	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=139,FR)
81.2.235.202	24	FT	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Web Attacks (IP=202,CZ)
81.203.85.140	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=140,ES)
81.21.19.179	24	BMP	None	2020-05-18 00:00:00	2020-08-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=179,IT)
81.213.157.86	24	GM	None	2020-08-30 00:00:00	2020-11-30 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=86,TR)
81.213.166.62	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=62,TR)
81.214.130.65	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Sourcefire (IP=65,TR)
81.214.244.223	24	BMP	None	2020-05-10 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - 6hr Web Attacks (IP=223,TR)
81.214.249.85	24	BMP	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=85,TR)
81.214.63.94	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=94,TR)
81.214.84.91	24	RW	None	2019-12-19 00:00:00	2020-03-19 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Sourcefire (IP=91,TR)
81.215.239.71	24	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	Authentication Failed-6 hr Failed Logons (IP=71,TR)
81.215.75.179	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=179,TR)
81.217.38.129	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=129,AS)
81.218.131.132	24	CW	None	2020-01-05 00:00:00	2020-04-05 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_SourceFire (IP=32,IS) | updated by CW Block expiration extended with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_SourceFire (IP=32,IS)
81.218.136.0	21	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
81.218.96.0	19	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	IL TO-S-2019-0610 Malware Activity
81.219.210.251	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt_12 hr web attacks (IP=251 PL)
81.22.44.0	22	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	RU TO-S-2020-0047 Malicious Email Activity
81.221.0.0	16	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	CH TO-S-2019-0532 Malicious Email Activity
81.224.225.237	24	KF	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1) - SourceFire (IP=237,SW)
81.225.146.224	24	GM	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=224,SE)
81.226.153.109	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=109,SE)
81.227.221.217	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	Illegal user - Failed Logons (IP=217,SE)
81.234.140.209	24	BMP	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SQL generic sql with comments injection attempt - GET parameter - SourceFire (IP=209,SE)
81.235.136.139	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	Authentication Failed_Failed Logon (IP=39,SE)
81.237.240.150	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=150,SW)
81.240.23.232	24	RR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	Authentication Failed - Failed Logons (IP=232,BE)
81.241.145.101	24	CR	None	2018-08-09 05:00:00	2020-01-17 00:00:00	None	Authentication Failed (IP=101,BE) | updated by RR with reason SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=159,BL)
81.241.207.133	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=133,BE)
81.241.9.28	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=28,BE)
81.242.85.222	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=222,BE)
81.245.124.12	24	GM	None	2020-09-06 00:00:00	2020-12-06 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=12,BE)
81.246.218.220	24	RW	None	2019-11-25 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=220,BE) | updated by RB Block expiration extended with reason Authentication Failed_6 hr Failed Logons (IP=220,BE)
81.247.170.88	24	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - WebAttacks (IP=88,BE)
81.249.131.18	24	RWB	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Failed password - Failed Logon (IP=,GB) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=18,FR)
81.249.181.33	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=33,FR)
81.252.136.89	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=89,FR)
81.26.171.98	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Generic ArcSight scan attempt (IP=98,DE)
81.29.134.62	32	jkc	None	2020-07-20 00:00:00	2020-10-21 00:00:00	None	hive case # 3387 CTO 20-199 Malicious IP (IP=62,RU)
81.29.177.53	32	RW	None	2020-04-06 00:00:00	2020-05-06 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Mirai Echobot Activity Detected - TT# 20C02445 (IP=53,IT)
81.4.106.78	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=78,NL)
81.4.111.114	24	KF	None	2018-12-29 06:00:00	2020-02-07 00:00:00	None	Failed password for invalid user (IP=114,NL) | updated by RB with reason Failed password_6 hr Failed Logons (IP=189,NL) | 2020-02-07 | 2019-03-29
81.42.250.190	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=190,ES)
81.45.143.17	24	RB	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_Sourcefire (IP=17,ES)
81.51.101.127	24	BP	None	2019-12-19 00:00:00	2020-03-18 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=127,FR)
81.53.125.117	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Authentication Failed_Failed Logon (IP=17,FR)
81.56.198.200	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	FR TO-S-2019-0571 Malicious Email Activity
81.68.110.82	24	RW	None	2020-07-26 00:00:00	2020-10-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=82,CN)
81.68.125.85	24	KF	None	2020-07-01 00:00:00	2020-09-29 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=85,CH)
81.68.128.153	32	BMP	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C04012 (IP=153,CN)
81.68.141.136	24	RW	None	2020-09-01 00:00:00	2020-12-01 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=136,CN)
81.68.70.8	24	KF	None	2020-06-22 00:00:00	2020-09-20 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=8,NL)
81.68.74.232	24	RB	None	2020-06-28 00:00:00	2020-09-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=232,CN)
81.7.11.155	32	BMP	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	Self-Report / Foregin IP block - TT# 20C03633 (IP=255,DE)
81.70.11.147	24	FT	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=147,CN)
81.70.13.188	24	RW	None	2020-09-08 00:00:00	2020-12-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=188,CN)
81.70.37.55	24	FT	None	2020-09-11 00:00:00	2020-12-11 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=55,CN)
81.82.209.252	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed_6 hr Failed Logons_CPC (IP=252,BE)
81.82.226.6	24	BMP	None	2020-05-03 00:00:00	2020-08-01 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=6,BE)
81.83.83.225	24	RB	None	2019-02-21 00:00:00	2020-01-18 00:00:00	None	Authentication Failed (IP=225 BE) | updated by GM with reason Illegal user - Failed Logons (IP=225,BE)
81.84.235.209	24	20200120	None	None	2020-01-20 00:00:00	None	Illegal user - Fail Logins (IP=209,PT) | updated by RWB Block was inactive. Reactivated on 20191022 with reason Illegal user - Fail Logins (IP=209,PT)
81.88.48.78	32	wmp	None	2020-08-26 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=78,IT) | updated by wmp Block expiration extended with reason HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=78,IT) | updated by wmp Block expiration extended with reason HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0
81.91.86.14	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	CZ TO-S-2019-0468 Malicious Email Activity
81.92.201.98	24	RR	None	2020-01-03 00:00:00	2020-04-02 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt - SourceFire (IP=98,GB)
81.92.202.187	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	GB TO-S-2020-0187 Malicious Email Activity
81.92.202.206	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	GB TO-S-2019-0468 Malware Activity
81.93.64.36	24	GM	None	2019-11-19 00:00:00	2020-02-19 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=36,CN)
81.94.192.10	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	GB TO-S-2019-0604 Malware Activity
81.94.192.147	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	GB TO-S-2019-0604 Malware Activity
81.94.192.167	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	GB TO-S-2019-0488 Malicious Web Application Activity
81.95.206.182	14	saj	None	2014-06-20 05:00:00	2020-04-22 00:00:00	None	ET SCAN Potential SSH Scan (ip=182, PL) | updated by tjh with reason DE TO-S-2016-0043 | updated by dbc with reason DE TO-S-
82.100.220.38	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=38,DE)
82.102.149.69	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=69,IS)
82.102.17.156	32	GM	None	2019-03-19 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent 19C01490 (IP=156,US) | updated by dbc with reason ES TO-S-2019-0546 Malware Activity
82.102.20.183	24	GM	None	2019-03-14 00:00:00	2020-09-02 00:00:00	None	Phish.URL (IP=183,DK) | updated by dbc with reason DK TO-S-2019-0952 Malware Activity
82.102.21.98	24	GM	None	2019-03-14 00:00:00	2020-02-09 00:00:00	None	Phish.URL (IP=98,IT) | updated by KF with reason Immediate Inbound Network Block - TT# 20C00951 (IP=211,US)
82.102.24.131	24	RW	None	2020-05-31 00:00:00	2020-08-31 00:00:00	None	HTTP: PHP phar 404 page Reflected Cross-Site Scripting Vulnerability (CVE-2018-5712) - 6hr web attacks (IP=131,CH)
82.102.27.117	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt _SourceFire (IP=117,NO)
82.102.9.49	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	GB TO-S-2019-1036 Malware Activity
82.109.157.130	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Sourcefire (IP=130,UK)
82.112.51.73	24	CR	None	2020-05-15 00:00:00	2020-08-15 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=73,RU)
82.114.160.0	19	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	YE TO-S-2020-0056 Malicious Web Application Activity
82.117.190.170	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=170,RU)
82.118.242.171	32	JKC	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	Hive Case # 3386 Malicious Callback CTO-20-0198 (Ip=171,BG)
82.124.137.199	24	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	SQL union select - possible sql injection attempt - POST parameter - Web Attacks (IP=199,FR)
82.127.90.90	24	GM	None	2018-06-15 05:00:00	2020-05-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=90,FR) | updated by GM Block was inactive. Reactivated on 20200301 with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=90,
82.130.160.239	24	RR	None	2020-01-20 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=239,ES) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=239,ES)
82.131.202.238	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=238,HU)
82.131.25.190	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=190,EE)
82.145.106.154	24	RR	None	2018-09-02 05:00:00	2020-05-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=154,IT) | updated by KF Block was inactive. Reactivated on 20200302 with reason Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C01922 (IP=154,IT)
82.145.40.63	24	ged	None	2015-09-24 05:00:00	2020-07-05 00:00:00	None	ET SCAN Potential SSH Scan (IP=63, GB) | updated by jky with reason GB TO-S-2018-0342 Malware activity | updated by dbc with reason GB TO-S-2019-0800 Malicious Email Activity
82.146.37.57	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=57,LU)
82.146.39.47	24	KF	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=47,RU)
82.146.54.0	23	dbc	None	2019-12-17 00:00:00	2020-12-26 00:00:00	None	RU TO-S-2020-0187 Malicious Email Activity | updated by dbc Block expiration extended with reason RU TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason RU TO-S-2020-0212.01 Malicious Email Activity
82.147.220.206	24	RB	None	2019-03-21 00:00:00	2020-01-02 00:00:00	None	APP-DETECT failed FTP login attempt (IP=206,SA) | updated by KF Block was inactive. Reactivated on 20191004 with reason APP-DETECT failed FTP login attempt (1:13360:7)_SourceFire (IP=206,SA)
82.155.24.230	24	RB	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=230,PT)
82.159.138.57	24	KF	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=57,ES)
82.163.176.82	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=82,GB)
82.163.73.232	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	GB TO-S-2019-0546 Malicious Email Activity
82.165.103.147	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=147,DE)
82.165.156.52	24	jkc	None	2016-06-17 05:00:00	2020-05-06 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=52, DE) | updated by jkc with reason ET SCAN Sipvicious User-Age | updated by dbc with reason DE TO-S-2019-0640.01 Malicious Email Activity
82.165.158.127	24	RW	None	2020-03-03 00:00:00	2020-06-03 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt - 6hr web attacks (IP=127,DE)
82.165.160.141	24	FT	None	2020-09-25 00:00:00	2020-12-24 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=141,DE)
82.165.164.196	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	DE TO-S-2019-1036 Malicious Email Activity
82.165.166.183	24	RR	None	2018-01-12 06:00:00	2020-03-29 00:00:00	None	ET SCAN Potential SSH Scan (IP=183,DE) | updated by dbc with reason DE TO-S-2019-0551.02 Malicious Email Activity
82.165.202.199	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt_Web attacks (IP=99,DE)
82.165.203.225	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=225,DE)
82.165.23.203	24	RR	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=203,DE)
82.165.247.162	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=162,DE)
82.165.251.85	24	GM	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=85,DE)
82.165.35.17	24	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - Failed Logons (IP=17,DE)
82.165.77.177	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	DE TO-S-2019-0546 Malicious Email Activity
82.165.80.177	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=177,DE)
82.165.81.198	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	DE TO-S-2019-0952 Malware Activity
82.165.86.37	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	DE TO-S-2019-0952 Malware Activity
82.177.38.182	24	RR	None	2020-09-19 00:00:00	2020-12-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=182,PL)
82.177.87.98	32	dbc	None	2020-06-30 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=98,PL) | updated by wmp Block expiration extended with reason HIVE Case #3708 TO-S-2020-0766 (IP=98,PL)
82.178.124.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	OM TO-S-2019-0626.01 Malware Activity
82.178.48.6	24	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=6,OM)
82.185.129.97	24	RB	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt_6 hr web attacks (IP=97 IT)
82.185.94.187	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=87,IT)
82.189.198.34	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=34,IT)
82.191.134.50	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt_Web attacks (IP=50,IT)
82.192.65.9	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	NL TO-S-2019-0551.02 Malicious Email Activity
82.192.84.158	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	NL TO-S-2019-0631 Malicious Email Activity
82.194.49.176	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=176,BH)
82.194.70.22	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	ES TO-S-2019-0852 Malicious Email Activity
82.194.91.155	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	ES TO-S-2019-0631 Malicious Email Activity
82.196.25.0	24	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	DZ TO-S-2019-0532 Malicious Email Activity
82.196.25.96	32	wmp	None	2020-08-17 00:00:00	2020-11-15 00:00:00	None	HIVE Case #3560 COLS-NA-TIP-20-0259 (IP=96,DZ)
82.196.4.66	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Failed password for invalid user - Failed Logons (IP=66,NL)
82.196.8.210	24	EDBT	None	2018-02-12 06:00:00	2020-04-26 00:00:00	None	ET SCAN Potential SSH Scan (IP=210,NL) | updated by dbc with reason NL TO-S-2019-0626.01 Malware Activity
82.196.9.10	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	NL TO-S-2019-0358 Malicious Web Application Activity
82.200.128.0	17	jky	None	2017-05-25 05:00:00	2020-03-07 00:00:00	None	KZ TO-S-2017-1092 Malicious activity | updated by RR with reason Illegal user (IP=71,KZ) | updated by RR with reason Failed | updated by GM with reason Invalid user - Failed Logons (IP=226,KZ)
82.200.65.218	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=218,RU)
82.202.249.168	24	KF	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (1:13990:26) - SourceFire (IP=168,RU)
82.202.249.168	24	KF	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=168,RU)
82.202.99.241	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	CZ TO-S-2019-1002 Malware Activity
82.209.128.0	18	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	SE TO-S-2019-0864 Malicious Email Activity
82.211.31.146	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	DE TO-S-2019-0546 Malicious Email Activity
82.212.64.0	18	dbc	None	2018-09-20 05:00:00	2020-04-17 00:00:00	None	JO TO-S-2018-1158 Malicious Reconnaissance Activity | updated by dcg with reason JO TO-S-2018-1204 Indicator associated with m | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=1,JO)
82.212.88.24	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=24,JO)
82.213.199.126	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=126,ES)
82.213.250.168	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Authentication Failed_6 Hr Failed Logons (IP=168,ES)
82.217.67.240	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Failed password - Failed Logons (IP=240,NL)
82.218.173.156	24	RB	None	2019-06-26 00:00:00	2020-01-26 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=156 AT) | updated by RR with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=156,AT )
82.218.34.146	24	GM	None	2020-06-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=146,AT)
82.221.105.223	24	dlb	None	2014-03-05 06:00:00	2020-01-02 00:00:00	None	SSH Scans (ip=223,IS) | updated by ged with reason ET POLICY Suspicious inbound to PostgreSQL port 5432 (IP=6, IS) | updated | updated by RB with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=6,IS) | 2020
82.221.105.6	32	RW	None	2020-09-18 00:00:00	2020-12-17 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution
82.221.105.6	32	tpr	None	2014-02-07 06:00:00	2020-11-05 00:00:00	None	PostgreSQL scans (ip=6, IS) | updated by RB Block was inactive. Reactivated on 20200805 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) TT# 20C03639 (IP=6,IS)
82.221.128.206	24	sym	None	2014-08-15 05:00:00	2020-02-14 00:00:00	None	TCP Port Sweep (ip=206,IS) | updated by dbc with reason IS TO-S-2019-0400 Malware Activity
82.223.100.175	24	FT	None	2020-09-01 00:00:00	2020-12-01 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Sourcefire (IP=175,ES)
82.223.101.51	24	RW	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=51,ES)
82.223.102.131	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (IP=131,ES)
82.223.102.162	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=162,ES)
82.223.16.182	24	RR	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Illegal user - Failed Logons (IP=182,ES)
82.223.2.120	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	ES TO-S-2019-0571 Malicious Email Activity
82.223.49.182	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	ES TO-S-2019-0604 Malicious Email Activity
82.224.149.137	24	RWB	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	Authentication Failed - Failed Logon (IP=137,FR)
82.23.77.149	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C00104 (IP=149,GB)
82.236.187.134	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	Authentication Failed_Failed Logon
82.237.6.67	24	GM	None	2019-12-07 00:00:00	2020-03-07 00:00:00	None	Invalid user - Failed Logons (IP=67,FR)
82.243.236.16	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C00116 (IP=16,FR)
82.246.200.213	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Illegal user_Failed Logon (IP=13,FR)
82.246.201.162	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=162,FR)
82.247.200.185	24	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	Authentication Failed - Failed Logons (IP=185,FR)
82.251.93.133	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Authentication Failed - Failed Logons (IP=133,FR)
82.252.134.244	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	Authentication Failed (IP=244,FR)
82.253.156.136	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	FR TO-S-2019-0468 Malicious Email Activity
82.253.95.209	32	dbc	None	2019-01-15 06:00:00	2020-01-15 06:00:00	None	FR TO-S-2019-0321 Malware Activity
82.254.1.19	24	RWB	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Authentication Failed - Failed Logon (IP=19,FR)
82.254.198.27	24	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=27,FR)
82.28.250.184	32	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent - TT# 20C00042 (IP=184,US)
82.31.84.198	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=198,GB)
82.43.40.191	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=191,GB)
82.48.199.76	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=76,IT)
82.50.130.190	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=190,IT)
82.54.242.218	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt_Web attacks (IP=18,IT)
82.55.110.242	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=242,IT)
82.55.253.237	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=237,IT)
82.56.178.217	24	EDBT	None	2017-11-20 06:00:00	2020-02-20 00:00:00	None	ET SCAN Potential SSH Scan (IP=217,IT) | updated by RR with reason SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=181,IT)
82.62.153.15	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=15,IT)
82.62.171.201	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=201,IT)
82.62.67.4	24	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=4,IT)
82.64.138.80	24	GM	None	2019-10-21 00:00:00	2020-05-15 00:00:00	None	Illegal user - Failed Logons (IP=80,FR) | updated by GM Block was inactive. Reactivated on 20200127 with reason Illegal user - Failed Logons (IP=80,FR) | updated by KF Block expiration extended with reason Authentication Failed - 6 Hr Failed Logons (I
82.64.15.106	24	EDBT	None	2017-12-12 06:00:00	2020-04-30 00:00:00	None	ET SCAN Potential SSH Scan (IP=106,FR) | updated by RW with reason Authentication Failed - 6 hr failed logon (IP=106,FR) | updated by RW Block was inactive. Reactivated on 20200130 with reason Authentication Failed - 6hr Failed Logon(IP=106,FR)
82.64.154.149	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC SSH Brute Force Login Attempt (IP=149,FR)
82.64.248.151	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Failed password - Failed Logons (IP=151,FR)
82.64.25.207	24	GLM	None	2018-12-16 06:00:00	2020-01-19 00:00:00	None	Illegal user (IP=207,FR) | updated by KF with reason Authentication Failed_6 Hr Failed Logons (IP=207,FR)
82.64.33.251	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	Authentication Failed_6 hr Failed Logon (IP=251,FR)
82.64.54.30	24	DT	None	2020-06-07 00:00:00	2020-09-05 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks - (IP=30,FR)
82.64.83.141	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Authentication Failed - 6hr Logons (IP=141,FR)
82.76.16.64	24	BMP	None	2019-12-25 00:00:00	2020-03-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=64,RO)
82.81.138.242	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	IL TO-S-2019-0351 Malware Activity
82.81.67.180	24	EDBT	None	2017-12-18 06:00:00	2020-02-15 00:00:00	None	TELNET: Root Login with Wrong Password (IP=180,IL) | updated by RB with reason SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_6 hr web attacks (IP=188,IL) | 2020-02-15 | 2018-03-18
82.82.144.49	24	CR	None	2019-10-14 00:00:00	2020-01-14 00:00:00	None	Authentication Failed_6 hr Failed Logon (IP=49,DE)
82.83.46.161	24	CR	None	2020-01-01 00:00:00	2020-04-01 00:00:00	None	Authentication Failed - 6 hr Failed Logon (IP=161,DE)
82.84.11.92	24	BMP	None	2020-05-02 00:00:00	2020-07-31 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=92,IT)
82.96.101.120	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=120,DE)
82.96.32.219	24	GM	None	2020-03-08 00:00:00	2020-06-08 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=219,SE)
82.98.151.210	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	ES TO-S-2019-1036 Malicious Email Activity
83.103.128.0	17	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	RO TO-S-2019-0972 Malicious Email Activity
83.103.98.211	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=211,IT)
83.110.104.31	24	RW	None	2020-04-11 00:00:00	2020-07-11 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - 6hr web attacks (IP=31,AE)
83.110.105.169	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=169,AE)
83.110.147.248	24	RB	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_6 hr web attacks (IP=248,AE)
83.110.148.227	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=227,HK)
83.110.193.5	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=5,AE)
83.110.234.32	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=32,AE)
83.110.240.224	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=224,AE)
83.110.75.149	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=149,AE)
83.110.78.176	24	RR	None	2020-01-20 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=176,AE) | updated by KF Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=176,AE)
83.110.9.93	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=93,AE)
83.12.107.106	24	YM	None	2017-10-23 05:00:00	2020-04-08 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt (IP=106,PL) | updated by RR with reason Illegal user - 6 hr Failed Logons (IP=,PL) | updated by RR with reason Illegal user - Failed Logons (IP=106,PL)
83.120.0.0	14	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	IR TO-S-2019-0430 Malware Activity
83.13.209.154	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logons (IP=154,PL)
83.134.112.93	24	GM	None	2020-08-29 00:00:00	2020-11-29 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=93,BE)
83.135.158.200	24	KF	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=200,DE)
83.135.238.0	24	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - Failed Logons (IP=0,DE)
83.137.54.219	24	GM	None	2020-06-18 00:00:00	2020-08-18 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=219,RU)
83.138.201.84	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=84,ES)
83.138.65.162	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	DE TO-S-2020-0065 Malicious Email Activity
83.138.8.106	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	IE TO-S-2019-0468 Malicious Email Activity
83.138.87.154	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	DE TO-S-2019-0420 Malicious Email Activity
83.139.194.225	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	IT TO-S-2020-0031 Malicious Email Activity
83.14.224.41	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=41,PL)
83.140.0.0	16	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	SE TO-S-2019-0816 Malicious Email Activity
83.142.110.41	24	KF	None	2019-01-11 06:00:00	2020-01-19 00:00:00	None	Illegal user (IP=41,UA ) | updated by RR with reason Illegal user - Failed Logons (IP=41,UA )
83.143.132.2	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	PL TO-S-2019-0351 Malware Activity
83.143.133.67	24	GM	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=67,PL)
83.147.202.195	24	RB	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	Custom-Encrypted Uploads (IP=195,IR)
83.149.0.0	18	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
83.149.119.157	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	NL TO-S-2019-0488 Malware Activity
83.150.212.163	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	TR TO-S-2019-0577 Malicious Email Activity
83.166.166.18	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	GB TO-S-2020-0088 Malware Activity
83.17.109.6	24	CR	None	2019-10-14 00:00:00	2020-01-14 00:00:00	None	Illegal user_6 hr Failed Logon (IP=6,PL)
83.171.238.62	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	DE TO-S-2019-0890.01 Malicious Email Activity
83.175.213.250	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password_Faield Logon (IP=50,ES)
83.191.179.153	24	KF	None	2020-03-16 00:00:00	2020-06-14 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02150 (IP=153,SE)
83.191.180.44	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C01901 (IP=44,SE)
83.196.102.60	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=60,FR)
83.196.222.116	24	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=116,FR)
83.196.98.136	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
83.202.217.107	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	FR TO-S-2019-0972 Malware Activity
83.209.219.129	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=129,SE)
83.211.162.82	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=82,IT)
83.211.174.38	24	RB	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	Failed password_6 hr Failed Logons (IP=38,IT)
83.211.61.49	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	IT TO-S-2019-0952 Malware Activity
83.212.105.80	24	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - Failed Logons (IP=80,GR)
83.212.135.95	24	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	Authentication Failed - Failed Logons (IP=95,GR)
83.212.32.225	24	djs	None	2015-09-18 05:00:00	2020-01-11 00:00:00	None	Rapid POP3 Connections - Brute Force Attack (ip=225,GR) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=225 GR) | 2020-01-11 | 2015-12-18
83.212.74.22	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	GR TO-S-2019-0723 Malicious Email Activity
83.217.10.0	24	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	RU TO-S-2019-0816 Malicious Email Activity
83.217.74.242	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	BE TO-S-2020-0031 Malicious Email Activity
83.220.170.241	24	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	Illegal user (IP=241,RU)
83.221.192.0	19	jky	None	2017-08-17 05:00:00	2020-04-19 00:00:00	None	RU TO-S-2017-1441 Web application activity | updated by RR with reason INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=121,RU)
83.221.220.121	32	RR	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03898 (IP=121,RU)
83.221.222.209	32	RW	None	2020-06-10 00:00:00	2020-07-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03127 (IP=209,RU)
83.221.6.199	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=199,RU)
83.222.124.62	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
83.222.240.60	24	RR	None	2018-12-18 06:00:00	2020-05-10 00:00:00	None	Failed password for invalid user (IP=60,GB) | updated by dbc with reason GB TO-S-2019-0658 Malware Activity
83.223.106.11	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	GB TO-S-2019-0409 Malware Activity
83.223.109.51	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	GB TO-S-2019-0409 Malware Activity
83.226.26.33	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Sourcefire (IP=33,SE)
83.228.102.153	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	BG TO-S-2019-0409 Malicious Email Activity
83.239.90.50	32	RW	None	2020-06-24 00:00:00	2020-07-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03272 (IP=50,RU)
83.240.186.238	32	RR	None	2019-03-27 00:00:00	2020-09-02 00:00:00	None	Known Attack Tool User Agent - TT# 19C01812 (IP=238,PT) | updated by dbc with reason PT TO-S-2019-0952 Malware Activity
83.242.75.100	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=100,PL)
83.244.91.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	PS TO-S-2019-0626.01 Malware Activity
83.249.124.143	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=143,SE)
83.249.75.214	24	BMP	None	2020-03-10 00:00:00	2020-06-08 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=214,SE)
83.252.9.38	24	BMP	None	2020-03-10 00:00:00	2020-06-08 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02107 (IP=38,SE) | updated by BMP Block expiration extended with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - 6hr Web Attacks (IP=38,SE)
83.253.119.211	24	KF	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C01847 (IP=211,SE)
83.254.147.235	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=235,SE)
83.27.42.163	24	20200120	None	None	2020-01-20 00:00:00	None	Authentication Failed - Fail Logins (IP=163,PL) | updated by RWB Block was inactive. Reactivated on 20191022 with reason Authentication Failed - Fail Logins (IP=163,PL)
83.29.180.97	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	PL TO-S-2019-1036 Malicious Email Activity
83.31.75.229	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=229,PL) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
83.33.168.196	32	CR	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02384 (IP=196,ES)
83.35.79.240	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=240,ES)
83.39.125.147	24	RW	None	2020-04-08 00:00:00	2020-04-08 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=147,ES) | not blocked: This is a signature for home routers.
83.39.125.194	32	RW	None	2020-04-03 00:00:00	2020-05-03 00:00:00	None	Known Attack Tool User Agent - TT# 20C02342 (IP=194,ES)
83.39.126.104	24	ABC	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	Command Injection- ARCSight Sauron (IP=104,ES)
83.46.113.63	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=63,ES)
83.48.101.184	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Invalid user - Failed Logon (IP=184,ES)
83.48.7.134	24	RB	None	2020-07-20 00:00:00	2020-10-18 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=134,ES)
83.50.56.116	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	UDP: Host Sweep (IP=116,ES)
83.6.231.78	24	RB	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=78,PL)
83.64.250.246	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	AT TO-S-2019-0468 Malicious Email Activity
83.66.123.87	24	CW	None	2020-01-28 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=87,TR) | updated by RB Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=87,TR) | updated by KF
83.68.237.104	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=104,SE)
83.69.74.146	24	KF	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Generic ArcSight scan attempt (IP=146,RU)
83.84.129.250	24	RB	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=250,NL)
83.84.163.60	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=60,NL)
83.94.206.4	24	RR	None	2018-12-21 06:00:00	2020-01-15 00:00:00	None	Illegal user (IP=4,DK) | updated by GM with reason Illegal user - Failed Logons (IP=60,DK)
83.97.20.251	24	RB	None	2020-02-27 00:00:00	2020-05-27 00:00:00	None	PROTOCOL-DNS
83.97.20.251	24	RB	None	2020-02-27 00:00:00	2020-05-27 00:00:00	None	PROTOCOL-DNS
83.97.20.251	24	RB	None	2020-02-27 00:00:00	2020-05-27 00:00:00	None	PROTOCOL-DNS
83.97.228.225	24	KF	None	2020-01-20 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=225,ES) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=225,ES)
83.98.243.180	24	BMP	None	2020-04-26 00:00:00	2020-07-25 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=180,NL)
84.1.251.219	24	DT	None	2020-09-09 00:00:00	2020-12-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=219,HU)
84.10.55.210	24	MWH	None	2016-12-05 06:00:00	2020-02-18 00:00:00	None	ET CINS Active Threat Intelligence Poor Reputation IP & Misc Web Attack (IP=210) | updated by dcg with reason PL TO-S-2018-120 | updated by RR with reason Invalid user - Failed Logons (IP=147,PL)
84.101.59.202	24	CW	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Authentication Failed_Failed Logon (IP=2,FR)
84.101.76.219	24	RR	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	Authentication Failed - Failed Logons (IP=219,FR)
84.108.12.0	23	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
84.108.184.0	22	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
84.108.25.20	24	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=20,IL)
84.110.47.54	24	RR	None	2020-08-22 00:00:00	2020-11-21 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt (1:54794:2) - SourceFire (IP=54,IS) | updated by RB Block expiration extended with reason SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=54,IL)
84.114.222.100	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,AU)
84.115.157.227	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=227,AT)
84.130.97.21	24	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	Authentication Failed - Failed Logons (IP=21,DE)
84.137.18.24	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=24,DE)
84.15.154.131	24	BMP	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	Authentication Failed - 6hr Logon (IP=131,LT)
84.16.224.30	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	DE TO-S-2019-0852 Malware Activity
84.16.234.135	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	Unauthorized Scanning (IP=135,DE)
84.16.242.231	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	DE TO-S-2019-0430 Malware Activity
84.16.248.155	32	GM	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	Known Attack Tool User Agent V2 - T# 20C03483 (IP=155,DE)
84.162.124.161	24	KF	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	Authentication Failed (IP=161,DE)
84.17.49.113	32	CR	None	2019-12-04 00:00:00	2020-01-04 00:00:00	None	Self Report / HTTP Request Attack - TT# 20C01082 (IP=113,US)
84.171.165.32	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=32,DE)
84.18.40.202	32	RB	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C01817 (IP=202,JO)
84.180.253.180	24	CR	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	Authentication Failed_6 hr failed logon (IP=180,DE)
84.184.84.244	24	RR	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	Authentication Failed - Failed Logons (IP=244,DE)
84.184.90.54	24	RR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	Authentication Failed - Failed Logons (IP=54,DE)
84.194.203.119	24	RR	None	2019-05-28 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6 hr Failed Logons (IP=119,BE) | updated by RW Block was inactive. Reactivated on 20191127 with reason Authentication Failed - 6hr Failed Logon(IP=119,BE)
84.195.206.203	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=203,BE)
84.196.217.100	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=100,BE)
84.196.70.84	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	Failed password_Failed Logon (IP=84,BE)
84.197.224.169	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - Failed Logons (IP=169,BE)
84.197.253.234	24	GM	None	2020-02-11 00:00:00	2020-05-11 00:00:00	None	Authentication Failed - Failed Logons (IP=234,BE)
84.199.226.2	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	BE TO-S-2019-0747 Malware Activity
84.2.104.97	24	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=97,HU)
84.2.158.83	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - SourceFire (IP=83,HU)
84.201.139.207	24	RR	None	2020-09-29 00:00:00	2020-12-28 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - SourceFire (IP=207,RU)
84.201.162.151	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=151,RU)
84.205.254.49	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	GR TO-S-2019-0734.01 Malicious Email Activity
84.208.62.38	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=38,NO)
84.22.61.218	24	ABC	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	TCP: SYN Host Sweep (IP=218,RS)
84.228.225.7	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=7,IL)
84.228.42.10	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=10,IL)
84.23.39.77	24	KF	None	2020-04-22 00:00:00	2020-07-21 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=77,RU)
84.234.54.244	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Attempted User Privilege Gain - OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=244,MD)
84.234.96.17	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=17,RO)
84.236.96.104	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	HU TO-S-2019-0613 Malware Activity
84.237.87.19	24	RR	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Illegal user - Failed Logons (IP=19,RU)
84.238.50.127	24	KF	None	2020-03-19 00:00:00	2020-06-17 00:00:00	None	Known Attack Tool User Agent/ BOT:
84.239.11.18	24	MLJ	None	2017-08-04 05:00:00	2020-02-04 00:00:00	None	ET SCAN Potential SSH Scan (IP=18,RO) | updated by RW with reason Authentication Failed - 6hr Failed Logon(IP=7,TW)
84.244.0.0	19	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	RU TO-S-2019-0468 Malicious Web Application Activity
84.244.181.203	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	NL TO-S-2019-0608 Malicious Email Activity
84.244.181.221	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	NL TO-S-2019-0658 Malware Activity
84.245.12.205	24	KF	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=205,NL)
84.249.129.124	24	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	Illegal user - Failed Logons (IP=124,FI)
84.252.150.65	24	GM	None	2020-07-11 00:00:00	2020-10-11 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=65,RU)
84.255.156.57	24	CW	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_SourceFire (IP=57,BH)
84.33.119.193	24	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=193,IT)
84.38.130.0	23	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	IR TO-S-2020-0031 Malicious Email Activity
84.38.130.163	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	NL TO-S-2020-0012 Malicious Email Activity
84.38.134.0	24	dbc	None	2018-09-14 05:00:00	2020-02-04 00:00:00	None	NL TO-S-2018-1141 Malware Activity | updated by kmw with reason PA TO-S-2019-0382 Malicious Email Activity
84.39.112.58	24	RW	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) - Sourcefire (IP=58,CH)
84.39.112.58	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-ORACLE Oracle WebLogic Server remote code execution attempt - SourceFire (IP=58,CH)
84.39.240.0	20	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,RU)
84.42.47.158	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
84.47.162.50	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	RU TO-S-2019-0351 Malware Activity
84.47.168.0	21	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,RU)
84.48.218.190	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=190,NO)
84.48.235.163	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - Web Attacks (IP=163,NO)
84.49.242.125	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	NO TO-S-2019-0604 Malware Activity
84.5.120.175	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=175,FR)
84.50.172.252	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=252,EE)
84.52.81.146	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=146,RU)
84.54.192.0	18	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	RU TO-S-2019-0351 Malware Activity
84.54.37.69	24	RB	None	2019-03-10 00:00:00	2020-07-05 00:00:00	None	"INDICATOR-SCAN SSH brute force login attempt" (IP=69,RU) | updated by dbc with reason NL TO-S-2019-0800 Malicious Email Activity
84.55.124.76	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	SE TO-S-2019-0409 Malicious Email Activity
84.81.40.21	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - Failed Logons (IP=21,NL)
84.82.103.39	24	BMP	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed - 6hr Logon (IP=39,NL)
84.87.142.202	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=202,NL)
84.88.176.7	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	Illegal user - Failed Logons (IP=7,ES)
84.92.39.93	24	GLM	None	2018-07-03 05:00:00	2020-05-13 00:00:00	None	Authentication Failed (IP=93,GB) | updated by KF Block was inactive. Reactivated on 20200213 with reason INDICATOR-SCAN SSH brute force login attempt - 12 Hour ET Scan (IP=93,GB)
84.93.153.9	24	RR	None	2018-12-06 06:00:00	2020-04-25 00:00:00	None	Illegal user (IP=9,GB) | updated by RW Block was inactive. Reactivated on 20200118 with reason Authentication Failed - 6hr Failed Logon(IP=9,UK) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=9,UK)
85.10.195.227	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	HTTP: Blind SQL Injection - Timing(IP=227,DE)
85.10.206.50	24	RR	None	2020-07-14 00:00:00	2020-10-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=50,DE)
85.10.215.142	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	DE TO-S-2019-0363.01 Malicious Web Application Activity
85.102.92.87	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Authentication Failed - Failed Logons (IP=87,TR)
85.103.2.118	24	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=118,TR)
85.103.78.201	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=201,TR)
85.104.24.124	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=124,TR)
85.105.23.141	24	ged	None	2016-04-19 05:00:00	2020-10-04 00:00:00	None	APP-DETECT failed FTP login attempt (IP=141, TR) | updated by GM Block was inactive. Reactivated on 20200704 with reason SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=141,TR)
85.105.234.83	24	RR	None	2017-11-14 06:00:00	2020-04-16 00:00:00	None	Severe network attack (IP=83,TR) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=204,TR)
85.105.72.108	24	RW	None	2020-01-09 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=108,TR)
85.105.83.94	24	GM	None	2020-07-05 00:00:00	2020-10-05 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=94,TR)
85.105.87.39	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=39,TR)
85.106.108.241	24	KF	None	2020-06-12 00:00:00	2020-09-10 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=241,TU)
85.106.5.108	24	KF	None	2020-04-21 00:00:00	2020-07-20 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=108,TR)
85.107.64.127	24	GM	None	2020-01-08 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=127,TR)
85.108.142.36	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=36,TR)
85.108.150.49	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=49,TR)
85.108.152.12	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=12,TR)
85.108.164.155	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=155,TR)
85.108.167.208	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=208,TR)
85.108.171.221	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=21,TR)
85.11.48.196	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=196,SE)
85.110.23.93	24	RW	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr web attacks (IP=93,TR)
85.113.210.58	24	KF	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Failed password_6 Hr Failed Logons (IP=58,RU) | updated by RW with reason Authentication Failed - 6hr Failed Logon(IP=58,RU)
85.113.41.207	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=207,GB)
85.118.128.33	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	CZ TO-S-2019-0626.01 Malicious Email Activity
85.118.200.0	21	dcg	None	2018-07-06 05:00:00	2020-01-31 00:00:00	None	SE TO-S-2018-0911 associated with Malware Activity | updated by RR with reason Generic ArcSight scan attempt (IP=172,SE)
85.128.160.41	32	dbc	None	2019-02-20 00:00:00	2020-02-21 00:00:00	None	PL TO-S-2019-0420 Malicious Email Activity | updated by dbc with reason PL TO-S-2019-0430 Malware Activity
85.128.219.175	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	PL TO-S-2019-0420 Malicious Email Activity
85.128.233.89	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	PL TO-S-2019-0747 Malicious Email Activity
85.13.154.240	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	DE TO-S-2019-0546 Malicious Email Activity
85.132.71.76	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=76,AZ)
85.14.245.86	24	CR	None	2019-06-19 00:00:00	2020-01-06 00:00:00	None	Trojan.Ursnif - FireEye Web (IP=86,DE) | updated by RR with reason OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=156,DE)
85.143.213.109	24	RR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=109,RU)
85.15.75.66	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=66 RU)
85.152.24.21	24	RB	None	2020-06-28 00:00:00	2020-09-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=21,ES)
85.154.198.87	24	RW	None	2019-12-31 00:00:00	2020-03-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=87,OM)
85.158.203.20	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	NL TO-S-2019-0468 Malware Activity
85.159.212.18	24	CR	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=18,GB)
85.16.100.54	24	RR	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt- ARCSight Sauron (IP=54,DE)
85.16.209.211	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Illegal user - Failed Logons (IP=211,DE)
85.16.52.184	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=184,DE)
85.16.53.232	24	GM	None	2020-06-10 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=232,DE)
85.167.72.163	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=163,NO)
85.17.194.221	24	GM	None	2020-06-18 00:00:00	2020-08-18 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=221,NL)
85.172.54.164	24	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=164,RU)
85.174.251.64	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=64,RU)
85.175.227.126	24	RB	None	2020-06-28 00:00:00	2020-09-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=126,RU)
85.175.99.230	24	RW	None	2020-05-31 00:00:00	2020-09-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=230,RU) | updated by RW Block expiration extended with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=230,RU)
85.183.82.223	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	DE TO-S-2019-0382 Malicious Email Activity
85.185.0.0	16	dlb	None	2018-08-31 05:00:00	2020-02-13 00:00:00	None	IR TO-S-2018-1080 malware activity | updated by GM with reason Invalid user - Failed Logons (IP=98,IR)
85.192.35.167	24	CR	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Failed password 6 hr Failed Logon (IP=167,RU)
85.193.126.5	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=5,RU)
85.195.52.41	24	BMP	None	2019-12-22 00:00:00	2020-03-21 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=41,SE)
85.196.134.54	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=54,BG)
85.203.118.119	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	FR TO-S-2019-0890.01 Malware Activity
85.203.15.88	24	GM	None	2020-03-21 00:00:00	2020-06-21 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=88,DE)
85.203.20.74	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=74,US)
85.206.56.0	22	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	LT TO-S-2019-0608 Malware Activity
85.208.213.9	24	RR	None	2019-10-08 00:00:00	2020-01-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=9,SA)
85.208.72.227	24	GM	None	2019-12-24 00:00:00	2020-03-24 00:00:00	None	Illegal user - Failed Logons (IP=227,DE)
85.209.0.2	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=2,RU)
85.209.162.216	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	NL TO-S-2019-0734.01 Malicious Email Activity
85.209.162.217	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	NL TO-S-2019-0734.01 Malicious Email Activity
85.211.76.174	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Authentication Failed - Failed Logons (IP=174,GB)
85.214.109.227	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	DE TO-S-2019-0409 Malicious Email Activity
85.214.16.89	24	RR	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=89,DE)
85.214.166.155	24	FT	None	2020-09-19 00:00:00	2020-12-18 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - Web Attacks (IP=155,DE)
85.214.24.196	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	DE TO-S-2019-0409 Malware Activity
85.214.243.170	24	RB	None	2018-04-08 05:00:00	2020-02-08 00:00:00	None	ET SCAN Potential SSH Scan (IP=170,DE) | updated by RB with reason Generic ArcSight scan attempt (IP=191,DE) | 2020-02-08 | 2018-07-07
85.214.36.244	24	GM	None	2019-10-01 00:00:00	2020-01-01 00:00:00	None	Illegal user - Failed logons (IP=244,DE)
85.217.170.55	24	YM	None	2017-12-25 06:00:00	2020-09-02 00:00:00	None	ET SCAN Potential SSH Scan (IP=55,BG) | updated by dbc with reason BG TO-S-2019-0444 Malicious Email Activity | updated by dbc with reason CY TO-S-2019-0952 Malicious Email Activity
85.217.171.102	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	BG TO-S-2020-0031 Malicious Web Application Activity
85.223.128.0	17	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	UA TO-S-2019-0409 Malicious Email Activity
85.226.164.219	24	RR	None	2019-10-18 00:00:00	2020-01-16 00:00:00	None	Authentication Failed - Failed Logons (IP=219,SE)
85.233.160.147	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=147,GB)
85.233.223.129	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	FR TO-S-2019-0409 Malicious Email Activity
85.236.38.52	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	DE TO-S-2019-0546 Malicious Email Activity
85.238.72.249	24	GM	None	2020-07-15 00:00:00	2020-10-15 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=249,HU)
85.238.73.103	24	KF	None	2020-06-21 00:00:00	2020-09-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=103,HU)
85.24.168.233	24	KF	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	APP-DETECT failed FTP login attempt - 6 Hour Failed Logins (IP=233,SE)
85.245.85.178	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	PT TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason PT TO-S-2020-0212.01 Malware Activity
85.248.124.6	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	SK TO-S-2019-0420 Malicious Email Activity
85.248.227.0	24	tjh	None	2016-06-08 05:00:00	2020-04-22 00:00:00	None	SK TO-S-2016-0686 | updated by jky with reason SK TO-S-2017-0138 Malicious Cyber Actors communicating with government sites |
85.248.29.38	24	EDBT	None	2017-09-23 05:00:00	2020-04-04 00:00:00	None	HTTP: Blind SQL Injection - Timing | updated by dbc with reason SK TO-S-2019-0571 Malicious Email Activity
85.25.109.159	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	DE TO-S-2020-0031 Malicious Email Activity
85.25.154.142	24	RB	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	Hive Case # 3830 (IP=142,FR)
85.27.184.233	24	RB	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=233,DK)
85.29.133.26	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=26,KZ)
85.31.186.52	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DE TO-S-2020-0056 Malicious Email Activity
85.33.36.165	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=165,IT)
85.33.39.225	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - Web Attacks (IP=225,IT)
85.37.38.195	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=195,IT)
85.50.202.61	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password for invalid user - 6hr Logon (IP=61,ES)
85.62.30.218	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	Authentication Failed_Failed Logon
85.64.0.0	16	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
85.73.34.156	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	GR TO-S-2019-0972 Malicious Web Application Activity
85.75.136.76	24	RW	None	2020-01-09 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=76,GR)
85.75.231.197	24	RB	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=197,GR)
85.75.48.142	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	Authentication Failed - 6hr Logons (IP=142,GR)
85.76.6.14	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=14,FI)
85.85.71.168	24	GM	None	2019-10-10 00:00:00	2020-01-10 00:00:00	None	Illegal user - Failed Logons (IP=168,ES)
85.88.162.123	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=123,RU)
85.90.246.93	32	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=93,US)
85.93.20.233	24	MLJ	None	2017-08-31 05:00:00	2020-01-19 00:00:00	None	ET SCAN Behavioral Unusually fast Terminal Server Traffic Potential Scan or Infection (Inbound) (IP=233,DE) | updated by jky | updated by GM with reason ABC Generic ArcSight scan attempt (IP=58,BG)
85.95.160.0	19	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	RU TO-S-2019-0400 Malicious Reconnaissance Activity
85.95.248.252	24	CR	None	2018-12-12 06:00:00	2020-03-11 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (IP=252,TR) | updated by dbc with reason TR TO-S-2019-0468 Ma
85.96.189.23	24	FT	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=23,TR)
85.96.192.156	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=156,TR)
85.97.8.196	24	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=196,TR)
85.99.122.5	24	RR	None	2018-01-19 06:00:00	2020-04-16 00:00:00	None	Severe network attack (IP=5,TR) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=147,TR)
85.99.255.19	24	RB	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_6 hr web attacks (IP=19,TR)
86.100.36.49	24	KF	None	2019-11-21 00:00:00	2020-02-19 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=49,LT)
86.101.85.216	24	RW	None	2020-07-25 00:00:00	2020-10-25 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=216,HU)
86.102.0.0	16	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
86.104.15.248	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	BG TO-S-2019-0571 Malicious Email Activity
86.105.155.239	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=239,RO)
86.105.187.18	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=18,RO)
86.105.237.139	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=139,IT)
86.105.50.185	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	DE TO-S-2019-0546 Malicious Email Activity
86.105.51.129	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=129,no ISC data)
86.105.51.141	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	DE TO-S-2019-0358 Malicious Email Activity
86.105.52.90	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logon (IP=90,DE)
86.106.131.141	24	YM	None	2016-12-23 06:00:00	2020-07-29 00:00:00	None	Malware.Binary.doc (MAID=9807) (IP=141,DE) | updated by EDBT with reason Malware.DTI.Callback (IP=141,DE) | updated by jky w | updated by dbc with reason DE TO-S-2019-0852 Malware Activity
86.108.108.176	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=176,JO)
86.108.49.26	32	RB	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C01816 (IP=26,JO)
86.11.18.242	24	RR	None	2020-01-17 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=242,GB) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=242,GB)
86.132.187.125	24	RWB	None	2020-01-16 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=125,GB) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=125,GB)
86.134.85.9	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=9,GB)
86.138.236.148	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=148,GB)
86.139.95.140	24	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (IP=140,GB)
86.147.190.251	24	RR	None	2020-07-11 00:00:00	2020-10-09 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=251,GB)
86.147.36.46	24	RWB	None	2020-01-16 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=46,GB) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=46,GB) | updated by RB Block expiration extended with rea
86.15.72.254	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=254,GB)
86.153.121.210	24	KF	None	2019-10-19 00:00:00	2020-01-18 00:00:00	None	APP-DETECT failed FTP login attempt (1:13360:7)_SourceFire (IP=210,GB) | updated by KF Block expiration extended with reason APP-DETECT failed FTP login attempt_6 Hr Failed Logons (IP=210,GB)
86.153.14.36	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=36,GB)
86.153.37.164	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=164,GB)
86.155.149.106	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=6,GB)
86.156.81.238	24	CR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=238,GB)
86.168.29.220	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=220,GB)
86.17.222.214	24	RR	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=214,GB)
86.170.230.227	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=227,GB)
86.176.135.61	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,UK)
86.177.94.51	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=51,GB)
86.178.196.117	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=117,GB)
86.180.28.254	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=254,GB)
86.183.143.138	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=138,GB)
86.184.8.15	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=15,GB)
86.185.32.129	24	GM	None	2020-08-19 00:00:00	2020-11-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=129,GB)
86.191.137.52	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=52,GB)
86.196.169.59	24	FT	None	2020-09-02 00:00:00	2020-12-02 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=59,FR)
86.196.181.209	24	RR	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=209,FR)
86.215.227.254	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed - 6hr Logons (IP=254,FR)
86.229.113.63	24	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - Failed Logons (IP=63,FR)
86.23.102.84	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Failed password for invalid user - Failed Logon (IP=84,GB)
86.235.152.172	24	RW	None	2019-10-28 00:00:00	2020-01-28 00:00:00	None	- 6hr Failed Logon (IP=172,FR)
86.237.212.12	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=12,FR)
86.242.44.124	24	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=124,FR)
86.244.49.190	24	RR	None	2020-09-02 00:00:00	2020-12-01 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=190,FR)
86.245.107.57	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	Illegal user - Failed Logons (IP=57,FR)
86.245.18.207	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=207,FR)
86.248.159.41	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Authentication Failed - 6hr Logons (IP=41,FR)
86.35.15.80	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	RO TO-S-2019-0400 Malicious Email Activity
86.42.166.147	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	IE TO-S-2019-1036 Malicious Email Activity
86.43.103.148	24	dbc	None	2014-04-16 05:00:00	2020-01-26 00:00:00	None	Possible https Local File Inclusion Attempt (ip=148,IE) | updated by GM with reason Illegal User - Failed Logons (IP=111,IE)
86.52.9.103	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent / BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected - TT# 20C00115 (IP=103,DK)
86.56.81.242	24	RR	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logons (IP=242,DE)
86.62.5.233	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=233,RU)
86.74.40.71	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Authentication Failed (IP=71,FR)
86.93.164.49	24	KF	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	Authentication Failed (IP=49,NL)
86.96.0.0	14	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AE TO-S-2019-1036 Malicious Email Activity
86.96.128.0	18	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	AE TO-S-2019-0608 Malware Activity
87.0.58.59	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=59,IT)
87.0.96.232	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=232,IT)
87.1.204.31	24	RWB	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=31,IT)
87.10.5.131	24	RW	None	2019-10-28 00:00:00	2020-01-28 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=131,IT)
87.10.74.40	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=40,IT)
87.101.128.0	17	dbc	None	2018-10-23 05:00:00	2020-04-21 00:00:00	None	SA TO-S-2019-0067.01 Malware Activity | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=22,SA) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution atte
87.101.153.22	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=22,SA)
87.101.39.214	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Invalid user_6 hr Failed Logons (IP=214,PL)
87.101.92.209	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	CA TO-S-2019-0468 Malicious Email Activity
87.103.115.142	24	RR	None	2020-02-04 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=142,PT) | updated by RR Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=142,PR)
87.103.170.105	24	DT	None	2020-09-04 00:00:00	2020-12-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=199,RU)
87.103.208.221	24	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=221,RU)
87.106.136.232	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	DE TO-S-2019-1036 Malicious Email Activity
87.106.139.101	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	DE TO-S-2019-1036 Malicious Email Activity
87.106.168.85	24	DT	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=85,DE)
87.106.170.223	24	RB	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - 6hr web attacks (IP=223,DE)
87.106.204.130	24	DT	None	2020-05-22 00:00:00	2020-08-22 00:00:00	None	SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt - Web Attacks (IP=130,DE)
87.106.243.44	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	DE TO-S-2020-0047 Malicious Email Activity
87.117.152.116	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6hr web attacks (IP=116,RU)
87.117.252.66	24	RR	None	2018-08-14 05:00:00	2020-04-08 00:00:00	None	Illegal user (IP=66,GB) | updated by dbc with reason GB TO-S-2019-0577 Malicious Email Activity
87.118.55.242	32	RW	None	2020-03-16 00:00:00	2020-04-16 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02156 (IP=242,US)
87.12.52.1	32	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02031 (IP=1,US)
87.120.254.249	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	BG TO-S-2019-0634 Malware Activity
87.120.254.57	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	BG TO-S-2019-0634 Malware Activity
87.120.36.0	24	dcg	None	2018-08-03 05:00:00	2020-02-08 00:00:00	None	BG TO-S-2018-0998 associated with malicious web application and malware activity | updated by RB with reason Failed password_6 hr Failed Logons (IP=234,BG) | 2020-02-08 | 2019-08-03
87.120.37.212	24	jky	None	2016-11-18 06:00:00	2020-05-01 00:00:00	None	BG TO-S-2017-0188 Trojan malware applications | updated by dbc with reason BG TO-S-2019-0444 Malicious Email Activity | updated by dbc with reason BG TO-S-2019-0634 Malware Activity
87.121.22.18	24	RB	None	2020-01-04 00:00:00	2020-04-03 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode_Sourcefire (IP=18,BG)
87.121.98.245	32	kmw	None	2019-12-26 00:00:00	2020-12-26 00:00:00	None	BG TO-S-2020-0212.01 Malware Activity
87.121.98.245	32	dbc	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	BG TO-S-2020-0206 Malware Activity
87.121.98.52	24	ABC	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=52,BG)
87.123.103.217	24	RW	None	2020-02-07 00:00:00	2020-05-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=217,DE)
87.123.41.72	24	RW	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=72,DE)
87.139.108.253	24	None	None	None	2020-01-19 00:00:00	None	| updated by KF with reason Immediate Inbound Network Block - TT# 20C00503 (IP=253,US)
87.14.14.170	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (1:44687:3) (IP=170,IT)
87.14.177.160	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=60,IT)
87.16.92.225	24	GM	None	2020-03-11 00:00:00	2020-06-11 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=225,IT)
87.165.167.123	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command
87.17.17.53	24	GM	None	2020-03-07 00:00:00	2020-06-07 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=53,IT)
87.184.98.224	24	ABC	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	Command Injection Attempt (IP=224,DE)
87.19.68.230	24	RR	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Authentication Failed - Failed Logons (IP=230,IT)
87.197.126.24	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=24,SK)
87.2.28.156	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=156,IT)
87.203.198.138	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=138,GR)
87.205.115.51	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6hr web attacks (IP=51,PL)
87.205.117.62	24	GM	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	GM SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=62,PL)
87.21.153.50	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=50,IT)
87.214.33.229	24	RWB	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	Authentication Failed - Failed Logon (IP=229,NL)
87.214.66.137	24	KF	None	2019-02-23 00:00:00	2020-01-06 00:00:00	None	Authentication Failed (IP=137,NL) | updated by RR with reason Authentication Failed - Failed Logons (IP=137,NL)
87.215.196.142	24	EDBT	None	2017-11-19 06:00:00	2020-02-25 00:00:00	None	Authentication Failed (IP=142,NL) | updated by RW Block was inactive. Reactivated on 20191125 with reason Authentication Failed - 6hr Failed Logon(IP=142,NL)
87.216.94.199	24	CW	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt_Web attacks (IP=99,ES)
87.228.20.228	24	RR	None	None	2020-06-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=228,RU)
87.229.120.53	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	HU TO-S-2020-0031 Malicious Email Activity
87.229.128.0	17	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
87.230.102.40	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	DE TO-S-2019-0400 Malware Activity
87.230.19.21	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	DE TO-S-2019-1036 Malicious Email Activity
87.236.100.61	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	NL TO-S-2019-0938 Malicious Email Activity
87.236.16.0	21	jky	None	2017-11-20 06:00:00	2020-02-15 00:00:00	None	RU TO-S-2018-0157 Malware activity | updated by dbc with reason RU TO-S-2019-0409 Malicious Email Activity
87.236.208.0	21	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	IR TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason IR TO-S-2020-0212.01 Malware Activity
87.237.208.0	21	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	SE TO-S-2019-0852 Malware Activity
87.240.0.0	18	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
87.240.129.187	32	wmp	None	2020-08-07 00:00:00	2020-12-10 00:00:00	None	HIVE Case #3484 COLS-NA-TIP-20-0249 (IP=187,RU) | updated by wmp Block expiration extended with reason HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=187,RU) | updated by wmp Block expiration extended with reason HIVE Case #3604 COLS-NA-TIP-20-0262 (IP=187,R
87.240.190.64	32	wmp	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	HIVE Case #3484 COLS-NA-TIP-20-0249 (IP=64,RU)
87.241.128.0	18	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	AM TO-S-2020-0012 Malware Activity
87.241.93.91	32	GM	None	2020-03-23 00:00:00	2020-06-23 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02202 (IP=91,US)
87.242.53.60	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Web Attacks(IP=60,HU)
87.242.64.35	24	RW	None	2020-05-12 00:00:00	2020-08-12 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr web attacks (IP=35,RU)
87.245.128.0	18	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	RU TO-S-2019-0640.01 Malware Activity
87.246.7.9	24	RR	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=9,BG)
87.247.152.0	22	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	UK TO-S-2020-0109.01 Malicious Email Activity
87.247.240.14	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	GB TO-S-2019-0571 Malicious Email Activity
87.248.0.82	24	RR	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - Failed Logons (IP=82,NO)
87.248.118.23	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	NL TO-S-2019-1036 Malware Activity
87.248.15.221	32	RB	None	2020-05-05 00:00:00	2020-08-03 00:00:00	None	TO-S-2020-0495/ Multiple Blocks - TT# 20C02618 (IP=221,NO)
87.251.166.70	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	TCP: SYN Host Sweep (IP=70,RU)
87.251.74.34	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	TCP: SYN Host Sweep (IP=34,RU)
87.253.3.21	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=21,RU)
87.253.58.26	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=26,RU)
87.253.93.172	32	RB	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C01925 (IP=172,SE)
87.254.35.91	32	RB	None	2020-05-05 00:00:00	2020-08-03 00:00:00	None	TO-S-2020-0495/ Multiple Blocks - TT# 20C02618 (IP=91,NO) Please blackhole the following domains:
87.4.217.27	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=27,IT)
87.4.220.236	24	RR	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	Authentication Failed - Failed Logons (IP=236,IT)
87.56.1.212	24	RW	None	2020-01-18 00:00:00	2020-04-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=212,DK) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=212,DK)
87.6.103.171	32	RW	None	2020-04-03 00:00:00	2020-05-03 00:00:00	None	Known Attack Tool User Agent - TT# 20C02346 (IP=171,IT)
87.66.170.61	24	RR	None	2020-01-18 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=61,BE) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=61,BE)
87.66.207.225	24	RR	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed password - Failed Logons (IP=225,BE)
87.70.64.0	18	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
87.71.64.0	19	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
87.76.23.98	32	kmw	None	2019-02-04 00:00:00	2020-02-04 00:00:00	None	GB TO-S-2019-0363.01 Malware Activity
87.76.27.69	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=69,GB)
87.78.6.219	24	GM	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=219,DE)
87.78.77.1	24	RW	None	2019-11-23 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=1,DE)
87.8.136.22	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=22,IT)
87.8.188.108	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=108,IT)
87.8.221.241	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=241,IT)
87.8.225.174	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=174,IT)
87.81.75.127	24	KF	None	2020-01-20 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=127,GB) | updated by RWB with reason Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,UK)
87.9.163.134	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=134,IT)
87.9.206.235	24	RR	None	2020-03-13 00:00:00	2020-06-11 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=235,IT)
87.96.130.103	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=103,SE)
87.98.151.169	24	BMP	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=169,FR)
87.98.152.111	24	RB	None	2020-07-16 00:00:00	2020-10-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr failed logon (IP=111,FR)
87.98.153.22	24	BMP	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=22,FR)
87.98.154.240	24	RR	None	2020-07-19 00:00:00	2020-10-17 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=240,FR)
87.98.155.50	24	CR	None	2020-07-14 00:00:00	2020-10-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=50,FR)
87.98.156.136	24	RR	None	2020-07-21 00:00:00	2020-10-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=136,CN)
87.98.175.113	24	RW	None	2019-10-28 00:00:00	2020-01-28 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6hr web attacks (IP=113,FR)
87.98.239.87	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	PL TO-S-2019-0769 Malicious Email Activity
87.98.240.226	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	DE TO-S-2019-0420 Malware Activity
87.98.242.60	24	BMP	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	DISA-G-TIP-20-2573/ C2 Callout - TT# 20C01419 (IP=60,DE)
87.99.77.0	24	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	LV TO-S-2019-0608 Malware Activity
88.104.207.208	24	GM	None	2020-03-24 00:00:00	2020-06-24 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=208,GB)
88.116.81.26	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=26,AT)
88.123.39.148	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=148,FR)
88.129.214.10	24	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	TCP: SYN Host Sweep - Automated Block Calculations (IP=10,SE)
88.130.159.59	24	CW	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Authentication Failed_Failed Logon (IP=59,DE)
88.132.188.113	24	GM	None	2019-12-26 00:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=113,HU)
88.132.240.127	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web Attacks (IP=27,HU)
88.135.48.0	20	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
88.135.94.112	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=112,UA)
88.14.220.123	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=123,ES)
88.142.187.58	32	RW	None	2020-03-16 00:00:00	2020-04-16 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02151 (IP=58,FR)
88.147.6.142	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=142,IT)
88.148.112.58	24	BP	None	2019-11-21 00:00:00	2020-02-21 00:00:00	None	Authentication Failed - 6hr Web Attacks(IP=58,ES)
88.149.181.240	24	MLJ	None	2018-01-31 06:00:00	2020-02-27 00:00:00	None	Authentication Failed (IP=240,IT) | updated by RWB Block was inactive. Reactivated on 20191129 with reason Authentication Failed - Failed Logon (IP=240,IT)
88.15.56.146	24	RB	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_6 hr web attacks (IP=146,ES)
88.151.177.66	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command
88.152.231.197	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=197,DE)
88.156.97.210	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	PL TO-S-2019-1036 Malicious Email Activity
88.177.62.142	24	KF	None	2019-03-21 00:00:00	2020-01-25 00:00:00	None	Authentication Failed (IP=142,FR) | updated by RR with reason Authentication Failed - Failed Logons (IP=142,FR)
88.191.138.184	24	CW	None	2020-01-05 00:00:00	2020-04-04 00:00:00	None	Authentication Failed_Failed Logon (IP=84,FR)
88.191.249.182	31	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	FR TO-S-2019-0420 Malware Activity
88.196.219.212	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=212,EE)
88.198.107.244	24	RB	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6 hr web attacks (IP=244,DE)
88.198.11.234	24	DT	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=234,DE)
88.198.14.102	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	DE TO-S-2019-0734.01 Malicious Email Activity
88.198.236.105	24	RR	None	2018-12-06 06:00:00	2020-02-20 00:00:00	None	Illegal user (IP=105,DE) | updated by dbc with reason DE TO-S-2019-0420 Malicious Email Activity
88.198.37.146	24	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=115,DE)
88.198.59.226	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	DE TO-S-2019-0800 Malicious Email Activity
88.198.6.68	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	DE TO-S-2019-0640.01 Malicious Email Activity
88.198.60.25	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	DE TO-S-2019-0658 Malicious Email Activity
88.200.235.116	24	RW	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - Sourcefire (IP=116,RU)
88.201.96.127	24	KF	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=127,BH)
88.202.177.181	32	RB	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03533 (IP=181,GB)
88.202.178.100	24	BMP	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6hr Web Attacks (IP=100,GB)
88.202.178.101	32	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	SQL Injection- ARCSight Sauron (IP=101,US)
88.202.190.0	24	alj	None	2018-11-05 06:00:00	2020-02-15 00:00:00	None	2RCC Immediate Inbound Network Block - TT# 19C00314 (ip=0,nl) | updated by CR with reason Unauthorized Access-Probe /UDP Host S
88.208.192.57	24	sjl	None	2015-06-13 05:00:00	2020-05-10 00:00:00	None	ET SCAN Potential SSH Scan (IP=57 GB) | updated by dbc with reason GB TO-S-2019-0658 Malicious Email Activity
88.208.250.182	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	GB TO-S-2019-0532 Malicious Email Activity
88.208.252.129	24	wmp	None	2016-05-24 05:00:00	2020-03-29 00:00:00	None	possible sql injection attempt (IP=129,GB) | updated by jky with reason TO-S-2017-0452 Various malicious cyber techniques tro
88.208.252.233	24	KF	None	2020-03-02 00:00:00	2020-05-31 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=233,GB)
88.208.36.60	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	NL TO-S-2019-0658 Malware Activity
88.214.26.46	24	GM	None	2019-01-11 06:00:00	2020-05-10 00:00:00	None	Generic ArcSight scan attempt (IP=46,DE) | updated by dbc with reason DE TO-S-2019-0658 Malware Activity
88.214.28.6	24	JKC	None	None	2020-09-10 00:00:00	None	TIPPR19-0140 (IP=6, NL) | updated by dbc with reason NL TO-S-2019-0626.01 Malicious Email Activity | updated by dbc with reason NL TO-S-2019-0972 Malicious Email Activity
88.218.116.0	22	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	IL TO-S-2020-0047 Malicious Email Activity
88.218.116.127	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	IL TO-S-2019-0658 Malware Activity
88.218.16.191	24	CR	None	2019-12-24 00:00:00	2020-03-25 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt- Sourcefire (IP=191, NL) | updated by CR Block expiration extended with reason OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt- Sourcefire (I
88.218.16.81	32	DT	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03379 (IP=81,UK)
88.218.17.112	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=112,XX)
88.218.227.190	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	DE TO-S-2019-0734.01 Malicious Email Activity
88.218.227.246	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=246,DE)
88.221.34.20	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt - SourceFire (IP=20,NL)
88.224.155.108	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=108,TR)
88.225.215.221	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=221,TR)
88.225.232.223	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=223,TR)
88.226.127.6	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=6,TR)
88.226.233.13	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=13,TR)
88.226.84.64	32	BMP	None	2020-04-03 00:00:00	2020-06-03 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02255 (IP=64,TR)
88.226.84.64	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=64,TR)
88.227.109.103	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=103,TR)
88.228.209.163	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=163,TR)
88.229.59.253	24	RW	None	2020-01-07 00:00:00	2020-04-07 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=253,TR)
88.229.80.106	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=106,TR)
88.23.43.210	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=210,ES)
88.230.172.145	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=145,TR)
88.231.101.203	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=203,TR)
88.231.160.250	24	RB	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt_Sourcefire (IP=250,TR)
88.231.250.176	24	RR	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=176,TR)
88.232.153.81	24	RB	None	2019-12-28 00:00:00	2020-03-27 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt_Sourcefire (IP=81,TR)
88.232.64.169	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=69,TR)
88.232.84.197	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=197,TR)
88.235.202.138	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
88.235.216.255	24	CW	None	2019-12-12 00:00:00	2020-03-11 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt_SourceFire (IP=55,TR)
88.235.239.82	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=82,TR)
88.235.247.247	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=247,TR)
88.237.33.159	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=159,TR)
88.238.125.252	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=252,TR)
88.240.60.234	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Authentication Failed - Failed Logons (IP=234,TR)
88.244.70.137	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed - 6hr Logon (IP=137,TR)
88.248.186.216	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=216,TR)
88.248.205.150	24	RW	None	2020-01-18 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=150,TR) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=150,TR) | updated by RB Block expiration extended wi
88.251.214.209	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=209,TR)
88.27.253.44	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=44,ES)
88.34.126.171	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - SourceFire (IP=171,IT)
88.38.118.83	24	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=83,IT)
88.38.8.98	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt_Web attacks (IP=98,IT)
88.42.32.78	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt_Web attacks (IP=78,IT)
88.44.33.170	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=170,IT)
88.55.66.185	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	IT TO-S-2019-1036 Malware Activity
88.56.20.102	32	RB	None	2020-03-09 00:00:00	2020-04-09 00:00:00	None	nown Attack Tool User Agent/ BOT: Mirai Echobot Activity Detected - TT# 20C02101 (IP=102,IT)
88.58.46.118	24	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - Web Attacks (IP=18,IT)
88.58.58.226	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - SourceFire (IP=226,IT)
88.6.144.82	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=82,ES)
88.61.0.93	24	BMP	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - SourceFire (IP=93,IT)
88.65.49.137	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	Authentication Failed (IP=137,DE)
88.80.184.117	32	RR	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Generic ArcSight scan attempt (IP=117,US)
88.80.187.84	24	EDBT	None	2017-12-04 06:00:00	2020-04-04 00:00:00	None	ET SCAN Potential SSH Scan (IP=84,GB) | updated by CW with reason OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt_SourceFire (IP=31,GB) | 2020-04-04 | 2018-03-04
88.80.191.64	24	klb	None	2015-03-19 05:00:00	2020-02-08 00:00:00	None	TCP Host Sweeps (IP=64 GB) | updated by GLM with reason SERVER-APACHE Apache mod_ssl non-SSL connection to SSL port denial of | updated by KF with reason Generic ArcSight scan attempt (IP=29,US)
88.84.16.116	24	KF	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	Authentication Failed (IP=116,CH)
88.85.82.153	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	NL TO-S-2019-1036 Malware Activity
88.88.112.98	24	KF	None	2019-11-02 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=98,NO) | updated by KF Block expiration extended with reason Failed Password_6 Hr Failed Logons (IP=98,NO)
88.98.241.197	24	ABC	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	Generic ArcSight scan attempt (IP=197,GB)
88.99.10.234	32	wmp	None	2020-06-19 00:00:00	2020-09-19 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=234,DE)
88.99.10.234	32	wmp	None	2020-07-02 00:00:00	2020-10-02 00:00:00	None	HIVE Case #3212 CTO-20-182 (IP=234,DE)
88.99.10.234	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=234,DE)
88.99.10.235	32	wmp	None	2020-07-02 00:00:00	2020-10-02 00:00:00	None	HIVE Case #3212 CTO-20-182 (IP=235,DE)
88.99.10.236	32	wmp	None	2020-07-02 00:00:00	2020-10-02 00:00:00	None	HIVE Case #3212 CTO-20-182 (IP=236,DE)
88.99.105.222	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	DE TO-S-2019-0852 Malware Activity
88.99.127.217	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	DE TO-S-2019-0577 Malicious Email Activity
88.99.160.208	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	DE TO-S-2019-0488 Malicious Email Activity
88.99.161.177	24	CR	None	2019-12-24 00:00:00	2020-03-24 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=177, DE)
88.99.161.177	24	CR	None	2019-12-24 00:00:00	2020-03-24 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=177, DE)
88.99.161.177	24	CR	None	2019-12-24 00:00:00	2020-03-25 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=177, DE)
88.99.165.176	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	DE TO-S-2019-0604 Malicious Email Activity
88.99.167.134	24	RW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	Generic ArcSight scan attempt (IP=134,DE)
88.99.178.209	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	DE TO-S-2019-0640.01 Malicious Email Activity
88.99.206.78	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	DE TO-S-2019-0488 Malicious Email Activity
88.99.211.112	32	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	DE TO-S-2019-0571 Malicious Email Activity
88.99.223.146	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	DE TO-S-2019-0769 Malicious Email Activity
88.99.246.174	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	DE TO-S-2019-0626.01 Malware Activity
88.99.27.172	24	YM	None	2017-12-29 06:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP glimpse access | updated by dbc with reason DE TO-S-2019-0658 Malware Activity
88.99.33.230	24	GM	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	ABC Generic ArcSight scan attempt (IP=230,DE)
88.99.58.108	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	DE TO-S-2019-0488 Malicious Email Activity
88.99.66.31	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	DE TO-S-2019-0890.01 Malicious Email Activity
88.99.77.171	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	DE TO-S-2019-0430 Malicious Email Activity
88.99.94.73	32	dbc	None	2019-07-23 00:00:00	2020-08-06 00:00:00	None	DE TO-S-2019-0839 Malicious Email Activity | updated by dbc with reason DE TO-S-2019-0864 Malware Activity
89.100.106.42	24	RR	None	2019-01-19 00:00:00	2020-02-04 00:00:00	None	Failed password for invalid user (IP=42,IE) | updated by RW with reason Authentication Failed - 6hr Failed Logon(IP=42,IE)
89.105.194.236	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	NL TO-S-2019-0617 Malware Activity
89.107.184.121	32	RR	None	None	2020-06-26 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=121,DE)
89.107.184.121	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	SQL Injection- ARCSight Sauron (IP=121,DE)
89.107.61.39	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	GB TO-S-2019-0610 Malicious Email Activity
89.108.72.0	22	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	RU TO-S-2019-0409 Malware Activity
89.110.129.56	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	DE TO-S-2019-0468 Malicious Email Activity
89.110.132.131	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	DE TO-S-2019-0409 Malicious Email Activity
89.110.39.253	24	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Generic ArcSight scan attempt (IP=253,RU)
89.111.182.95	32	DT	None	2020-06-08 00:00:00	2020-09-06 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03090 (IP=95,RU)
89.111.52.138	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=138,LV)
89.120.116.250	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logons (IP=250,RO)
89.122.175.60	24	RW	None	2020-01-18 00:00:00	2020-04-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=60,RO | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=60,RO)
89.122.93.76	24	CR	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=76,RO)
89.130.115.165	24	RR	None	None	2020-07-07 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=165,ES)
89.132.120.93	32	RB	None	2020-02-12 00:00:00	2020-03-12 00:00:00	None	Generic Scanning - TT# 20C01716 (IP=93,HU)
89.132.52.254	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=254,HN)
89.133.103.2	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Invalid user - Failed Logons (IP=2,HU)
89.133.222.27	24	RW	None	2020-02-03 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=27,HU) | updated by RB Block expiration extended with reason Illegal user_6 hr Failed Logons_WPC (IP=27,HU)
89.133.62.227	24	RB	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	Failed password for invalid user_6 hr Failed Logons (IP=227 HU)
89.134.20.90	24	RWB	None	2020-01-01 00:00:00	2020-03-31 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=90,HU)
89.136.231.217	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - Web Attacks (IP=217,RO)
89.136.52.0	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=0,RO)
89.139.0.0	16	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
89.142.236.151	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=151,SI)
89.142.35.47	24	RR	None	2019-10-17 00:00:00	2020-01-15 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=47,SI)
89.143.121.117	24	RR	None	2020-01-18 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=117,SI) | updated by RB Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=117 SI)
89.143.124.52	24	CW	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_failed Logon (IP=52,SI) | updated by GM Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=52,SI)
89.143.127.9	24	BMP	None	2020-01-31 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=9,SI) | updated by KF Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=9,SI) | updated by KF Block expir
89.144.47.29	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	TCP: SYN Host Sweep (IP=29,DE)
89.144.47.5	24	KF	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03368 (IP=5,NL)
89.145.86.170	24	RB	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	SQL use of sleep function with and - likely SQL injection_Sourcefire (IP=170,GB)
89.148.22.137	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	BH TO-S-2019-0952 Malicious Email Activity
89.154.165.167	24	DT	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=167,PT)
89.160.101.48	32	RB	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	Known Attack Tool User Agent/ BOT: Mirai Echobot Activity Detected - TT# 20C02131 (IP=48,SE)
89.163.206.190	24	ABC	None	2016-09-06 05:00:00	2020-01-25 00:00:00	None	Generic ArcSight scan attempt (IP=190,DE) | updated by ABC with reason Generic ArcSight scan attempt (IP=190,DE) | updated
89.163.224.233	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=233,DE)
89.163.225.183	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=183,DE)
89.163.225.183	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	UDP: Host Sweep (IP=183,DE)
89.163.242.127	24	djs	None	2016-06-12 05:00:00	2020-02-21 00:00:00	None	Sipvicious scans (ip=127,DE) | updated by BLP with reason ET SCAN Sipvicious User-Agent Detected (IP=175,DE) | updated by YM
89.165.113.101	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Generic ArcSight scan attempt (IP=101,IR)
89.165.2.239	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=239,IR)
89.168.81.13	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password for invalid user (IP=13,GB)
89.169.159.175	24	RW	None	2019-10-02 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6 hr web attacks (IP=175,RU)
89.17.131.92	24	RR	None	2020-01-21 00:00:00	2020-04-21 00:00:00	None	Authentication Failed - Failed Logons (IP=92,IS) | updated by RWB with reason Authentication Failed - Failed Logon (IP=92,IS)
89.176.6.6	24	ALJ	None	2018-10-01 05:00:00	2020-01-25 00:00:00	None	Authentication Failed (ip=6,cz) | updated by RR with reason Authentication Failed - Failed Logons (IP=6,CZ)
89.184.75.103	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=103,UA)
89.184.89.81	32	wmp	None	2020-08-13 00:00:00	2020-11-13 00:00:00	None	HIVE Case #3555 COLS-NA-TIP-20-0254 (IP=81,UA)
89.186.31.254	24	RR	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=254,PL)
89.187.165.188	24	KF	None	2020-03-08 00:00:00	2020-06-06 00:00:00	None	POLICY-OTHER Adobe ColdFusion component browser access attempt - Web Attacks (IP=188,CZ)
89.187.171.229	32	BMP	None	2020-06-26 00:00:00	2020-08-26 00:00:00	None	SQL generic sql exec injection attempt - GET parameter - SourceFire (IP=229,US)
89.187.171.229	24	RR	None	2020-06-26 00:00:00	2020-09-24 00:00:00	None	SQL generic sql exec injection attempt - GET parameter - Web Attacks (IP=229,CZ)
89.187.182.13	32	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=13,US)
89.187.85.11	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	GB TO-S-2019-0409 Malware Activity
89.189.154.66	32	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - 6hr Failed Logon (IP=66,RU) | updated by RW Block was inactive. Reactivated on 20191015 with reason Illegal user - 6hr Failed Logon (IP=66,RU)
89.19.178.39	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=39,RU)
89.19.30.91	24	GM	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=91,TR)
89.19.30.91	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=91,TR)
89.19.30.91	24	GM	None	2020-02-08 00:00:00	2020-05-08 00:00:00	None	HTTP: SQL Injection - Exploit II - Web attacks (IP=91,TR)
89.190.217.206	24	GM	None	2020-01-29 00:00:00	2020-04-29 00:00:00	None	Failed password - Failed Logons (IP=206,BG)
89.191.228.203	32	RW	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	SQL generic convert injection attempt - GET parameter - 6hr web attacks (IP=203,US)
89.196.0.0	16	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	IR TO-S-2019-0430 Malware Activity
89.199.0.0	16	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	IR TO-S-2019-0430 Malware Activity
89.208.199.109	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	Known Attack Tool User Agent/UDS-Paros_RC8766 - TT# 20C01538 (IP=109,US)
89.208.199.209	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	Known Attack Tool User Agent - TT# 20C01537 (IP=209,RU)
89.208.205.22	24	KF	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (1:29831:3) - SourceFire (IP=22,RU)
89.208.246.240	24	RR	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user - Failed Logons (IP=240,RU)
89.211.173.241	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 020420-00069 (IP=241,US)
89.211.173.241	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=241,QA)
89.211.190.121	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=121,PK)
89.212.226.177	24	RB	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password_6 hr Failed Logons (IP=177,SI)
89.218.91.182	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=182,KZ)
89.219.209.12	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=12 IR)
89.22.113.85	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DE TO-S-2020-0056 Malicious Web Application Activity
89.221.213.11	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	CZ TO-S-2019-0577 Malicious Email Activity
89.221.240.190	24	wla	None	2014-05-20 05:00:00	2020-02-04 00:00:00	None	MALWARE-CNC: OSINT : China Chopper PHP/Backdoor Detected (IP=190 | updated by MLJ with reason Illegal user (IP=171,SE) | upda
89.221.252.218	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=218,SE)
89.222.181.58	24	RB	None	2018-12-12 06:00:00	2020-03-06 00:00:00	None	Failed password for invalid user (IP=58,RU) | updated by GM with reason Invalid user - Failed Logons (IP=5,RU)
89.228.11.250	32	dbc	None	2020-06-30 00:00:00	2020-09-30 00:00:00	None	HIVE Case #3187 CTO-20-179 (IP=250,PL)
89.231.29.232	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	Failed password_6 hr Failed Logons (IP=232,PL)
89.238.154.234	32	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	GB TO-S-2020-0077 Malicious Email Activity
89.238.154.243	32	RR	None	2019-04-06 00:00:00	2020-04-17 00:00:00	None	20451: HTTP: OpenVAS Vulnerability Scanner - TT# 19C01876 (IP=243,GB) | updated by dbc with reason GB TO-S-2019-0604 Malware Ac
89.238.178.75	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	ES TO-S-2019-0617 Malware Activity
89.238.186.166	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	CZ TO-S-2019-0430 Malware Activity
89.238.188.96	24	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=96,GB)
89.238.188.96	24	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	SQL Injection - Automated Block Calculations (IP=96,GB)
89.24.124.82	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CZ TO-S-2019-0952 Malware Activity
89.24.210.10	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	CZ TO-S-2019-0420 Malicious Email Activity
89.240.124.244	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=244,GB)
89.242.113.193	24	RR	None	2020-01-02 00:00:00	2020-04-01 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=193,GB)
89.242.80.0	20	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	LV TO-S-2019-0608 Malware Activity
89.247.199.30	24	CR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	Authentication Failed - 6 hr Failed Logon (IP=30,DE)
89.248.160.193	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=193,NL)
89.248.162.228	24	djs	None	2014-05-16 05:00:00	2020-01-17 00:00:00	None	DNS Scans (ip=228,NL) | updated by wmp with reason Potential SSH Scan (IP=242,SC) | updated by bob with reason SC TO-S-2017- | updated by RR with reason Generic ArcSight scan attempt (IP=167,NL)
89.248.167.131	32	GM	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 20C03415 (IP=131,US)
89.248.168.217	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=217,NL)
89.248.169.12	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	SC TO-2020-0212 network threat activity
89.248.169.9	24	djs	None	2014-10-11 05:00:00	2020-03-28 00:00:00	None	TCP Port Sweeps (ip=9,NL) | updated by ABC with reason Bro-observed Port Scanning (IP=50, NL) | updated by sjl with reason E
89.248.171.97	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	ABC Generic ArcSight scan attempt (IP=97,NL)
89.248.172.123	32	wmp	None	2020-07-02 00:00:00	2020-10-02 00:00:00	None	HIVE Case #3212 CTO-20-182 (IP=123,NL)
89.248.172.168	24	dbc	None	2014-04-20 05:00:00	2020-01-17 00:00:00	None	TCP Port Sweeps (ip=168,NL) | updated by tjh with reason NL TO-S-2015-0027 | updated by jkc with reason ET SCAN Potential VN | updated by RR with reason Generic ArcSight scan attempt (IP=90,NL)
89.248.174.215	32	DT	None	2020-07-21 00:00:00	2020-10-21 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT# 20C03531 (IP=215,NL)
89.248.174.54	24	klb	None	2014-06-27 05:00:00	2020-01-10 00:00:00	None	DNS: OPT Denial of Service (ip=54, NL) | updated by jkc with reason ET SCAN Potential VNC Scan 5900-5920 (IP=55 , NL) | upda | updated by GM with reason Timeout before authentication - Failed Logons (IP=3,NL)
89.248.60.120	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	GB TO-S-2019-0577 Malicious Email Activity
89.248.60.220	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	GB TO-S-2019-0577 Malicious Email Activity
89.248.61.140	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3604 COLS-NA-TIP-20-0262 (IP=140,GB)
89.249.192.0	20	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	AM TO-S-2020-0012 Malware Activity
89.249.65.189	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	DE TO-S-2019-0640.01 Malware Activity
89.249.65.213	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	DE TO-S-2019-0747 Malware Activity
89.249.65.215	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	DE TO-S-2020-0006 Malicious Email Activity
89.249.65.92	24	CW	None	2019-12-24 00:00:00	2020-03-23 00:00:00	None	Illegal user_Failed Logon (IP=92,DE)
89.249.66.45	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	GB TO-S-2019-0658 Malware Activity
89.249.66.47	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	GB TO-S-2020-0088 Malicious Email Activity
89.249.67.56	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	GB TO-S-2019-0468 Malware Activity
89.249.73.206	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	BE TO-S-2020-0187 Malicious Email Activity
89.250.224.100	24	RB	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=100,RU)
89.250.48.0	20	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	FI TO-S-2019-0769 Malicious Email Activity
89.250.49.34	32	RW	None	2020-07-26 00:00:00	2020-08-26 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability
89.252.154.2	24	RB	None	2019-11-17 00:00:00	2020-02-15 00:00:00	None	Failed password_6 hr Failed Logons (IP=2,TR)
89.252.174.151	24	KF	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	INDICATOR-COMPROMISE Suspicious .tk dns query (1:39867:4)_SourceFire (IP=151,TK)
89.252.178.217	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=217,TR)
89.28.48.88	24	DT	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - SourceFire (IP=88,MD)
89.28.69.147	32	JKC MD	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	TO-2020-0212 network threat activity
89.29.219.251	24	RR	None	2019-10-02 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=251,ES) | updated by KF Block expiration extended with reason SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=251,ES)
89.29.239.182	24	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=182,ES)
89.31.110.92	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=92,RU)
89.31.127.203	24	RR	None	2020-03-30 00:00:00	2020-06-28 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=203,NL)
89.34.111.24	24	jkc	None	2016-07-01 05:00:00	2020-04-04 00:00:00	None	sql injection attempt (IP=24, RO) | updated by jky with reason BZ TO-S-2017-1175 Malicious activity | updated by jky with r
89.34.208.0	21	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	RO TO-S-2019-0409 Malicious Email Activity
89.36.147.203	24	GM	None	2020-04-21 00:00:00	2020-07-21 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=203,RO)
89.36.216.108	24	MLJ	None	2017-03-28 05:00:00	2020-02-11 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=108,RO) | updated by RR with reason Failed password for invalid user (IP= | updated by GM with reason Invalid user - Failed Logons (IP=125,DE)
89.38.208.12	24	RWB	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Web Application Attack - SQL HTTP URI blind injection attempt - SourceFire (IP=12,RO)
89.38.99.72	24	RR	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=72,NL)
89.39.106.142	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=142,NL)
89.39.208.218	24	RR	None	2020-03-13 00:00:00	2020-06-11 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=218,RO)
89.40.112.0	22	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	RU TO-S-2019-0468 Malicious Email Activity
89.40.125.134	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	UDP: Host Sweep (IP=134,AR)
89.40.73.215	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=215,RO)
89.41.176.211	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=211,RO)
89.41.26.26	32	FT	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03656 (IP=26,US)
89.41.26.60	32	GM	None	2020-09-15 00:00:00	2020-12-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03913 (IP=60,US)
89.42.209.7	24	RW	None	2019-10-25 00:00:00	2020-01-25 00:00:00	None	APP-DETECT failed FTP login attempt - 6hr Failed Logon(IP=7,IR)
89.42.209.87	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	RO TO-S-2019-0420 Malicious Email Activity
89.42.252.124	24	RR	None	2018-12-08 06:00:00	2020-02-20 00:00:00	None	Failed password for invalid user (IP=124,RO) | updated by RR with reason Failed password - Failed Logons (IP=124,RO)
89.45.17.11	24	GM	None	2019-12-05 00:00:00	2020-03-05 00:00:00	None	Failed password - Failed Logons (IP=11,RO)
89.45.90.247	32	RW	None	2020-05-31 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=247,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Sourcefire (IP=247,US)
89.46.104.178	24	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=178,IT)
89.46.104.178	24	RR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=178,IT)
89.46.108.75	32	wmp	None	2020-09-22 00:00:00	2020-12-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=75,IT)
89.46.114.100	32	GM	None	2020-09-12 00:00:00	2020-12-12 00:00:00	None	SERVER-WEBAPP Adobe Experience Manager server side request forgery attempt - Web Attacks (IP=100,US)
89.46.196.111	24	RR	None	2017-09-28 05:00:00	2020-01-31 00:00:00	None	ET SCAN Potential SSH Scan (IP=111,RO) | updated by RR with reason Failed password for invalid user (IP=137,RO) 2017-12-27 20 | updated by RR with reason Failed password - Failed Logons (IP=10,IT)
89.46.223.3	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=3,RO)
89.46.7.161	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=161,RO)
89.47.217.220	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=220,RO)
89.72.51.20	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=20,PL)
89.80.167.76	24	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	Illegal user - Fail Logins (IP=76,FR)
89.81.179.7	24	RB	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=7,FR)
89.9.185.30	24	GM	None	2020-02-14 00:00:00	2020-05-14 00:00:00	None	Authentication Failed - Failed Logons (IP=30,NO)
89.94.64.0	19	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	IL TO-S-2019-0626.01 Malicious Email Activity
89.96.49.89	24	RR	None	2019-05-16 00:00:00	2020-04-09 00:00:00	None	Illegal user - 6hr Failed Logons (IP=89,IT) | updated by RB with reason Illegal user_6 hr Failed Logons (IP=89,IT) | 2020-04-09 | 2019-08-14
8ez.com	---	RR	None	2019-11-05 00:00:00	2020-02-03 00:00:00	2023-01-19 22:35:01	Malicious.LIVE.DTI.URL
9.242.62.18	24	DT	None	2020-04-01 00:00:00	2020-06-30 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode - SourceFire (IP=18,RU)
90.100.102.194	24	RR	None	2019-10-18 00:00:00	2020-01-16 00:00:00	None	Authentication Failed - Failed Logons (IP=194,FR)
90.101.224.227	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	Authentication Failed_Failed Logon (IP=27,FR)
90.102.66.154	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=154,FR)
90.105.198.100	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Authentication Failed (IP=100,FR)
90.109.47.195	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	Authentication Failed_Failed Logon (IP=95,FR)
90.113.236.148	24	KF	None	2019-12-18 00:00:00	2020-03-17 00:00:00	None	Authentication Failed (IP=148,FR)
90.113.83.145	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	FR TO-2020-0212 network threat activity
90.118.82.26	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	FR TO-2020-0212 network threat activity
90.12.27.57	24	RW	None	2020-02-06 00:00:00	2020-05-06 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=57,FR)
90.125.154.250	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=250,FR)
90.129.113.141	24	KF	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	Authentication Failed (IP=141,SE)
90.146.0.0	16	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	AT TO-S-2019-0938 Malicious Email Activity
90.15.207.7	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=7,FR)
90.153.128.0	17	jky	None	2018-01-12 06:00:00	2020-02-10 00:00:00	None	SY TO-S-2018-0342 Malware activity | updated by GM with reason ABC Generic ArcSight scan attempt (IP=187,SY)
90.160.187.170	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=170,ES)
90.162.220.89	24	GM	None	2019-07-09 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=89,ES) | updated by GM with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - 20C01381 (IP=89,US)
90.178.181.171	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt- Web Attacks (IP=171,CZ)
90.180.92.121	24	RR	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=121,CZ)
90.182.164.122	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	CZ TO-S-2019-0952 Malware Activity
90.190.151.34	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=34,EE)
90.197.23.155	24	RW	None	2020-02-03 00:00:00	2020-05-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=155,UK)
90.201.204.174	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=174,GB)
90.206.156.110	24	CW	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=10,GB)
90.206.164.63	24	KF	None	2020-01-20 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=63,GB) | updated by KF Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=63,GB)
90.214.184.6	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=6,GB)
90.214.224.140	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=140,GB)
90.216.173.109	24	RW	None	2020-01-09 00:00:00	2020-04-09 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=109,UK)
90.217.252.212	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_SourceFire (IP=12,GB)
90.24.103.200	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=200,FR)
90.249.151.183	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=183,GB)
90.249.201.158	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=158,GB)
90.249.222.76	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=76,GB)
90.254.221.75	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=75,GB)
90.3.193.74	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Logons (IP=74,FR)
90.37.72.99	32	dbc	None	2019-01-15 06:00:00	2020-01-15 06:00:00	None	FR TO-S-2019-0321 Malware Activity
90.45.3.18	24	FT	None	2020-09-19 00:00:00	2020-12-18 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt (1:53507:1) - SourceFire (IP=18,FR)
90.48.130.24	24	RW	None	2020-02-18 00:00:00	2020-05-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=24,FR)
90.49.21.23	32	JKC DE TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
90.65.112.25	32	JKC FR TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
90.69.208.50	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	ES TO-S-2019-1036 Malicious Email Activity
90.73.155.158	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=158,FR)
90.73.52.253	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=253,FR)
90.84.241.185	24	RR	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Illegal user - Failed Logons (IP=185,FR)
90.84.67.101	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=101,JO)
90.85.127.236	24	RWB	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Failed password - Failed Logon (IP=,IT) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=236,FR)
90.89.41.44	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	Command Injection (IP=44,FR)
90.89.48.8	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	Authentication Failed - 6hr Logons (IP=8,FR)
90.91.73.240	24	GM	None	2020-09-05 00:00:00	2020-12-05 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=240,FR)
90.95.18.166	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (1:52277:1) (IP=166,RO)
91.102.231.158	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	RS TO-S-2019-0409 Malicious Email Activity
91.104.83.250	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Authentication Failed - Failed Logons (IP=250,HU)
91.105.200.79	24	RR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=79,LV)
91.109.22.53	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DE TO-S-2020-0056 Malicious Web Application Activity
91.109.6.212	32	jky	None	2017-07-03 05:00:00	2020-11-17 00:00:00	None	GB TO-S-2017-1236 Phishing activity | updated by wmp Block was inactive. Reactivated on 20200819 with reason HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=212,GB)
91.113.45.230	24	KF	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Authentication Failed (IP=230,AT)
91.117.211.190	24	KF	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Illegal user (IP=190,ES)
91.121.114.69	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=69,FR)
91.121.14.42	24	CW	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	APP-DETECT failed FTP login attempt_Failed Logon (IP=42,FR)
91.121.142.225	24	CR	None	2019-01-17 00:00:00	2020-01-30 00:00:00	None	Failed password for invalid user user (IP=225,FR) | updated by RW Block was inactive. Reactivated on 20191030 with reason Failed password - 6hr Failed Logon(IP=225,FR)
91.121.157.15	24	KF	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=15,FR)
91.121.157.178	32	RR	None	2020-03-06 00:00:00	2020-06-04 00:00:00	None	Known Attack Tool User Agent/ HTTP: Masscan Scanner Traffic Detected - TT# 20C01998 (IP=178,FR)
91.121.169.157	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=157,FR
91.121.179.38	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=38,FR)
91.121.183.9	24	FT	None	2020-09-11 00:00:00	2020-12-11 00:00:00	None	SERVER-WEBAPP elFinder PHP connector arbitrary PHP file upload attempt - 6hr Web Attacks (IP=9,FR)
91.121.2.84	24	VG	None	2015-08-05 05:00:00	2020-03-05 00:00:00	None	Bro-observed Port Scanning (IP=84, FR) | updated by RR with reason Failed password for invalid user - Failed Logons (IP=33,FR)
91.121.55.158	24	RR	None	2020-08-28 00:00:00	2020-11-26 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=158,FR)
91.121.83.36	24	ged	None	2015-04-29 05:00:00	2020-02-18 00:00:00	None	TCP HOST SWEEPS (IP=36, FR) | updated by GM with reason APP-DETECT failed FTP login attempt - Failed Logons (IP=167,FR)
91.125.73.10	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=10,GB)
91.126.109.159	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Authentication Failed - Failed Logons (IP=159,ES)
91.126.235.42	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2/BOT: Mirai Echobot Activity Detected - TT# 20C02408 (IP=42,ES)
91.126.235.52	32	RB	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 020420-00073 (IP=52,ES)
91.132.100.0	22	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	RU TO-S-2019-0640.01 Malware Activity
91.132.136.0	24	JKC DE TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
91.132.138.0	24	JKC FR TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
91.132.138.163	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	SE TO-S-2019-0613 Malware Activity
91.132.139.0	24	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	AT TO-S-2019-0604 Malicious Email Activity
91.134.120.7	32	JKC NO TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
91.134.138.193	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	UA TO-2020-0212 network threat activity
91.134.140.242	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=242,FR)
91.134.141.89	24	CW	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	Failed password for invalid user_Failed Logon (IP=89,FR)
91.134.154.161	32	KF	None	2019-08-13 00:00:00	2020-12-23 00:00:00	None	Immediate Inbound Network Block - TT# 19C02795 (IP=161,US) | updated by JKC Block was inactive. Reactivated on 20191223 with reason FI TO-2020-0212 network threat activity
91.134.166.128	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	FR TO-S-2019-0640.01 Malicious Email Activity
91.134.217.235	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	FR TO-S-2019-0351 Malicious Email Activity
91.134.248.211	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=211,FR)
91.134.248.245	24	RW	None	2020-05-09 00:00:00	2020-08-09 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=245,FR)
91.134.26.84	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=84,FR)
91.135.242.113	24	RR	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=113,AZ)
91.135.244.221	24	DT	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=221,AZ)
91.14.180.230	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	FR TO-2020-0212 network threat activity
91.14.77.26	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=26,DE)
91.142.209.68	24	ged	None	2015-01-08 06:00:00	2020-05-06 00:00:00	None	TCP HOST SWEEPS (IP=68, ES) | updated by dbc with reason ES TO-S-2019-0640.01 Malicious Email Activity
91.146.105.192	24	GM	None	2019-01-11 06:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=192,UK)) | updated by RB with reason Generic ArcSight scan attempt (IP=192,GB) | 2020-01-20 | 2019-04-11
91.151.137.62	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Authentication Failed - Failed Logons (IP=62,GE)
91.160.60.40	32	JKC DE TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
91.165.233.212	24	RR	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Authentication Failed - Failed Logons (IP=212,FR)
91.166.254.157	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	Illegal user (IP=157,FR)
91.167.190.47	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Authentication Failed - Failed Logons (IP=47,FR)
91.167.34.221	24	CR	None	2019-01-15 06:00:00	2020-05-24 00:00:00	None	Authentication Failed (IP=221,FR) | updated by CR Block was inactive. Reactivated on 20200224 with reason Authentication Failed - 6hr failed logon (IP=221,FR)
91.169.128.234	24	RW	None	2020-02-18 00:00:00	2020-05-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=234,FR) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=234,FR)
91.173.121.137	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Authentication Failed - 6hr Logon (IP=137,FR)
91.177.139.235	24	FT	None	2020-08-27 00:00:00	2020-11-25 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=235,BE)
91.179.120.232	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Generic ArcSight scan attempt (IP=232,BE)
91.179.16.0	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability_Web attacks (IP=0,BE)
91.179.81.194	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=194,BE)
91.181.232.168	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=168,BL)
91.182.105.57	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Failed password for invalid user - Failed Logons (IP=57,BE)
91.185.193.101	24	RR	None	2019-10-21 00:00:00	2020-01-19 00:00:00	None	Illegal user - Failed Logons (IP=101,SI)
91.185.32.0	19	jky	None	2017-02-16 06:00:00	2020-04-17 00:00:00	None	RU TO-S-2017-0611 Foreign CNE actor activity | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=167,RU)
91.187.114.0	24	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	RS TO-S-2019-0890.01 Malicious Email Activity
91.187.194.212	24	GM	None	2020-08-30 00:00:00	2020-11-30 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=212,IT)
91.189.183.134	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	RO TO-2020-0212 network threat activity
91.189.183.136	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	DE TO-2020-0212 network threat activity
91.189.183.138	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	DE TO-2020-0212 network threat activity
91.191.173.125	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	TR TO-S-2019-0577 Malicious Email Activity
91.191.223.207	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=207,BG)
91.193.103.175	24	CR	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=175,HK)
91.193.236.0	22	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	RU TO-S-2019-0409 Malicious Email Activity
91.193.75.137	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=137,DE)
91.193.75.248	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=248,DE)
91.194.91.202	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=202,DE)
91.194.94.19	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=19,DK)
91.195.240.135	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	NL TO-S-2019-0430 Malware Activity
91.195.250.126	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	PL TO-S-2019-0604 Malware Activity
91.195.89.0	24	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	SA TO-S-2019-0626.01 Malware Activity
91.196.124.7	24	ged	None	2014-04-08 05:00:00	2020-03-26 00:00:00	None	SERVER-WEBAPP remote include path attempt (IP=7, BG) | updated by dbc with reason BG TO-S-2019-0532 Malicious Email Activity
91.196.132.162	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=162,DE)
91.196.222.34	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=34,XX)
91.196.70.12	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	DE TO-S-2019-0409 Malicious Email Activity
91.197.120.14	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Sourcefire (IP=14,ES)
91.197.132.0	22	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	RU TO-S-2019-0409 Malicious Email Activity
91.199.118.137	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=137,DE)
91.200.100.246	32	dbc	None	2020-08-04 00:00:00	2020-08-04 00:00:00	None	HIVE Case #3470 CTO-20-210 EUCOM JCC SR 101-20 (IP=246,DE)
91.200.100.36	24	RWB	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Invalid user - Failed Logon (IP=36,DE) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=36,DE)
91.200.122.0	23	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	RO TO-S-2019-0577 Malicious Email Activity
91.200.32.231	32	dbc	None	2019-08-15 00:00:00	2020-08-15 00:00:00	None	PL TO-S-2019-0890.01 Malicious Email Activity
91.201.225.195	24	RW	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6 hr web attacks (IP=195,UA)
91.201.42.81	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=81,RU)
91.203.193.84	24	RW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=84,RU)
91.203.36.98	24	GM	None	2020-01-16 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=98,RU) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=98,RU)
91.203.61.191	24	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - Web Attacks (IP=191,UA)
91.203.82.235	24	BMP	None	2020-05-16 00:00:00	2020-08-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr Web Attacks (IP=235,RU)
91.204.188.50	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=50,AM)
91.205.217.22	24	RB	None	2019-12-20 00:00:00	2020-03-19 00:00:00	None	Illegal user_6 hr Failed Logons (IP=22,UA)
91.207.172.68	24	ABC	None	2019-10-09 00:00:00	2020-01-07 00:00:00	None	Generic ArcSight scan attempt (IP=68,GB)
91.207.175.229	32	RR	None	2020-04-19 00:00:00	2020-07-18 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) - SourceFire (IP=229,US)
91.207.175.229	24	RW	None	2020-04-19 00:00:00	2020-07-19 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) - Sourcefire (IP=146,IN)
91.208.245.111	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat - Failed Logons (IP=111,GB)
91.208.245.201	32	RB	None	2020-08-17 00:00:00	2020-11-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT # 20C03732 (IP=201,FR)
91.209.70.72	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=72,RU)
91.209.70.72	24	RB	None	2020-03-12 00:00:00	2020-06-10 00:00:00	None	SQL 1 = 1 - possible sql injection attempt_Sourcefire (IP=72,RU)
91.21.47.201	24	GM	None	2020-01-27 00:00:00	2020-04-27 00:00:00	None	Failed password - Failed Logons (IP=201,DE)
91.210.226.202	24	GM	None	2020-09-17 00:00:00	2020-12-17 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=202,DE)
91.211.116.0	22	JKC DE TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
91.211.8.78	24	CW	None	2019-10-23 00:00:00	2020-01-21 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt_SourceFire (IP=78,DE)
91.212.150.213	24	GLM	None	2017-05-01 05:00:00	2020-02-04 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=213,RU) | updated by kmw with reason RU TO-S-2019-0382 Malicious Email Activ
91.212.213.8	24	djs	None	2014-08-05 05:00:00	2020-04-08 00:00:00	None	c2 Callout maid 2259 (ip=8,GE) | updated by dbc with reason GE TO-S-2019-0577 Malicious Email Activity
91.212.38.210	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	UDP: Host Sweep (IP=210,US)
91.212.66.0	24	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	RO TO-S-2019-0640.01 Malicious Email Activity
91.213.143.7	32	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	CZ TO-S-2019-0985 Malicious Web Application Activity
91.213.31.30	32	dbc	None	2019-01-15 06:00:00	2020-01-15 06:00:00	None	CZ TO-S-2019-0321 Malware Activity
91.215.156.200	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	NL TO-S-2019-0604 Malicious Email Activity
91.215.168.0	22	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	RU TO-S-2019-1036 Malicious Email Activity
91.216.107.228	24	dbc	None	2016-08-31 05:00:00	2020-04-17 00:00:00	None	FR TO-S-2016-1055 Phishing & Malicious Activity | updated by bob with reason FR TO-S-2017-0035 France IP associated with mali
91.216.93.70	24	RR	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logons (IP=70,GB)
91.217.189.5	24	KF	None	2020-04-09 00:00:00	2020-07-08 00:00:00	None	TCP: SYN Host Sweep (IP=5,SE)
91.217.194.85	24	GM	None	2019-11-06 00:00:00	2020-02-06 00:00:00	None	Invalid user - Failed Logons (IP=85,RU)
91.217.57.18	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	NL TO-S-2019-0640.01 Malicious Email Activity
91.218.244.0	22	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	RU TO-S-2020-0187 Malicious Email Activity
91.219.197.228	24	RB	None	2020-06-06 00:00:00	2020-09-04 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode_Sourcefire (IP=228,UA)
91.219.236.231	24	jky	None	2016-10-03 05:00:00	2020-09-02 00:00:00	None	HU TO-S-2016-1176 IP associated with malicious activity | updated by jky with reason TO-S-2017-0381 GRIZZLY STEPPE indicators | updated by dbc with reason HU TO-S-2019-0952 Malicious Reconnaissance Activity
91.219.237.244	24	MWH	None	2016-12-05 06:00:00	2020-03-21 00:00:00	None	ET CINS Active Threat Intelligence Poor Reputation IP & Misc Web Attack (IP=244) | updated by kmw with reason HU TO-S-2019-038
91.223.182.33	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	SI TO-S-2019-0610 Malicious Email Activity
91.224.184.17	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	PL TO-S-2019-0409 Malicious Email Activity
91.224.213.0	24	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	RO TO-S-2019-0658 Malware Activity
91.224.60.25	24	CR	None	2018-08-15 05:00:00	2020-02-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=25,PL) | updated by RB with reason Invalid user_6 hr Failed Logons (IP=75,PL) | 2020-02-27 | 2018-11-15
91.225.220.177	24	RR	None	2020-06-17 00:00:00	2020-09-15 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=177,UK)
91.225.223.204	24	GM	None	2020-06-10 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=204,UA)
91.226.92.42	24	GM	None	2020-08-06 00:00:00	2020-11-06 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=42,RU)
91.227.0.208	24	RB	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Sourcefire (IP=208,PL)
91.227.182.9	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=9,UA)
91.227.207.14	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=14,UA)
91.227.52.0	23	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	RU TO-S-2020-0006 Malicious Email Activity
91.228.155.204	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	Unaffiliated TO-S-2019-0532 Malicious Email Activity
91.228.83.9	32	JKC DE TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
91.229.20.112	24	sjl	None	2014-09-11 05:00:00	2020-01-09 00:00:00	None	TCP HOST SWEEPS (IP=112 FR) | updated by dbc with reason TCP Host Sweeps (IP=36, FR) | updated by RB with reason PROTOCOL-DNS DNS query amplification attempt_Sourcefire (IP=58,FR) | 2020-01-09 | 2015-08-15
91.229.20.58	24	RW	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=58,FR)
91.230.255.63	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=63,AL)
91.230.86.178	24	GM	None	2020-06-10 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=178,PL)
91.231.113.0	24	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	RU TO-S-2019-0400 Malicious Reconnaissance Activity
91.231.188.34	24	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=34,RU)
91.232.102.56	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	PL TO-S-2019-0769 Malicious Email Activity
91.232.12.86	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=86,HK)
91.232.196.24	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Invalid user - Failed Logons (IP=24,RU)
91.233.116.0	23	JKC DE TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
91.233.83.138	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=138,GB)
91.234.194.113	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	FR TO-S-2020-0187 Malicious Email Activity
91.234.35.30	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=30,UA)
91.234.62.19	24	CR	None	2020-05-13 00:00:00	2020-08-11 00:00:00	None	Command Injection (IP=19,no ISC data)
91.234.99.123	32	wmp	None	2020-08-20 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=123,NL)
91.234.99.179	24	RR	None	2018-01-17 06:00:00	2020-07-29 00:00:00	None	ET SCAN Potential VNC Scan 5800-5820 (IP=179,UA) | updated by jky with reason UA TO-S-2018-0660 Malware activity | updated | updated by dbc with reason NL TO-S-2019-0852 Malware Activity
91.234.99.211	32	wmp	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=211,NL)
91.234.99.65	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=65,NL)
91.234.99.83	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=83,NL)
91.235.116.252	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=252,RO)
91.235.142.0	24	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	UA TO-S-2019-0777 Malicious Email Activity
91.235.234.240	24	RW	None	2020-08-08 00:00:00	2020-11-08 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=240,RU)
91.235.72.0	22	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	RU TO-S-2019-0400 Malicious Reconnaissance Activity
91.236.138.188	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	Illegal user - Failed Logons (IP=188,UA)
91.236.239.250	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	DE TO-2020-0212 network threat activity
91.237.3.18	24	RW	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=18,UA)
91.238.160.175	32	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	GB TO-S-2019-0351 Malicious Email Activity
91.238.162.176	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=176,GB)
91.238.163.174	32	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	GB TO-S-2019-0723 Malicious Email Activity
91.238.223.41	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	RU TO-S-2019-0409 Malicious Email Activity
91.239.233.24	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=24,UA)
91.239.26.88	24	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=88,RU)
91.240.140.21	24	RB	None	2020-04-17 00:00:00	2020-07-16 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode_Sourcefire (IP=21,UA)
91.240.18.10	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=10,UA)
91.242.161.167	24	RW	None	2019-12-19 00:00:00	2020-03-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=167,RU)
91.243.175.243	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Failed password for invalid user -Failed Logons (IP=243,IR)
91.249.146.104	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=104,DE) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
91.249.181.45	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	FR TO-2020-0212 network threat activity
91.250.15.57	24	RW	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=57,UA)
91.250.242.0	24	JKC DE TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
91.250.84.58	24	BP	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password for invalid user (IP=58,DE)
91.35.207.150	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	DE TO-S-2019-0972 Malicious Web Application Activity
91.38.34.54	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt_Web attacks (IP=54,DE)
91.44.226.116	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	DE TO-2020-0212 network threat activity
91.44.227.163	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	DE TO-2020-0212 network threat activity
91.45.51.80	24	GM	None	2019-10-26 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command
91.57.25.85	32	JKC FR TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
91.60.154.5	24	GM	None	2019-10-01 00:00:00	2020-01-01 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=5,DE)
91.61.29.91	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	DE TO-S-2019-0409 Malicious Email Activity
91.73.119.118	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AE TO-S-2020-0109.01 Malicious Email Activity
91.73.14.171	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AE TO-S-2020-0109.01 Malicious Email Activity
91.73.28.155	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AE TO-S-2020-0109.01 Malicious Email Activity
91.73.67.136	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AE TO-S-2020-0109.01 Malicious Email Activity
91.73.81.47	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AE TO-S-2020-0109.01 Malicious Email Activity
91.74.175.46	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	DE TO-S-2020-0190 Malware Activity
91.74.234.15	24	RR	None	2019-12-09 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=15,AE)
91.76.17.225	24	RB	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=225,RU)
91.77.94.46	24	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	Authentication Failed - Failed Logons (IP=46,RU)
91.78.82.1	24	RR	None	None	2020-07-09 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=1,RU)
91.82.226.132	24	djs	None	2014-06-04 05:00:00	2020-05-06 00:00:00	None	Radius Service Scans (ip=132,HU) | updated by dbc with reason HU TO-S-2019-0640.01 Malicious Email Activity
91.82.85.29	32	dbc	None	2019-04-29 00:00:00	2020-04-29 00:00:00	None	HU TO-S-2019-0631 Malicious Email Activity
91.83.10.203	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=203,HU)
91.83.142.237	24	ABC	None	2019-10-25 00:00:00	2020-01-23 00:00:00	None	Generic ArcSight scan attempt (IP=237,HU)
91.83.93.103	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	HU TO-S-2019-1036 Malicious Email Activity
91.83.93.124	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	HU TO-S-2019-1036 Malicious Email Activity
91.90.210.104	24	RW	None	2019-12-12 00:00:00	2020-03-12 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=104,RU)
91.90.44.27	24	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt - SourceFire (IP=27,NO)
91.90.97.226	24	RR	None	2020-01-11 00:00:00	2020-04-10 00:00:00	None	Illegal user - Failed Logons (IP=226,FR)
91.92.109.227	24	RR	None	2018-04-24 05:00:00	2020-04-22 00:00:00	None	ET SCAN Potential SSH Scan (IP=227,BG) | updated by dbc with reason BG TO-S-2019-0613 Malware Activity
91.92.128.222	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	BG TO-S-2019-0640.01 Malware Activity
91.92.185.158	24	CW	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Failed password_Faield Logon (IP=58,IR)
91.92.208.0	21	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	IR TO-S-2019-0640.01 Malware Activity
91.98.125.165	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Sourcefire (IP=165,IR)
91.98.64.242	24	KF	None	2019-12-03 00:00:00	2020-03-02 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=242,IR)
92.101.122.62	24	RR	None	2019-11-28 00:00:00	2020-02-26 00:00:00	None	Failed password for invalid user - Failed Logons (IP=62,RU)
92.106.159.171	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=171,CH)
92.108.17.74	24	GM	None	2019-10-09 00:00:00	2020-01-09 00:00:00	None	SQL union select - possible sql
92.110.160.114	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=114,NL)
92.116.132.4	32	JKC IT TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
92.116.88.95	32	JKC IT TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
92.117.133.45	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	Authentication Failed (IP=45,DE)
92.117.176.40	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	SE TO-2020-0212 network threat activity
92.118.188.216	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=216,US)
92.118.234.186	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=186,XX)
92.118.37.86	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=86,XX)
92.119.160.0	24	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	RU TO-S-2020-0006 Malicious Email Activity
92.119.60.0	24	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	IQ TO-S-2020-0047 Malware Activity
92.12.139.70	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
92.126.211.33	24	RR	None	2020-08-13 00:00:00	2020-11-11 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=33,RU)
92.127.155.237	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=237,RU)
92.127.209.162	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=162,RU)
92.127.209.162	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=162,RU)
92.139.7.230	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	Invalid user - Failed Logons (IP=230,FR)
92.148.156.68	24	RW	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=68,FR)
92.15.73.173	24	RB	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	Timeout before authentication for_6 hr Failed Logons (IP=173,GB)
92.152.230.70	24	RR	None	2020-02-29 00:00:00	2020-05-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=70,FR)
92.153.48.183	32	dbc	None	2019-01-15 06:00:00	2020-01-15 06:00:00	None	FR TO-S-2019-0321 Malware Activity
92.154.94.252	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	Invalid user - Failed Logons (IP=252,FR)
92.17.32.226	24	CW	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_web attacks (IP=26,GB)
92.17.37.247	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
92.184.116.174	32	dbc	None	2019-01-15 06:00:00	2020-01-15 06:00:00	None	FR TO-S-2019-0321 Malware Activity
92.185.39.231	32	wmp	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	HIVE Case #3484 COLS-NA-TIP-20-0249 (IP=231,ES)
92.188.0.183	32	KF	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	Known Attack Tool User Agent - TT# 20C00043 (IP=183,US)
92.188.125.116	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Illegal user - Failed Logons (IP=116,FR)
92.19.28.33	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=33,GB)
92.195.35.197	24	BMP	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	Authentication Failed - 6hr Logons (IP=197,DE)
92.203.207.9	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	Authentication Failed - Failed Logons (IP=9,DE)
92.206.139.90	24	RR	None	2020-04-24 00:00:00	2020-07-23 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=90,DE)
92.206.14.63	24	BMP	None	2020-01-13 00:00:00	2020-04-24 00:00:00	None	Authentication Failed - 6hr Logons (IP=63,DE) | updated by KF Block expiration extended with reason Authentication Failed (IP=63,DE)
92.207.180.50	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=50,UK)
92.222.10.244	24	GLM	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	Unauthorized Scanning (IP=244,FR)
92.222.125.16	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	FR TO-S-2019-1036 Malicious Email Activity
92.222.132.246	32	wmp	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HIVE Case #3604 COLS-NA-TIP-20-0262 (IP=246,FR)
92.222.144.212	24	KF	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=212,FR)
92.222.147.117	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	FR TO-S-2019-0864 Malware Activity
92.222.158.249	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
92.222.181.159	24	BP	None	2019-12-03 00:00:00	2020-03-08 00:00:00	None	Failed password - 6hr Logon (IP=159,FR) | updated by BP Block expiration extended with reason Invalid user (IP=159,FR)
92.222.201.27	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	FR TO-S-2019-0952 Malware Activity
92.222.209.223	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=223,FR)
92.222.211.44	32	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	FR TO-S-2019-0769 Malicious Email Activity
92.222.212.0	32	dbc	None	2019-02-14 00:00:00	2020-02-14 00:00:00	None	FR TO-S-2019-0400 Malware Activity
92.222.216.44	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	FR TO-S-2019-1036 Malicious Email Activity
92.222.216.71	24	RW	None	2019-11-14 00:00:00	2020-02-14 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=71,FR)
92.222.231.81	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	FR TO-S-2019-0420 Malicious Email Activity
92.222.45.214	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=214,FR)
92.222.45.214	24	RW	None	2020-03-12 00:00:00	2020-06-12 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr web attacks (IP=214,FR)
92.222.47.41	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=,FR)
92.222.72.234	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=234,FR)
92.222.79.138	24	GM	None	2019-10-31 00:00:00	2020-01-31 00:00:00	None	Invalid user - Failed Logons (IP=138,FR)
92.222.84.15	24	RR	None	2018-02-21 06:00:00	2020-03-05 00:00:00	None	Authentication Failed (IP=15,FR) | updated by CR with reason Failed password for invalid user user (IP=36,FR) | updated by GM with reason Invalid user - Failed Logons (IP=34,FR)
92.222.88.189	24	YM	None	2017-10-23 05:00:00	2020-01-26 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt (IP=189,FR) | updated by KF with reason Failed Password_6 Hr Failed Logons (IP=30,FR)
92.222.91.31	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password - Failed Logon (IP=,FR)
92.223.79.254	32	wmp	None	2020-08-12 00:00:00	2020-11-12 00:00:00	None	HIVE Case #3477 COLS-NA-TIP-20-0244 (IP=254,AU)
92.223.89.140	32	RW	None	2020-09-08 00:00:00	2020-12-08 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03863 (IP=140,LU)
92.223.93.186	32	wmp	None	2020-07-10 00:00:00	2020-10-10 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=186,IT)
92.234.114.90	24	RWB	None	2019-11-30 00:00:00	2020-02-28 00:00:00	None	Failed password for invalid user - Failed Logon (IP=90,GB)
92.236.204.176	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=176,GB)
92.238.51.136	24	MLJ	None	2018-03-14 05:00:00	2020-03-16 00:00:00	None	ET SCAN Potential SSH Scan (IP=136,GB) | updated by KF with reason Authentication Failed (IP=136,GB) | updated by KF with reason Authentication Failed (IP=136,GB)
92.240.253.107	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	NL TO-S-2020-0065 Malicious Email Activity
92.240.253.153	24	RB	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - 6hr failed logon (IP=153,SK)
92.240.253.18	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	SK TO-S-2019-0488 Malicious Email Activity
92.245.171.181	32	dbc	None	2019-09-10 00:00:00	2020-09-10 00:00:00	None	IT TO-S-2019-0972 Malicious Web Application Activity
92.246.76.95	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=95,no ISC data)
92.246.84.195	32	RW	None	2020-02-28 00:00:00	2020-03-28 00:00:00	None	Known Attack Tool User Agent / HTTP: SqlMap SQL Injection - Scanning I - TT# 20C01865 (IP=195,DE)
92.246.84.211	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	UDP: Host Sweep (IP=211,NL)
92.25.44.248	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	Authentication Failed - 6hr Logons (IP=248,GB)
92.253.171.172	24	KF	None	2019-12-14 00:00:00	2020-03-13 00:00:00	None	Authentication Failed (IP=172,RU)
92.255.178.230	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Invalid user - Failed Logon (IP=,FR)
92.27.68.71	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
92.28.152.10	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=10,GB)
92.36.150.65	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=65,BA)
92.38.188.85	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=85,RU)
92.43.104.77	24	ABC	None	2019-10-13 00:00:00	2020-01-11 00:00:00	None	Generic ArcSight scan attempt (IP=77,CH)
92.43.107.120	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	DE TO-S-2019-0658 Malicious Email Activity
92.43.17.151	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	GB TO-S-2019-0604 Malicious Email Activity
92.45.184.198	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=198,TR)
92.45.8.92	32	wmp	None	2020-08-25 00:00:00	2020-11-23 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=92,TR)
92.45.88.104	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	TR TO-S-2019-0409 Malware Activity
92.46.25.229	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=229,KZ)
92.47.147.182	24	RB	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=182,KZ)
92.47.234.21	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=21,KZ)
92.47.73.116	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=116,KZ)
92.48.206.210	24	jkc	None	2015-08-23 05:00:00	2020-04-17 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (IP=210 , NL) | updated by dbc with reason NL TO-S-2019-0571 Maliciou
92.50.249.166	24	RR	None	2019-02-11 00:00:00	2020-02-18 00:00:00	None	Failed password for invalid user (IP=166,RU) | updated by CW Block was inactive. Reactivated on 20191120 with reason Failed password_Failed Logon (IP=66,RU)
92.50.28.209	32	RB	None	2019-10-03 00:00:00	2020-01-01 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00117 (IP=209,IR)
92.51.129.249	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	DE TO-S-2019-1036 Malicious Email Activity
92.51.78.66	24	RB	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_Sourcefire (IP=66,GE)
92.53.100.159	24	RR	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Illegal user - Failed Logons (IP=159,RU)
92.53.107.251	24	GM	None	2020-08-07 00:00:00	2020-11-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=251,RU)
92.53.114.85	24	RR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=85,RU)
92.53.64.0	19	dbc	None	2019-04-04 00:00:00	2020-04-04 00:00:00	None	RU TO-S-2019-0571 Malicious Email Activity
92.53.96.112	32	RW	None	2020-06-29 00:00:00	2020-07-29 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03314 (IP=112,RU)
92.53.96.188	32	RW	None	2020-07-01 00:00:00	2020-08-01 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03351 (IP=188,RU)
92.53.96.193	32	RW	None	2020-06-12 00:00:00	2020-07-12 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03151 (IP=193,RU)
92.53.96.193	32	RW	None	2020-06-12 00:00:00	2020-07-12 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03151 (IP=193,RU)
92.53.96.206	32	RW	None	2020-07-30 00:00:00	2020-08-30 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03583 (IP=206,RU)
92.53.96.206	32	RW	None	2020-07-30 00:00:00	2020-08-30 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03583 (IP=206,RU)
92.53.98.146	24	RR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=146,RU)
92.54.200.134	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt_SourceFire (IP=34,GE)
92.55.64.0	18	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	MK TO-S-2020-0012 Malware Activity
92.6.32.251	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=251,GB)
92.60.176.13	24	wmp	None	2015-10-26 05:00:00	2020-02-15 00:00:00	None	China Chopper PHP (IP=13,UA) | updated by dbc with reason UA TO-S-2019-0409 Malicious Email Activity
92.60.84.186	24	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=186,RU)
92.63.109.78	24	RR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=78,RU)
92.63.110.15	24	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=15,RU)
92.63.194.38	24	ABC	None	2019-01-07 06:00:00	2020-01-17 00:00:00	None	Generic ArcSight scan attempt (IP=38,RU) | updated by RR with reason Generic ArcSight scan attempt (IP=148,NL)
92.63.196.9	24	CR	None	2020-02-19 00:00:00	2020-05-19 00:00:00	None	TCP: SYN Host Sweep (IP=9,RU)
92.76.146.143	24	KF	None	2020-01-25 00:00:00	2020-04-24 00:00:00	None	Failed password (IP=143,DE)
92.78.207.141	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Logons (IP=141,DE)
92.79.179.89	24	RR	None	2019-11-22 00:00:00	2020-02-21 00:00:00	None	Failed password - Failed Logons (IP=89,DE) | updated by KF Block expiration extended with reason Failed password (IP=89,DE)
92.82.169.38	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=38,RO)
92.9.8.109	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=109,GB)
92.96.81.50	24	RB	None	2020-04-02 00:00:00	2020-07-01 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt_Sourcefire (IP=50,AE)
92.96.95.229	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=229,AE)
92.96.96.29	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=29,AE)
92.97.24.0	21	dbc	None	2019-10-30 00:00:00	2020-10-30 00:00:00	None	AE TO-S-2020-0077 Malicious Email Activity
92.97.7.61	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=61,AE)
92.98.133.250	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=250,AE)
92.98.178.67	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr web attacks (IP=67,AE)
92.98.65.142	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=142,AE)
93.103.103.55	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=55,SI)
93.103.129.0	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	SI TO-S-2019-0420 Malicious Email Activity
93.104.210.13	24	RR	None	2020-08-13 00:00:00	2020-11-11 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=13,DE)
93.107.168.96	24	RR	None	2018-11-13 06:00:00	2020-05-16 00:00:00	None	Illegal user (IP=96,IE) | updated by RR Block was inactive. Reactivated on 20200216 with reason Illegal user - Failed Logons (IP=96,IE)
93.109.0.0	16	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	CY TO-S-2019-0420 Correction to TO-S-2018-1077 Malicious Activity
93.112.1.143	32	dbc	None	2019-10-09 00:00:00	2020-10-09 00:00:00	None	SA TO-S-2020-0012 Malicious Email Activity
93.113.36.226	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SQL 1 = 1 - possible sql injection attempt_Web Attacks (IP=226,RO)
93.114.205.113	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Sourcefire (IP=113,ES)
93.115.112.0	21	dbc	None	2019-06-07 00:00:00	2020-06-07 00:00:00	None	RO TO-S-2019-0723 Malicious Email Activity
93.115.151.232	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=232,IR)
93.115.27.44	24	CR	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	UDP: Host Sweep - Automated Block Calculations (IP=44,LT)
93.115.28.104	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=104,LT)
93.119.178.174	24	KF	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password (IP=174,RO)
93.124.15.87	24	GM	None	2020-03-22 00:00:00	2020-06-22 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=87,RU)
93.125.0.0	17	dbc	None	2018-12-26 06:00:00	2020-02-15 00:00:00	None	BY TO-S-2019-0263 Malware Activity | updated by dbc with reason BY TO-S-2019-0409 Malicious Email Activity
93.127.246.69	24	RW	None	2019-10-22 00:00:00	2020-01-22 00:00:00	None	Web App reconnaissance - Hive Case #1069 (IP=69,DE)
93.136.5.23	24	GM	None	2020-01-08 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - Failed Logons (IP=23,HR)
93.143.164.187	24	RB	None	2019-12-29 00:00:00	2020-03-28 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=187,HR)
93.144.81.166	24	RR	None	2020-01-17 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=166,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=166,IT) | updated by GM Block expiration extended with rea
93.148.143.228	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=228,IT)
93.149.167.72	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=72,IT)
93.151.252.233	24	GM	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=233,IT)
93.152.142.250	24	FT	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=BG,250)
93.152.159.11	24	RWB	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Failed password - Failed Logon (IP=11,BG)
93.170.130.1	24	RW	None	2019-11-27 00:00:00	2020-02-27 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=1,RU)
93.170.246.229	24	DT	None	2020-06-15 00:00:00	2020-09-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=229,RU)
93.170.73.28	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=28,RU)
93.171.141.14	24	CW	None	2019-11-20 00:00:00	2020-02-18 00:00:00	None	Failed password_Failed Logon (IP=14,RU)
93.174.89.43	24	RW	None	2020-07-18 00:00:00	2020-10-18 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=43,NL)
93.174.93.0	24	None	None	None	2020-01-03 00:00:00	None	| updated by RW with reason SERVER-WEBAPP Avtech IP Camera search.cgi command injection attempt - 6 hr web attacks (IP=178,NL)
93.177.75.170	32	dbc	None	2019-03-21 00:00:00	2020-03-21 00:00:00	None	FR TO-S-2019-0515 Malware Activity
93.177.80.0	22	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	HK TO-S-2020-0187 Malicious Email Activity
93.179.69.60	24	KF	None	2019-11-10 00:00:00	2020-02-08 00:00:00	None	Generic ArcSight scan attempt (IP=60,UA)
93.179.80.61	24	RW	None	2019-11-07 00:00:00	2020-02-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=61,RU)
93.180.67.137	32	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	NL TO-S-2020-0187 Malicious Email Activity
93.184.220.23	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	GB TO-S-2020-0031 Malicious Email Activity
93.185.16.0	20	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
93.185.98.46	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	CZ TO-S-2019-0577 Malicious Email Activity
93.186.202.39	24	ABC	None	2015-11-23 06:00:00	2020-03-11 00:00:00	None	Generic ArcSight scan attempt (IP=39,DE) | updated by ged with reason ET SCAN Sipvicious User-Agent Detected (friendly-scanner
93.187.128.0	22	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	HK TO-S-2019-0430 Malicious Email Activity
93.188.2.5	24	SQL	None	2018-06-06 05:00:00	2020-09-02 00:00:00	None	1 = 1 - possible sql injection | updated by RR with reason SQL use of sleep function with and - likely SQL injection (IP=5,SE) | updated by dbc with reason SE TO-S-2019-0952 Malware Activity
93.188.2.53	32	wmp	None	2020-09-15 00:00:00	2020-12-14 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=53,SE)
93.191.14.86	24	KF	None	2018-10-14 05:00:00	2020-01-27 00:00:00	None	Misc Activity (IP=86,RS) | updated by KF Block was inactive. Reactivated on 20191004 with reason INDICATOR-COMPROMISE Suspicious .tk dns query (1:39867:4)_SourceFire (IP=86,RU) | updated by KF Block expiration extended with reason INDICATOR-COMPROMISE
93.191.156.104	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	DK TO-S-2019-0640.01 Malicious Email Activity
93.191.156.97	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	DK TO-S-2019-0640.01 Malicious Email Activity
93.198.246.35	24	CR	None	2020-06-12 00:00:00	2020-09-12 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=35,DE)
93.203.102.71	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-2020-0212 network threat activity
93.213.89.4	32	JKC SK TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
93.213.97.7	24	GM	None	2020-09-22 00:00:00	2020-12-22 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=7,DE)
93.226.224.200	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	CH TO-2020-0212 network threat activity
93.227.138.48	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	IT TO-2020-0212 network threat activity
93.23.181.146	32	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	FR TO-S-2019-0952 Malware Activity
93.235.105.30	24	CW	None	2020-01-14 00:00:00	2020-04-13 00:00:00	None	Authentication Failed_Failed Logon (IP=30,DE)
93.235.99.248	24	RW	None	2020-02-21 00:00:00	2020-05-21 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=248,DE)
93.245.117.246	24	RW	None	2019-10-28 00:00:00	2020-01-28 00:00:00	None	- 6hr Failed Logon(IP=246,DE)
93.25.112.3	24	CR	None	2020-02-24 00:00:00	2020-05-24 00:00:00	None	Authentication Failed - 6hr failed logon (IP=3,FR)
93.31.201.163	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	IT TO-2020-0212 network threat activity
93.35.239.206	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	NL TO-2020-0212 network threat activity
93.37.253.12	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=12,IT)
93.38.61.23	24	RR	None	2020-01-20 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=23,IT) | updated by RB Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Sourcefire (IP=23 IT) | updated by KF
93.39.116.254	24	KF	None	2019-01-16 06:00:00	2020-02-12 00:00:00	None	Illegal user (IP=254,IT) | updated by GM with reason Invalid user - Failed Logons (IP=254,IT)
93.39.228.181	24	CW	None	2019-07-02 00:00:00	2020-02-10 00:00:00	None	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt_6hr Web Attacks (IP=81,IT) | updated by CW Block was inactive. Reactivated on 20191112 with reason SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt
93.39.97.39	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=39,IT)
93.41.248.223	24	KF	None	2019-11-19 00:00:00	2020-02-17 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt_Web Attacks (IP=223,IT)
93.41.251.153	24	RR	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=153,IT)
93.42.109.154	24	RR	None	2020-01-20 00:00:00	2020-07-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=154,IT) | updated by CR Block was inactive. Reactivated on 20200426 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=154,IT)
93.42.117.137	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password for invalid user - Failed Logons (IP=137,IT)
93.42.126.148	24	RR	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password - Failed Logons (IP=148,IT)
93.42.75.89	24	RR	None	2018-04-19 05:00:00	2020-04-21 00:00:00	None	Authentication Failed (IP=89,IT) | updated by KF with reason Authentication Failed (IP=89,IT) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=233,IT) | updated by RWB with reason At
93.42.77.160	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=160,IT)
93.43.37.222	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02394 (IP=222,IT)
93.43.39.56	24	RW	None	2019-11-04 00:00:00	2020-02-04 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=56,IT)
93.46.115.12	24	jkc	None	2016-12-27 06:00:00	2020-04-19 00:00:00	None	ET SCAN Potential SSH Scan (IP=12,IT) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=163,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution att
93.46.241.37	24	GM	None	2020-07-29 00:00:00	2020-10-29 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=37,IT)
93.47.150.64	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02413 (IP=64,IT)
93.47.173.122	24	RR	None	2020-04-19 00:00:00	2020-07-18 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=122,IT)
93.50.125.249	24	RR	None	2018-01-18 06:00:00	2020-05-17 00:00:00	None	Authentication Failed (IP=249,IT) | updated by RR Block was inactive. Reactivated on 20200217 with reason Authentication Failed - Failed Logons (IP=249,IT)
93.51.186.90	24	GM	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	Illegal user - Failed Logons (IP=90,IT)
93.56.175.204	24	CR	None	2019-02-15 00:00:00	2020-05-13 00:00:00	None	Authentication Failed (IP=204,IT) | updated by KF Block was inactive. Reactivated on 20200213 with reason Authentication Failed - Failed Logins (IP=204,IT)
93.6.143.191	24	GM	None	2020-06-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=191,FR)
93.61.124.33	32	JKC CA TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
93.63.37.169	24	DT	None	2020-07-06 00:00:00	2020-10-04 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=169,IT)
93.65.202.236	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=236,IT)
93.65.225.232	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=232,IT)
93.65.242.93	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=93,IT)
93.66.40.198	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=198,IT)
93.66.74.228	32	JKC IT TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
93.67.105.167	24	GM	None	2020-02-12 00:00:00	2020-05-12 00:00:00	None	Authentication Failed - Failed Logons (IP=167,IT)
93.67.106.212	24	GM	None	2019-10-27 00:00:00	2020-01-27 00:00:00	None	Illegal user - Failed Logons (IP=212,IT)
93.70.220.204	24	RWB	None	2020-01-16 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=204,IT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=204,IT)
93.70.225.249	24	GM	None	2020-06-10 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=249,IT)
93.70.249.132	24	KF	None	2020-03-01 00:00:00	2020-05-30 00:00:00	None	Known Attack Tool User Agent - TT# 20C01889 (IP=132,IT)
93.76.195.140	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
93.76.233.223	24	RW	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=223,UA) | not blocked because No refs to MVPower found in USACE SharePoint or NAC
93.82.194.66	24	RR	None	2019-11-13 00:00:00	2020-02-11 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - SourceFire (IP=66,AU)
93.82.29.252	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt - SourceFire (IP=252,AT)
93.82.30.148	24	RWB	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt - SourceFire (IP=148,AT)
93.86.223.76	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=76,RS)
93.88.128.0	20	dbc	None	2019-12-17 00:00:00	2020-12-17 00:00:00	None	RU TO-S-2020-0187 Malicious Web Application Activity
93.89.20.2	32	wmp	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=2,TR)
93.89.20.2	24	KF	None	2019-12-17 00:00:00	2020-03-16 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=2,TR)
93.89.230.241	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	TR TO-S-2019-0488 Malware Activity
93.90.144.0	20	dbc	None	2019-01-24 00:00:00	2020-01-24 00:00:00	None	SE TO-S-2019-0351 Malicious Email Activity
93.90.193.215	24	BMP	None	2020-01-15 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr Web Attacks (IP=215,DE) | updated by RWB with reason SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=237,DE)
93.90.193.237	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=237,DE)
93.90.202.173	24	RW	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - 6hr web attacks (IP=173,DE)
93.90.203.137	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Sourcefire (IP=137,DE)
93.90.203.214	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=214,AE)
93.90.206.31	24	MLJ	None	2018-01-12 06:00:00	2020-02-08 00:00:00	None	ET SCAN Potential SSH Scan (IP=31,GB) | updated by KF with reason Generic ArcSight scan attempt (IP=106,DE)
93.90.207.105	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-OTHER Adobe ColdFusion unauthenticated file upload attempt - SourceFire (IP=105,DE)
93.90.74.126	24	KF	None	2019-10-19 00:00:00	2020-01-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_Web Attacks (IP=126,) | updated by KF Block expiration extended with reason Command Injection Attempt (IP=126,HK)
93.90.75.213	24	RR	None	2020-07-26 00:00:00	2020-10-24 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=213,HK)
93.91.150.159	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=159,CZ)
93.93.116.36	24	djs	None	2014-08-05 05:00:00	2020-04-08 00:00:00	None	c2 Callout maid 2250 (ip=36,ES) | updated by dbc with reason ES TO-S-2019-0577 Malicious Email Activity
93.94.208.0	21	JKC IT TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
93.95.100.107	32	DT	None	2020-06-08 00:00:00	2020-09-06 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03088 (IP=107,RU)
93.99.104.170	24	KF	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	Known Attack Tool User Agent/HTTP: Blind SQL Injection - TT# 20C01848 (IP=170,CZ)
93.99.41.100	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	ARCSight Sauron (IP=100,AT)
94.1.80.104	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=4,GB)
94.100.22.48	24	BMP	None	2020-01-15 00:00:00	2020-04-14 00:00:00	None	Possible SQLi attempt - TT# 20C01462 (IP=48,NL) | updated by BMP Block expiration extended with reason Possible SQLi attempt - TT# 20C01462 (IP=48,NL)
94.102.2.233	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	TR TO-S-2019-1036 Malicious Email Activity
94.102.49.0	24	sym	None	2014-03-30 05:00:00	2020-01-02 00:00:00	None	TCP Host Sweep (ip=65,NL) | updated by jkc with reason ET SCAN Potential SSH Scan (IP=210 , NL) | updated by jkc with reason | updated by RB with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT#19C02328 (IP=190,NL)
94.102.50.143	32	RR	None	2020-07-07 00:00:00	2020-10-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03385 (IP=143,NL)
94.102.50.156	32	RW	None	2020-07-16 00:00:00	2020-10-16 00:00:00	None	FTKNOX_HRC_IPS Signature: HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 20C03488 (IP=156,NL)
94.102.50.50	24	dbc	None	2014-03-18 05:00:00	2020-01-18 00:00:00	None	SSH Scans (ip=50,NL) | updated by ABC with reason Bro-observed Port Scanning (IP=44,NL) | updated by ged with reason ET SCAN | updated by RB with reason Generic ArcSight scan attempt (IP=96,NL) | 2020-01-18 | 2017-12-09
94.102.50.96	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=96,NL)
94.102.51.22	24	RR	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=22,NL)
94.102.51.225	32	wmp	None	2020-07-02 00:00:00	2020-10-02 00:00:00	None	HIVE Case #3212 CTO-20-182 (IP=225,NL)
94.102.52.57	24	RR	None	2020-03-25 00:00:00	2020-06-23 00:00:00	None	TCP: SYN Host Sweep (IP=57,NL)
94.102.56.206	24	dbc	None	2014-09-03 05:00:00	2020-01-17 00:00:00	None	Potential VNC Scan 5900-5920 (ip=206 NL) | updated by dbc with reason Potential VNC Scan 5900 (IP=210, NL) | updated by dbc | updated by RR with reason Generic ArcSight scan attempt (IP=151,NL)
94.102.57.241	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=241,NL)
94.102.59.5	24	BMP	None	2020-07-08 00:00:00	2020-10-06 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=5,SC)
94.102.60.18	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=18,NL)
94.102.63.0	24	djs	None	2014-05-15 05:00:00	2020-01-17 00:00:00	None	DNS query amplification attempts and VNC scans (ip=238,NL) | updated by djs with reason Bro-observed Port Scanning (IP=55,NL) | updated by RB with reason Generic ArcSight scan attempt (IP=18,NL) | 2020-01-17 | 2018-07-03
94.103.89.235	24	RW	None	2019-11-01 00:00:00	2020-01-30 00:00:00	None	Generic ArcSight scan attempt (IP=235,DE)
94.103.95.25	32	wmp	None	2020-07-09 00:00:00	2020-10-09 00:00:00	None	HIVE Case #3284 CTO-20-189 (IP=25,NL)
94.121.9.42	24	RR	None	2020-01-17 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=42,TR) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=42,TR) | updated by RWB with reason SERVER-WEBAPP MVPower
94.122.180.22	24	RW	None	2019-12-25 00:00:00	2020-03-30 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=22,TR) | updated by RWB Block expiration extended with reason Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt
94.123.197.118	24	RW	None	2020-03-20 00:00:00	2020-06-20 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - Sourcefire (IP=118,TK)
94.124.93.186	32	dbc	None	2019-01-30 00:00:00	2020-02-04 00:00:00	None	NL TO-S-2019-0370 Malware Activity | updated by kmw with reason NL TO-S-2019-0363.01 Malware Activity
94.126.169.140	24	RB	None	2019-02-07 00:00:00	2020-09-10 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (IP=140,PT) | updated by dbc with reason PT TO-S-2019-0972 Malware Activity
94.126.20.178	32	dbc	None	2019-03-29 00:00:00	2020-03-29 00:00:00	None	CH TO-S-2019-0551.02 Malicious Email Activity
94.126.40.35	32	dbc	None	2019-03-26 00:00:00	2020-03-26 00:00:00	None	GB TO-S-2019-0532 Malicious Email Activity
94.126.40.36	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	GB TO-S-2019-0577 Malicious Email Activity
94.127.0.0	21	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	RS TO-S-2019-0640.01 Malicious Email Activity
94.128.17.127	24	GM	None	2019-10-21 00:00:00	2020-01-21 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks (IP=127,KW)
94.13.200.92	24	BMP	None	2020-01-09 00:00:00	2020-04-08 00:00:00	None	Authentication Failed - 6hr Logons (IP=92,GB)
94.13.73.41	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=41,UK)
94.130.12.27	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=27,DE)
94.130.12.30	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=30,DE)
94.130.123.86	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	DE TO-S-2019-0430 Malicious Email Activity
94.130.134.56	24	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=56,DE)
94.130.16.45	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	DE TO-S-2019-0658 Malicious Email Activity
94.130.161.237	24	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=237,DE)
94.130.162.223	32	dbc	None	2019-03-28 00:00:00	2020-03-28 00:00:00	None	DE TO-S-2019-0546 Malicious Email Activity
94.130.173.90	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Invalid user - Failed Logons (IP=90,UA)
94.130.40.100	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malicious Email Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malicious Email Activity
94.130.50.80	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=80,DE)
94.130.52.106	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	DE TO-S-2019-0604 Malicious Email Activity
94.130.67.142	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	DE TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason DE TO-S-2020-0212.01 Malware Activity
94.130.67.184	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	DE TO-S-2019-0577 Malicious Email Activity
94.130.9.87	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	DE TO-S-2019-0734.01 Malicious Email Activity
94.138.200.160	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	TR TO-S-2019-0577 Malicious Email Activity
94.140.114.132	24	KF	None	2020-02-13 00:00:00	2020-05-13 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=132,SE)
94.140.21.185	24	RB	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=185,GB)
94.141.29.228	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=228,IT)
94.15.8.100	24	KF	None	2020-03-18 00:00:00	2020-06-16 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity - TT# 20C02179 (IP=100,GB)
94.150.248.38	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DK TO-S-2020-0056 Malicious Web Application Activity
94.152.136.42	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=42,PL)
94.154.1.2	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	TCP: SYN Host Sweep (IP=2,RU)
94.154.63.200	24	BP	None	2019-11-27 00:00:00	2020-02-25 00:00:00	None	Invalid user - 6hr Logons (IP=200,PL)
94.154.85.36	24	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Web Attacks (IP=36,RU)
94.155.33.191	24	RW	None	2020-05-07 00:00:00	2020-08-07 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=191,BG)
94.156.175.181	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SQL generic convert injection attempt - GET parameter - SourceFire (IP=181,BG)
94.156.67.115	24	RR	None	2020-09-13 00:00:00	2020-12-12 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (1:29831:3) - Web Attacks (IP=115,BG)
94.158.0.0	20	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	RU TO-S-2019-0468 Malicious Web Application Activity
94.158.244.35	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=35,US)
94.158.245.0	24	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,MD)
94.158.247.4	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=4,US)
94.175.199.186	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	GB TO-S-2020-0031 Malicious Email Activity
94.176.232.0	21	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	LT TO-S-2019-0985 Application Vulnerability Exploit
94.177.153.12	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=12,ES)
94.177.189.102	24	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=,IT)
94.177.199.138	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=138,IT)
94.177.214.200	24	RWB	None	2019-11-29 00:00:00	2020-02-27 00:00:00	None	Invalid user - Failed Logon (IP=200,IT)
94.177.216.92	24	MLJ	None	2017-07-27 05:00:00	2020-03-05 00:00:00	None	ET SCAN Potential SSH Scan (IP=92,RO) | updated by RB with reason likely hosting malicious code (IP=74,IT) | 2018-12-25 | 201 | updated by RR with reason DLINK Command Injection - New Exploit URL - New DLINK (IP=74,IT)
94.177.224.43	24	RR	None	2018-05-25 05:00:00	2020-01-31 00:00:00	None	ET SCAN Potential SSH Scan (IP=43,RO) | updated by RB with reason UDP: Unauthorized Access-Probe - TT#19C02137 (IP=145,DE) | updated by RR with reason Failed password - Failed Logons (IP=127,DE)
94.177.230.111	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	TCP: SYN Host Sweep (IP=111,DE)
94.177.230.111	24	KF	None	2020-04-14 00:00:00	2020-07-13 00:00:00	None	TCP: SYN Host Sweep (IP=111,DE)
94.177.240.141	32	dbc	None	2019-06-27 00:00:00	2020-06-27 00:00:00	None	FR TO-S-2019-0781 Malicious Email Activity
94.177.240.159	24	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=159,no ISC data)
94.177.242.121	32	dbc	None	2019-09-13 00:00:00	2020-09-13 00:00:00	None	FR TO-S-2019-0985 Malicious Email Activity
94.177.242.182	32	dbc	None	2019-10-15 00:00:00	2020-10-15 00:00:00	None	FR TO-S-2020-0031 Malicious Email Activity
94.177.242.247	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	FR TO-S-2019-0747 Malicious Email Activity
94.177.242.253	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	FR TO-S-2019-0816 Malicious Email Activity
94.177.243.243	32	dbc	None	2019-01-15 06:00:00	2020-01-15 06:00:00	None	RO TO-S-2019-0321 Malicious Email Activity
94.177.246.39	24	RWB	None	2019-12-04 00:00:00	2020-03-03 00:00:00	None	Failed password for invalid user - Failed Logon (IP=39,DE)
94.177.250.221	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=221,GB)
94.177.254.67	24	RR	None	2019-11-14 00:00:00	2020-02-12 00:00:00	None	Failed password for invalid user -Failed Logons (IP=67,GB)
94.191.100.174	32	GM	None	2020-01-16 00:00:00	2020-04-16 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - 20C01467 (IP=174,US)
94.191.100.174	24	wmp	None	2018-12-11 06:00:00	2020-05-31 00:00:00	None	authentication bypass vulnerability (IP=174,CN) | updated by KF Block was inactive. Reactivated on 20200302 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=174,RU)
94.191.108.176	24	RR	None	2019-12-06 00:00:00	2020-03-05 00:00:00	None	Failed password for invalid user - Failed Logons (IP=176,RU)
94.191.110.200	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=200,CN)
94.191.113.146	24	CW	None	2019-10-26 00:00:00	2020-01-24 00:00:00	None	HTTP: SQL Injection Attempt Detected_Web Attacks (IP=46,CN)
94.191.114.213	24	RWB	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=213,RU)
94.191.115.15	32	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=15,RU)
94.191.115.15	24	RW	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=15,CN)
94.191.116.225	24	KF	None	2019-10-04 00:00:00	2020-01-02 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt_Web Attacks (IP=225,RU)
94.191.117.56	32	DT	None	2020-05-14 00:00:00	2020-08-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 20C02755 (IP=56,CN)
94.191.119.176	24	RR	None	2019-12-05 00:00:00	2020-03-04 00:00:00	None	Invalid user -Failed Logons (IP=176,RU)
94.191.120.99	24	GM	None	2019-11-08 00:00:00	2020-02-08 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=99,CN)
94.191.126.118	24	GM	None	2019-10-07 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=118,CN)
94.191.126.118	32	KF	None	2020-06-09 00:00:00	2020-09-07 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03102 (IP=118,CN)
94.191.127.232	24	GM	None	2019-10-31 00:00:00	2020-09-09 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=232,CN) | updated by KF Block was inactive. Reactivated on 20200611 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03129 (IP=232,CN)
94.191.15.243	24	CR	None	2019-05-06 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_CIRT Web Attacks - Prior 6 hours (IP=243,RU) | updated by RWB Block was inactive. Reactivated on 20191028 with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=2
94.191.16.209	24	RR	None	2019-06-30 00:00:00	2020-01-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=209,CN) | updated by ABC with reason Command Injection Attempt (IP=209,CN)
94.191.17.86	24	RB	None	2020-08-24 00:00:00	2020-11-22 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=86,CN
94.191.18.188	24	RW	None	2020-03-16 00:00:00	2020-06-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=188,CN)
94.191.19.41	24	wmp	None	2019-01-18 00:00:00	2020-02-05 00:00:00	None	authentication bypass vulnerability (IP=41,CN) | updated by RR with reason Command Injection Attempt (IP=188,CN)
94.191.20.30	24	RR	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=30,CN)
94.191.21.15	24	CR	None	2018-11-26 06:00:00	2020-03-16 00:00:00	None	Hello Peppa Scan (IP=15,CN) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=247,CN)
94.191.21.247	24	KF	None	2019-12-16 00:00:00	2020-03-15 00:00:00	None	HTTP: ThinkPHP CMS GetshellVulnerability (IP=247,RU)
94.191.25.31	24	KF	None	2019-10-29 00:00:00	2020-01-27 00:00:00	None	Command Injection Attempt (IP=31,CN)
94.191.28.13	24	RR	None	2019-06-25 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 hr Web Attacks (IP=13,RU) | updated by RB with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_12 hr web attacks (IP=13 CN) | 2020-01-04 | 2019-09-23
94.191.29.163	24	20200120	None	None	2020-01-20 00:00:00	None	HTTP: SQL Injection Attempt Detected - WebAttacks (IP=163,RU) | updated by RWB Block was inactive. Reactivated on 20191022 with reason HTTP: SQL Injection Attempt Detected - WebAttacks (IP=163,RU)
94.191.31.230	24	RR	None	2018-12-21 06:00:00	2020-01-31 00:00:00	None	Illegal user (IP=230,RU) | updated by RB with reason Failed password_6 hr Failed Logons (IP=53,CN) | 2020-01-31 | 2019-03-21
94.191.31.86	32	RR	None	2020-07-18 00:00:00	2020-10-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03503 (IP=86,CN)
94.191.38.50	24	RB	None	2019-11-02 00:00:00	2020-01-31 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_12 hr web attacks (IP=50,CN)
94.191.4.35	24	RR	None	2019-01-19 00:00:00	2020-01-11 00:00:00	None	Failed password for invalid user (IP=35,RU) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_SourceFire (IP=182 CN) | 2020-01-11 | 2019-04-19
94.191.40.166	24	KF	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=166,RU)
94.191.47.31	24	RW	None	2019-10-30 00:00:00	2020-01-30 00:00:00	None	Failed password - 6hr Failed Logon(IP=31,CN)
94.191.50.165	24	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=165,CN)
94.191.54.39	24	GM	None	2019-10-07 00:00:00	2020-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=39,CN)
94.191.58.198	24	RR	None	2020-04-12 00:00:00	2020-07-11 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=198,CN)
94.191.60.71	24	RR	None	2020-01-29 00:00:00	2020-04-28 00:00:00	None	Failed password - Failed Logons (IP=71,RU)
94.191.68.83	24	RR	None	2019-01-19 00:00:00	2020-02-15 00:00:00	None	Failed password for invalid user (IP=83,RU) | updated by RB with reason Invalid user_6 hr Failed Logons (IP=149,CN) | 2020-02-15 | 2019-04-19
94.191.70.57	24	RR	None	2019-01-30 00:00:00	2020-02-16 00:00:00	None	Failed password for invalid user (IP=57,RU) | updated by RR with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=51,RU)
94.191.75.145	24	GM	None	2020-03-01 00:00:00	2020-05-31 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=145,CN)
94.191.78.129	24	RR	None	2019-01-05 06:00:00	2020-01-03 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=129,RU) | updated by GM with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=99,CN)
94.191.79.195	24	RB	None	2019-06-23 00:00:00	2020-02-07 00:00:00	None	HTTP: SQL Injection Attempt Detected_12 hr web attacks (IP=195 CN) | updated by KF with reason Failed password (IP=156,RU)
94.191.86.50	32	BMP	None	2020-05-21 00:00:00	2020-08-21 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C02864 (IP=50,CN)
94.191.86.50	24	RR	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=50,RU)
94.191.9.85	24	RR	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	Invalid user - Failed Logons (IP=85,RU)
94.191.96.213	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=213,CN)
94.191.98.194	24	RB	None	2018-12-10 06:00:00	2020-01-04 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=194,CN) | updated by RB with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_12 hr web attacks (IP=89 CN) | 2020-01-04 | 2019-03-10
94.191.99.103	24	RR	None	2018-12-31 06:00:00	2020-01-14 00:00:00	None	Failed password (IP=103,RU) | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=107,RU)
94.198.215.22	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	IT TO-S-2019-0409 Malicious Email Activity
94.199.101.231	32	RR	None	2020-08-16 00:00:00	2020-11-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03722 (IP=231,GB)
94.199.198.137	24	CW	None	2019-12-01 00:00:00	2020-02-29 00:00:00	None	Failed password for invalid
94.199.200.66	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	TR TO-S-2019-0852 Malicious Email Activity
94.199.202.44	24	CR	None	2020-07-14 00:00:00	2020-10-12 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attack (IP=44,TR)
94.199.52.140	24	RB	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password_6 hr Failed Logons_CPC (IP=140 HU) | not blocked because TARGET IP NO LONGER AVAILABLE EXTERNALLY
94.20.64.42	24	BMP	None	2020-07-03 00:00:00	2020-10-01 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - 6hr Web Attacks (IP=42,AZ)
94.20.94.0	24	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	AZ TO-S-2019-0577 Malicious Email Activity
94.200.0.0	13	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	AE TO-S-2019-1036 Malicious Email Activity
94.206.64.0	19	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	AE TO-S-2019-0608 Malware Activity
94.21.141.74	24	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=74,HU)
94.21.177.216	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=216,HU)
94.21.46.77	32	RR	None	2020-08-03 00:00:00	2020-11-01 00:00:00	None	WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web attack (IP=77,US)
94.210.50.90	32	JKC DE TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
94.224.208.114	24	RW	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - 6hr web attacks (IP=114,BE)
94.224.232.47	24	KF	None	2019-06-26 00:00:00	2020-02-19 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=47,BE) | updated by RB with reason Authentication Failed_6 hr Failed Logons (IP=47,BE) | 2020-02-19 | 2019-09-24
94.224.29.224	24	RW	None	2019-10-03 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - 6 hr web attacks (IP=224,BE)
94.225.213.189	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=189,BL)
94.225.227.224	24	RW	None	2020-04-19 00:00:00	2020-07-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=224,BE)
94.227.109.101	24	KF	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	Authentication Failed (IP=101,BE)
94.228.253.226	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=226,RU)
94.229.40.8	32	JKC NL TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
94.229.66.131	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	Failed password - 6hr Logon (IP=131,GB)
94.23.0.0	16	tjh	None	2016-01-22 06:00:00	2020-09-02 00:00:00	None	PL TO-S-2016-0241 | updated by tjh with reason GB TO-S-2016-0520 | updated by dbc with reason FR TO-S-2016-0744 Phishing Act | updated by dbc with reason FR TO-S-2019-0890.01 Malicious Email Activity | updated by dbc with reason FR TO-S-2019-0938 M
94.23.210.200	24	FT	None	2020-09-11 00:00:00	2020-12-11 00:00:00	None	SERVER-WEBAPP elFinder PHP connector arbitrary PHP file upload attempt - 6hr Web Attacks (IP=200,FR)
94.23.222.44	24	BP	None	2019-11-15 00:00:00	2020-02-15 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=44,FR)
94.23.226.221	24	BMP	None	2020-07-23 00:00:00	2020-10-21 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=221,FR)
94.231.103.135	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	DK TO-S-2019-0577 Malicious Email Activity
94.231.103.82	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	DK TO-S-2019-0577 Malicious Email Activity
94.231.103.94	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	DK TO-S-2019-0577 Malicious Email Activity
94.231.108.221	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	DK TO-S-2019-0640.01 Malicious Email Activity
94.231.108.252	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	DK TO-S-2019-0577 Malicious Email Activity
94.231.108.37	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	DK TO-S-2019-0577 Malicious Email Activity
94.231.136.154	24	KF	None	2019-10-28 00:00:00	2020-01-27 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=154,RU) | updated by KF with reason Failed password for invalid user_6 Hr Failed Logons (IP=154,RU)
94.231.68.222	24	GM	None	2020-02-09 00:00:00	2020-05-09 00:00:00	None	Authentication Failed - Failed Logons (IP=222,UA)
94.234.48.242	24	RB	None	2020-04-08 00:00:00	2020-07-07 00:00:00	None	TCP: SYN Host Sweep (IP=242,SE)
94.235.106.145	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	TR TO-S-2020-0006 Malicious Email Activity
94.236.250.17	24	RR	None	2019-10-27 00:00:00	2020-01-26 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=17,BG) | updated by RR with reason SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=17,BG)
94.237.121.146	24	KF	None	2019-11-11 00:00:00	2020-02-09 00:00:00	None	Generic ArcSight scan attempt (IP=146,XX)
94.237.2.39	24	BMP	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - SourceFire (IP=39,FI)
94.237.34.120	32	wmp	None	2020-09-11 00:00:00	2020-12-11 00:00:00	None	HIVE Case #3844 COLS-NA-TIP-20-0288 (IP=120,FI)
94.237.78.68	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=68,SG)
94.242.253.13	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	LU TO-S-2020-0088 Malware Activity
94.246.212.203	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	EE TO-S-2019-0852 Malware Activity
94.247.180.87	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt - SourceFire (IP=87,FR)
94.247.180.87	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt - SourceFire (IP=87,FR)
94.247.57.9	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=9,RU)
94.249.192.103	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	DE TO-S-2020-0056 Malicious Email Activity
94.25.172.44	24	RR	None	2020-03-14 00:00:00	2020-06-12 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=44,RU)
94.25.173.252	24	RW	None	2020-04-03 00:00:00	2020-07-03 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=252,RU)
94.250.248.0	21	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	RU TO-S-2020-0047 Malicious Email Activity
94.254.109.128	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Illegal user - Failed Logons (IP=128,SE)
94.254.48.193	32	RB	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 20C02244 (IP=193,SE)
94.255.128.0	17	kmw	None	2019-06-25 00:00:00	2020-06-25 00:00:00	None	SE TO-S-2019-0769 Malicious Email Activity
94.28.220.191	24	RR	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=191,RU)
94.29.126.186	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=186,RU)
94.43.81.84	24	GM	None	2020-03-22 00:00:00	2020-06-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=84,GE)
94.45.0.0	20	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	RU TO-S-2019-0468 Malware Activity
94.46.13.110	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	PT TO-S-2019-0864 Malicious Email Activity
94.46.223.163	24	RB	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	TCP: SYN Host Sweep - Automated Block Report (IP=163,GB)
94.46.83.191	32	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt - 6hr web attacks (IP=191,DE)
94.46.83.191	24	RW	None	2019-10-15 00:00:00	2020-01-15 00:00:00	None	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt - Sourcefire (IP=191,DE)
94.49.189.81	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=81,SA)
94.49.89.14	24	KF	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	APP-DETECT failed FTP login attempt (1:13360:7)_SourceFire (IP=14,SA)
94.54.25.42	24	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP Apache Struts remote code execution attempt - Web Attacks (IP=42,TR)
94.56.64.0	18	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	AE TO-S-2019-0409 Malware Activity
94.57.145.144	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	AE TO-S-2020-0109.01 Malicious Email Activity
94.59.100.113	24	RWB	None	2020-01-16 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=113,AE) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=113,AE) | updated by KF with reason SERVER-WEBAPP MVPow
94.59.160.64	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
94.59.161.183	24	RW	None	2020-02-02 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=183,AE) | updated by RR Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=183,AE)
94.59.162.247	24	RWB	None	2020-01-16 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=247,AE) | updated by RWB with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=255,AE)
94.59.164.30	24	BMP	None	2020-01-27 00:00:00	2020-04-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=30,AE)
94.59.167.104	24	KF	None	2020-01-26 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=104,AE)
94.60.231.90	24	GM	None	2020-06-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=90,PT)
94.60.81.210	24	RW	None	2020-01-18 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=210,PT) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=210,PT)
94.61.119.236	32	GM	None	2020-08-17 00:00:00	2020-11-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C03727 (IP=236,PT)
94.62.16.68	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=68,PT)
94.62.199.222	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=222,PT)
94.66.153.0	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	Authentication Failed_Failed Logon (IP=0,GR)
94.66.169.65	24	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=65,GR) | updated by DT Block expiration extended with reason SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=65,GR)
94.66.198.65	24	RR	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Generic ArcSight scan attempt (IP=65,GR)
94.68.230.232	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=232,GR)
94.7.229.118	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=118,GB)
94.7.46.196	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=196,GB)
94.73.138.58	24	GM	None	2020-09-30 00:00:00	2020-12-30 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=58,TR)
94.73.144.194	24	MLJ	None	2018-04-26 05:00:00	2020-04-04 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=194,TR) | updated by dbc with reason TR TO-S-2019-0571 Malicious Email Activit
94.73.145.149	24	RB	None	2017-01-13 06:00:00	2020-04-19 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=149,TR) | updated by dbc with reason TR TO-S-2018-1158 Malicious Email Activit
94.73.146.71	24	EDBT	None	2017-01-08 06:00:00	2020-04-26 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=71,TR) | updated by RR with reason SQL 1 = 1 - possible sql injection attempt
94.73.147.2	24	MLJ	None	2017-07-27 05:00:00	2020-04-08 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=2,TR) | updated by dcg with reason TR TO-S-2018-1197 Indicator associated with
94.73.148.128	32	wmp	None	2020-08-26 00:00:00	2020-11-24 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=128,TR)
94.73.148.50	24	jky	None	2016-12-07 06:00:00	2020-04-04 00:00:00	None	TR TO-S-2017-0271 CNE Phishing targeting Army email addresses | updated by dbc with reason TR TO-S-2019-0571 Malicious Email A
94.73.149.64	24	RW	None	2019-10-11 00:00:00	2020-01-11 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - Sourcefire (IP=64,TR)
94.73.150.148	24	ged	None	2016-04-27 05:00:00	2020-03-26 00:00:00	None	SQL url ending in comment characters - possible sql injection attempt (IP=148, TR) | updated by EDBT with reason SQL 1 = 1 -
94.73.151.176	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (1:13990:26) - Sourcefire (IP=176,TR)
94.73.151.44	24	GLM	None	2017-06-16 05:00:00	2020-04-08 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=44,TR) | updated by dcg with reason TR TO-S-2018-0944 associated with malicious
94.73.170.168	24	YM	None	2018-06-19 05:00:00	2020-06-12 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=168,TR) | updated by KF Block was inactive. Reactivated on 20200202 with reason HTTP: SQL Injection - Exploit II (IP=168,TR) | updated by BMP Block expiration extended with reason SQL 1 = 1 - possible sql injecti
94.75.211.132	32	RW	None	2020-02-19 00:00:00	2020-03-19 00:00:00	None	HTTP: Ruby on Rails template_renderer Accept Header File - TT# 20C01780(IP=132,NL)
94.75.211.132	24	CR	None	2020-02-20 00:00:00	2020-05-20 00:00:00	None	HTTP: Ruby on Rails template_renderer Accept Header File Disclosure Vulnerability (CVE-2019-5418) - TT# 20C01780 (IP=132,NL)
94.75.75.222	24	RB	None	2019-11-08 00:00:00	2020-02-06 00:00:00	None	Failed password_6 hr Failed Logons (IP=222 PL)
94.78.232.30	24	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=30,RU)
94.78.89.242	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=242,TR)
94.79.0.0	18	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
94.79.181.162	24	GM	None	2019-10-29 00:00:00	2020-01-29 00:00:00	None	Failed password - Failed Logons (IP=162,DE)
94.8.148.206	24	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=206,GB)
94.8.99.234	24	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=234,GB)
94.81.7.43	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - SourceFire (IP=43,IT)
94.86.232.58	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (IP=58,IT)
94.87.148.126	24	CR	None	2019-10-12 00:00:00	2020-01-10 00:00:00	None	Authentication Failed_6 hr Failed Logon (IP=126,IT)
94.89.40.90	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt_Web attacks (IP=90,IT)
94.91.166.163	24	RW	None	2020-01-24 00:00:00	2020-04-24 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - 6hr web attacks (IP=163,IT)
94.92.96.11	24	CW	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt_Web attacks (IP=11,IT)
94.94.226.54	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - Web Attacks (IP=54,IT)
94.96.37.4	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=4,SA)
94.96.4.196	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=196,SA)
94.96.94.239	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=239,SA)
94.97.84.21	24	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=21,SA)
94.99.219.33	24	RR	None	2020-04-10 00:00:00	2020-07-09 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (IP=33,SA)
94.99.50.157	24	CW	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
94.99.79.78	24	RR	None	2020-01-20 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=78,SA) | updated by RWB with reason Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,SA)
94.99.95.78	24	KF	None	2019-10-22 00:00:00	2020-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=78,SA)
95.0.139.4	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	TR TO-S-2019-0626.01 Malware Activity
95.0.194.245	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	TCP: SYN Host Sweep (IP=245,TR)
95.0.66.115	24	BMP	None	2020-02-28 00:00:00	2020-05-28 00:00:00	None	APP-DETECT failed FTP login attempt - 6hr web attacks (IP=115,TR)
95.10.178.32	24	GM	None	2020-01-10 00:00:00	2020-04-10 00:00:00	None	Authentication Failed - Web Attacks (IP=32,TR)
95.10.188.19	24	BMP	None	2020-02-22 00:00:00	2020-05-22 00:00:00	None	Authentication Failed - 6hr Logons (IP=19,TR)
95.10.7.134	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=134,TR)
95.103.141.15	24	BMP	None	2020-02-16 00:00:00	2020-05-16 00:00:00	None	Authentication Failed - 6hr Logons (IP=15,SK)
95.103.49.248	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	Authentication Failed (IP=48,SK)
95.103.61.167	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	SK TO-S-2019-0608 Malware Activity
95.104.45.36	24	CW	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed_Failed Logon (IP=36,GE)
95.105.142.248	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	SK TO-S-2019-0608 Malware Activity
95.105.233.209	24	RWB	None	2019-10-30 00:00:00	2020-01-28 00:00:00	None	Failed password - Failed Logon (IP=209,SK)
95.107.102.0	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
95.107.102.0	24	RW	None	2020-01-19 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=0,RU)
95.108.128.0	17	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	RU TO-S-2020-0056 Malicious Reconnaissance Activity
95.110.128.66	24	GM	None	2019-11-12 00:00:00	2020-02-10 00:00:00	None	ABC Generic ArcSight scan attempt (IP=66,IT)
95.110.172.146	24	ged	None	2014-10-05 05:00:00	2020-08-15 00:00:00	None	TCP HOST SWEEPS (IP=146, IT) | updated by RR with reason ET SCAN Potential SSH Scan (IP=14,IT) | updated by dbc with reason IT TO-S-2019-0890.01 Malicious Email Activity
95.110.213.23	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=23,IT)
95.110.227.199	32	CR	None	2019-08-02 00:00:00	2020-12-23 00:00:00	None	Known Attack Tool User Agent - TT# 19C02705 (IP=199,US) | updated by JKC Block was inactive. Reactivated on 20191223 with reason CH TO-2020-0212 network threat activity
95.110.235.174	24	GM	None	2019-11-12 00:00:00	2020-02-12 00:00:00	None	Invalid user - Failed Logons (IP=174,IT)
95.110.242.44	24	YM	None	2017-09-19 05:00:00	2020-05-28 00:00:00	None	FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (IP=44,IT) | updated by RB with reason FIL | updated by BMP Block was inactive. Reactivated on 20200228 with reason FILE-PDF Adobe PDF PPKLite security handler memory co
95.111.226.72	24	KF	None	2020-05-12 00:00:00	2020-08-10 00:00:00	None	UDP: Host Sweep (IP=72,UA)
95.12.62.228	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=228,TR)
95.123.94.182	24	GM	None	2019-12-08 00:00:00	2020-03-08 00:00:00	None	Failed password - Failed Logons (IP=182,ES)
95.128.43.213	32	dbc	None	2019-09-30 00:00:00	2020-09-30 00:00:00	None	FR TO-S-2019-1036 Malicious Email Activity
95.128.74.79	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=79,FR)
95.130.173.243	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	TR TO-S-2020-0056 Malicious Web Application Activity
95.131.138.182	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	FR TO-S-2019-0831 Malicious Email Activity
95.131.138.229	32	dbc	None	2019-07-18 00:00:00	2020-07-18 00:00:00	None	FR TO-S-2019-0831 Malicious Email Activity
95.132.152.173	24	CW	None	2020-01-08 00:00:00	2020-04-07 00:00:00	None	Authentication Failed_Failed Logon (IP=73,UA)
95.133.35.221	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=221,UA)
95.135.182.121	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=121,TV)
95.135.183.253	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=253,UA)
95.138.243.201	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=201,RU)
95.139.0.0	17	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
95.14.134.10	24	RB	None	2019-10-06 00:00:00	2020-01-04 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt_Sourcefire (IP=10 TR)
95.14.136.241	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=241,TR)
95.14.156.172	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	TR TO-S-2019-0608 Malware Activity
95.14.194.104	24	RB	None	2020-01-10 00:00:00	2020-04-09 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=104,TR)
95.14.67.88	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=88,TR)
95.140.44.24	24	RR	None	2018-12-25 06:00:00	2020-02-05 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=24,HU) | updated by RR with reason Generic ArcSight scan attempt (IP=250,HU)
95.141.192.28	24	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=28,RU)
95.141.32.237	32	dbc	None	2019-11-05 00:00:00	2020-11-05 00:00:00	None	IT TO-S-2020-0088 Malware Activity
95.142.184.192	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=192,IT)
95.142.45.62	24	GM	None	2019-10-01 00:00:00	2020-01-01 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=62,RU)
95.143.172.12	24	saj	None	2014-04-05 05:00:00	2020-01-24 00:00:00	None	China Chopper PHP/Backdoor Detected | updated by MWH with reason ET CINS Active Threat Intelligence Poor Reputation IP & Misc
95.144.138.246	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=246,GB)
95.144.33.218	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=218,GB)
95.145.252.49	24	RR	None	2020-01-23 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=49,GB)
95.146.217.104	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	GB TO-S-2020-0109.01 Malicious Web Application Activity
95.146.61.120	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,UK)
95.147.58.22	24	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=22,UK)
95.148.18.61	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=61,GB)
95.15.215.36	24	BMP	None	2020-01-30 00:00:00	2020-04-29 00:00:00	None	Authentication Failed - 6hr Failed Logons (IP=36,TR)
95.15.36.244	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=244,TR)
95.15.48.193	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=193,TR)
95.150.72.160	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=,GB)
95.154.199.181	24	ABC	None	2019-10-28 00:00:00	2020-01-26 00:00:00	None	Generic ArcSight scan attempt (IP=181,GB)
95.154.250.10	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	GB TO-S-2019-0420 Malicious Email Activity
95.154.74.146	24	RR	None	2019-06-25 00:00:00	2020-02-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 hr Web Attacks (IP=146,RU) | updated by KF with reason Immediate Inbound Network Block - TT# 20C00829 (IP=146,US)
95.156.255.46	24	RB	None	2019-11-09 00:00:00	2020-02-07 00:00:00	None	Failed password_6 hr Failed Logons (IP=46,IR)
95.156.31.74	24	RR	None	2018-12-08 06:00:00	2020-04-22 00:00:00	None	Failed password for invalid user (IP=74,MK) | updated by CW Block was inactive. Reactivated on 20200123 with reason Illegal user_Failed Logon (IP=74,MK)
95.158.36.20	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=20,UA)
95.158.36.20	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=20,UA)
95.158.36.20	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=20,UA)
95.163.208.8	24	GLM	None	2018-12-13 06:00:00	2020-02-04 00:00:00	None	Authentication Failed (IP=8,RU) | updated by RR with reason Failed password - Failed Logons (IP=102,RU)
95.163.249.231	32	RW	None	2020-02-07 00:00:00	2020-03-07 00:00:00	None	Known Attack Tool User Agent / UDS-Paros_RC8766 - TT# 20C01641(IP=231,RU)
95.163.251.120	24	KF	None	2020-05-01 00:00:00	2020-07-30 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=120,RU)
95.167.0.0	16	jky	None	2017-04-19 05:00:00	2020-02-04 00:00:00	None	RU TO-S-2017-0879 Malicious activity | updated by GLM with reason Illegal user (IP=166,RU) | updated by GLM with reason Inva | updated by RR with reason Failed password - Failed Logons (IP=12,RU)
95.168.124.153	24	BMP	None	2020-01-13 00:00:00	2020-04-12 00:00:00	None	Authentication Failed - 6hr Logon (IP=153,HR)
95.168.171.155	24	RR	None	2020-03-29 00:00:00	2020-06-27 00:00:00	None	UDP: Host Sweep- ARCSight Sauron (IP=155,NL)
95.168.176.172	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	GB TO-S-2019-0626.01 Malware Activity
95.168.176.173	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	DE TO-S-2019-0626.01 Malware Activity
95.168.226.163	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	BG TO-S-2019-0608 Malware Activity
95.169.11.242	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	CA TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason CA TO-S-2020-0212.01 Malicious Web Application Activity
95.170.177.86	24	BMP	None	2020-04-06 00:00:00	2020-07-05 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=86,RU)
95.170.95.39	24	ABC	None	2018-04-04 05:00:00	2020-02-17 00:00:00	None	Generic ArcSight scan attempt (IP=39,NL) | updated by RB with reason Invalid user_6 hr Failed Logons (IP=251,NL) | 2020-02-17 | 2018-07-03
95.172.133.74	24	RB	None	2020-07-02 00:00:00	2020-09-30 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - 6hr failed logon(IP=74,RU)
95.173.156.193	24	BP	None	2019-11-25 00:00:00	2020-02-23 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=193,RU)
95.173.180.180	32	wmp	None	2020-08-31 00:00:00	2020-11-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=180,TR)
95.174.98.93	24	KF	None	2020-01-14 00:00:00	2020-04-24 00:00:00	None	Illegal user (IP=93,RU) | updated by KF Block expiration extended with reason Failed password (IP=93,RU)
95.177.100.180	32	dbc	None	2019-08-06 00:00:00	2020-08-06 00:00:00	None	GB TO-S-2019-0864 Malicious Email Activity
95.177.128.169	24	RR	None	2017-04-17 05:00:00	2020-03-11 00:00:00	None	ET SCAN Potential SSH Scan (IP=169,RO) | updated by dbc with reason SA TO-S-2019-0468 Malicious Email Activity
95.177.143.55	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	SA TO-S-2019-0468 Malicious Email Activity
95.179.133.27	24	RR	None	2019-11-16 00:00:00	2020-02-14 00:00:00	None	Compromised URL - Hive Case 1127 (IP=27,NL)
95.179.136.180	24	FT	None	2020-09-18 00:00:00	2020-12-17 00:00:00	None	SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt - Sourcefire (IP=180,NL)
95.179.136.39	24	ABC	None	2018-07-12 05:00:00	2020-02-21 00:00:00	None	Generic ArcSight scan attempt (IP=39,GR) | updated by dbc with reason GR TO-S-2019-0430 Malicious Web Application Activity
95.179.139.194	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	NL TO-S-2019-0430 Malicious Web Application Activity
95.179.139.29	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	NL TO-S-2019-0852 Malware Activity
95.179.142.154	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	NL TO-S-2019-0430 Malicious Web Application Activity
95.179.146.34	32	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	NL TO-S-2019-0430 Malicious Web Application Activity
95.179.146.93	32	KF	None	2020-04-15 00:00:00	2020-07-14 00:00:00	None	UDP: Host Sweep (IP=93,US)
95.179.148.246	32	RW	None	2020-05-12 00:00:00	2020-06-12 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02730 (IP=246,NL)
95.179.150.101	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	NL TO-S-2019-0617 Malware Activity
95.179.150.92	32	dbc	None	2019-04-26 00:00:00	2020-04-26 00:00:00	None	NL TO-S-2019-0626.01 Malware Activity
95.179.157.161	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	NL TO-S-2019-0852 Malicious Email Activity
95.179.164.209	24	GM	None	2019-12-24 00:00:00	2020-03-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=209,DE) | updated by CR Block expiration extended with reason SERVER-WEBAPP Atvise denial of service attempt - Sourcefire (IP=209, DE)
95.179.166.15	32	dbc	None	2019-08-22 00:00:00	2020-08-22 00:00:00	None	DE TO-S-2019-0926 Malicious Email Activity
95.179.167.120	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	DE TO-S-2019-0508 Malware Activity
95.179.168.213	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	DE TO-S-2019-0508 Malware Activity
95.179.169.96	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	DE TO-S-2019-0508 Malware Activity
95.179.171.211	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	DE TO-S-2019-0508 Malware Activity
95.179.186.57	32	dbc	None	2019-07-05 00:00:00	2020-07-05 00:00:00	None	NL TO-S-2019-0800 Malicious Email Activity
95.179.188.59	32	dbc	None	2019-10-25 00:00:00	2020-10-25 00:00:00	None	NL TO-S-2020-0065 Malicious Web Application Activity
95.179.189.90	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	NL TO-S-2019-0816 Malicious Email Activity
95.179.191.14	24	GM	None	2019-12-27 00:00:00	2020-03-27 00:00:00	None	FIREEYE Web: Infection Match - Case # 1742 (IP=14,NL)
95.179.192.125	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	GB TO-S-2020-0056 Malware Activity
95.179.192.46	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	GB TO-S-2020-0190 Malware Activity
95.179.199.186	32	dbc	None	2019-06-18 00:00:00	2020-06-18 00:00:00	None	NL TO-S-2019-0734.01 Malicious Email Activity
95.179.203.180	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	NL TO-S-2019-0816 Malicious Email Activity
95.179.209.98	32	dbc	None	2019-07-12 00:00:00	2020-07-12 00:00:00	None	FR TO-S-2019-0816 Malicious Email Activity
95.179.210.253	32	dbc	None	2019-04-17 00:00:00	2020-04-17 00:00:00	None	NL TO-S-2019-0604 Malware Activity
95.179.220.100	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=100,FR)
95.179.228.103	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	GB TO-S-2019-0634 Malicious Web Application Activity
95.179.229.230	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	GB TO-S-2020-0056 Malware Activity
95.179.233.146	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	GB TO-S-2020-0056 Malware Activity
95.181.130.133	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=133,RU)
95.181.187.5	32	jkc	None	2020-07-20 00:00:00	2020-10-21 00:00:00	None	hive case # 3387 CTO 20-199 Malicious IP (IP=5,RU)
95.182.215.26	24	KF	None	2019-10-05 00:00:00	2020-01-03 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (IP=26,BE)
95.182.88.172	24	BMP	None	2019-12-30 00:00:00	2020-03-29 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=172,RU)
95.182.90.29	24	BMP	None	2020-01-21 00:00:00	2020-04-20 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=29,RU)
95.183.48.46	24	dbc	None	2015-05-11 05:00:00	2020-08-15 00:00:00	None	TCP Host Sweeps (IP=46, RU) | updated by dbc with reason CH TO-S-2019-0890.01 Command and Control Exploit
95.183.79.97	24	RWB	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=97,RU)
95.184.0.0	14	dcg	None	2018-06-06 05:00:00	2020-04-19 00:00:00	None	SA TO-S-2018-0814 associated with malware activity | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=176,SA)
95.184.190.8	24	CR	None	2020-05-28 00:00:00	2020-08-28 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=8,SA)
95.188.0.0	14	dbc	None	2019-02-21 00:00:00	2020-02-21 00:00:00	None	RU TO-S-2019-0430 Malware Activity
95.211.147.147	24	GM	None	2020-05-19 00:00:00	2020-08-19 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=147,NL)
95.211.172.5	24	djs	None	2014-11-17 06:00:00	2020-02-02 00:00:00	None	Malware.Binary C2 MAID=4518 (ip=5,NL) | updated by RR with reason HTTP: MS Outlook Web Access Login Form Remote URI Redirection Vulnerability - TT# 20C01324 (IP=35,NL)
95.211.174.151	24	RR	None	2020-03-27 00:00:00	2020-06-25 00:00:00	None	TCP: SYN Host Sweep (IP=151,NL)
95.211.201.194	24	RW	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=194,NL) | not blocked because No valid destinations in IDS Report
95.211.208.59	24	FT	None	2020-11-04 00:00:00	2020-02-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=59,NL)
95.211.230.211	24	BMP	None	2020-07-15 00:00:00	2020-10-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=211,NL)
95.211.33.36	24	KF	None	2019-11-03 00:00:00	2020-02-01 00:00:00	None	Failed Password_6 Hr Failed Logons (IP=36,NL)
95.213.129.164	24	GM	None	2019-10-31 00:00:00	2020-01-29 00:00:00	None	ABC Generic ArcSight scan attempt (IP=164,RU)
95.213.132.163	24	RB	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=163,RU)
95.213.141.154	24	RB	None	2020-05-27 00:00:00	2020-08-25 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=154,RU)
95.213.143.217	24	DT	None	2020-05-27 00:00:00	2020-08-27 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=217,RU)
95.213.148.154	24	RW	None	2020-06-18 00:00:00	2020-09-18 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=154,RU)
95.213.191.37	24	RR	None	2020-06-02 00:00:00	2020-09-02 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=37,RU)
95.214.212.49	24	DT	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=49,ES)
95.215.204.121	32	dbc	None	2019-10-21 00:00:00	2020-10-21 00:00:00	None	NL TO-S-2020-0047 Malicious Email Activity
95.215.206.89	32	dbc	None	2019-05-01 00:00:00	2020-05-01 00:00:00	None	Unaffiliated TO-S-2019-0634 Malware Activity
95.216.0.0	15	kmw	None	2018-11-15 06:00:00	2020-02-04 00:00:00	None	FI TO-S-2019-0136 Malicious Email Activity | updated by kmw with reason FI TO-S-2019-0382 Malicious Email Activity
95.216.186.76	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=76,FI)
95.216.196.138	32	GL	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	HIVE Case #3466 CTO-20-211 JFHQ-DODIN (IP=138,NL)
95.216.251.130	32	wmp	None	2020-07-29 00:00:00	2020-10-29 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=130,FI)
95.216.99.227	32	wmp	None	2020-07-30 00:00:00	2020-10-30 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=227,FI)
95.217.167.61	32	RW	None	2020-06-22 00:00:00	2020-09-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03257 (IP=61,DE)
95.217.19.190	32	BMP	None	2020-04-04 00:00:00	2020-07-03 00:00:00	None	Known Attack Tool User Agent / 20086 HTTP Muieblackcat Security Scanner - TT# 20C02366 (IP=190,FI)
95.217.199.245	32	wmp	None	2020-08-18 00:00:00	2020-11-18 00:00:00	None	HIVE Case #3613 TO-S-2020-0741 COLS-NA-TIP-20-0263 (IP=245,FI)
95.217.87.155	24	RR	None	None	2020-06-23 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=155,DE)
95.219.198.191	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=191,SA)
95.222.176.209	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	DE TO-S-2019-0608 Malware Activity
95.226.183.46	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=46,IT)
95.231.76.33	24	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Failed password - Failed Logon (IP=,FR)
95.233.30.212	24	KF	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=212,IT)
95.234.142.70	24	CW	None	2020-01-28 00:00:00	2020-04-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt_Web attacks (IP=70,IT)
95.234.214.45	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - 6hr web attacks (IP=45,IT)
95.235.142.142	24	RR	None	2020-01-21 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=142,IT) | updated by RWB with reason Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,IT)
95.236.23.118	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=118,IT)
95.237.13.162	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	IT TO-S-2019-0608 Malware Activity
95.237.204.233	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=233,IT)
95.239.121.183	24	dbc	None	2015-01-29 06:00:00	2020-04-19 00:00:00	None	TCP Port Sweeps (IP=183, IT) | updated by dbc with reason IT TO-S-2019-0608 Malware Activity
95.239.143.21	24	KF	None	2020-01-19 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=21,IT)
95.241.236.165	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	IT TO-2020-0212 network threat activity
95.244.228.243	24	RW	None	2020-01-22 00:00:00	2020-04-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=243,IT)
95.247.228.212	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	IT TO-S-2019-0608 Malware Activity
95.249.175.191	24	BMP	None	2020-02-23 00:00:00	2020-05-23 00:00:00	None	Authentication Failed - 6hr Logons (IP=191,IT)
95.250.172.59	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=59,IT)
95.250.207.76	24	RR	None	2020-01-17 00:00:00	2020-04-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=76,IT)
95.255.43.149	32	GM	None	2020-04-02 00:00:00	2020-06-02 00:00:00	None	Known Attack Tool User Agent/BOT: Mirai Echobot Activity Detected - TT# 020420-00042 (IP=149,IT)
95.255.43.189	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - 6hr web attacks (IP=189,IT)
95.30.223.61	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=61,RU)
95.30.41.132	24	RR	None	2020-06-15 00:00:00	2020-09-13 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=132,RU)
95.30.63.178	24	RR	None	2020-06-19 00:00:00	2020-09-17 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=178,RU)
95.32.100.55	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=55,RU)
95.32.113.30	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	Failed password - Failed Logons (IP=30,RU)
95.32.205.122	24	RW	None	2020-01-18 00:00:00	2020-04-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=122,RU)
95.32.253.216	24	RW	None	2020-02-10 00:00:00	2020-05-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=216,RU)
95.45.225.130	24	KF	None	2020-02-02 00:00:00	2020-05-02 00:00:00	None	Failed password (IP=130,IE)
95.47.121.87	24	RR	None	2020-03-03 00:00:00	2020-06-01 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=87,RU)
95.48.54.106	24	RR	None	2019-01-19 00:00:00	2020-01-30 00:00:00	None	Failed password for invalid user (IP=106,PL) | updated by RW Block was inactive. Reactivated on 20191030 with reason Failed password - 6hr Failed Logon(IP=106,PL)
95.49.145.153	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	PL TO-S-2019-0608 Malware Activity
95.49.167.115	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	PL TO-S-2019-0608 Malware Activity
95.49.82.72	24	RR	None	2019-03-11 00:00:00	2020-04-19 00:00:00	None	Authentication Failed (IP=72,PL) | updated by dbc with reason PL TO-S-2019-0608 Malware Activity
95.57.224.176	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=176,KZ)
95.57.78.233	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=233,KZ)
95.57.79.34	24	RWB	None	2020-01-22 00:00:00	2020-04-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=34,KZ)
95.58.194.143	24	RR	None	2018-12-21 06:00:00	2020-02-15 00:00:00	None	Illegal user (IP=143,KZ) | updated by RB with reason Failed password for invalid user_6 hr Failed Logons (IP=143,KZ) | 2020-02-15 | 2019-03-21
95.59.65.84	24	CW	None	2020-01-12 00:00:00	2020-04-11 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit)_SourceFire (IP=84,KZ)
95.6.34.112	24	RW	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=112,TR)
95.6.91.139	24	ged	None	2016-04-22 05:00:00	2020-04-19 00:00:00	None	ET POLICY Suspicious inbound to MSSQL port 1433 (IP=139, TR) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=50,TR)
95.61.121.52	24	GM	None	2020-06-10 00:00:00	2020-08-10 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=52,ES)
95.65.203.196	24	RWB	None	2019-12-31 00:00:00	2020-03-30 00:00:00	None	Web Application Attack - SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=196,TR)
95.65.9.19	32	wmp	None	2020-09-23 00:00:00	2020-12-22 00:00:00	None	HIVE Case #3961 COLS-NA-TIP-20-0300 (IP=19,MD)
95.66.159.180	24	RWB	None	2019-11-07 00:00:00	2020-02-05 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,RU)
95.67.237.220	24	GM	None	2020-06-08 00:00:00	2020-08-08 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Web Attacks (IP=220,RU)
95.68.217.193	24	RW	None	2019-11-05 00:00:00	2020-02-05 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=193,RU)
95.7.61.155	24	GM	None	2020-01-31 00:00:00	2020-04-30 00:00:00	None	Failed password - Failed Logons (IP=155,TR)
95.70.164.20	24	RB	None	2020-06-27 00:00:00	2020-09-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=20,TR)
95.70.194.229	24	RWB	None	2020-01-16 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=,TR) | updated by KF with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=229,TR)
95.70.224.147	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	TR TO-S-2019-0608 Malware Activity
95.8.160.184	24	RR	None	2020-01-20 00:00:00	2020-04-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=184,TR)
95.8.205.101	24	GM	None	2020-01-25 00:00:00	2020-04-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=101,TR)
95.8.94.149	24	dbc	None	2014-09-01 05:00:00	2020-04-19 00:00:00	None	Failed FTP Login Attepts (ip=149 TR) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=50,TR)
95.80.215.170	24	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - 6hr web attacks (IP=170,CZ)
95.81.0.0	18	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	UA TO-S-2019-0658 Malware Activity
95.85.26.23	24	RR	None	2020-02-04 00:00:00	2020-05-04 00:00:00	None	Failed password - Failed Logons (IP=23,NL)
95.85.34.111	24	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=111,NL)
95.85.60.177	24	RR	None	2016-11-29 06:00:00	2020-03-05 00:00:00	None	SERVER-OTHER ntpd mrulist control message command null pointer dereference attempt (IP=177,NL) | updated by RR with reason Fai | updated by GM with reason Invalid user - Failed Logons (IP=251,NL)
95.85.8.126	24	RR	None	2018-01-12 06:00:00	2020-03-07 00:00:00	None	ET SCAN Potential SSH Scan (IP=126,NL) | updated by GM with reason Failed password - Failed Logons (IP=215,NL)
95.85.97.253	24	RR	None	2020-02-05 00:00:00	2020-05-05 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=253,TM)
95.88.133.52	24	GM	None	2020-01-28 00:00:00	2020-04-28 00:00:00	None	Authentication Failed - Failed Logons (IP=52,DE)
95.9.116.78	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	TR TO-S-2019-0608 Malware Activity
95.9.133.59	24	RWB	None	2020-01-16 00:00:00	2020-04-15 00:00:00	None	Attempted Administrator Privilege Gain - SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=,TR)
95.9.220.252	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	TR TO-S-2019-0608 Malware Activity
95.9.47.117	24	sjl	None	2014-07-22 05:00:00	2020-04-16 00:00:00	None	TCP HOST SWEEPS (IP=117, TR) | updated by RR with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=86,TR)
95.90.120.139	24	RR	None	2020-02-17 00:00:00	2020-05-17 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=139,DE)
95.91.138.119	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	DE TO-S-2019-0608 Malware Activity
95.96.84.8	24	FT	None	2020-11-04 00:00:00	2020-02-02 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=8,NL)
95.97.124.26	32	JKC IT TO-2020-0212 network	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	threat activity
96.1.72.4	24	CW	None	2019-11-18 00:00:00	2020-02-16 00:00:00	None	Invalid user_Failed Logon (IP=4,CA)
96.10.222.50	32	RW	None	2020-02-01 00:00:00	2020-05-01 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=50,US)
96.125.162.78	32	JKC	None	None	2020-04-26 00:00:00	None	TIPPR19-0140 (IP=78, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity
96.125.164.155	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	US TO-S-2019-1002 Malicious Email Activity
96.126.103.204	32	ABC	None	2019-10-10 00:00:00	2020-01-08 00:00:00	None	Generic ArcSight scan attempt (IP=204,US)
96.127.128.202	32	dbc	None	2019-04-16 00:00:00	2020-04-16 00:00:00	None	US TO-S-2019-0593 Malicious Email Activity
96.127.251.2	24	ABC	None	2019-10-11 00:00:00	2020-01-09 00:00:00	None	Generic ArcSight scan attempt (IP=2,CA)
96.16.14.12	32	RWB	None	2019-10-24 00:00:00	2020-01-22 00:00:00	None	MALWARE-OTHER Executable control panel file download request - sourcefire (IP=12,US)
96.22.167.104	24	BLP	None	2018-12-26 06:00:00	2020-04-19 00:00:00	None	Failed password for invalid user (IP=104,CA) | updated by dbc with reason CA TO-S-2019-0608 Malware Activity
96.224.222.51	32	RW	None	2020-04-11 00:00:00	2020-07-11 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - 6hr web attacks (IP=51,US)
96.225.45.30	32	RW	None	2020-04-03 00:00:00	2020-06-03 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02328 (IP=30,US)
96.227.253.19	32	DT	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - SourceFire (IP=19,US)
96.234.161.237	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	US TO-S-2019-0852 Malware Activity
96.248.4.36	32	KF	None	2019-10-20 00:00:00	2020-01-18 00:00:00	None	Generic ArcSight scan attempt (IP=36,US)
96.3.42.199	24	BMP	None	2020-01-11 00:00:00	2020-02-10 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT# 20C01415 (IP=199,US)
96.30.129.193	32	JKC	None	2019-12-23 00:00:00	2020-12-23 00:00:00	None	CA TO-2020-0212 network threat activity
96.30.195.251	32	RB	None	2019-10-19 00:00:00	2020-01-17 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - TT# 20C00477 (IP=251,US)
96.30.197.102	32	FT	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - SourceFire (IP=US,102)
96.30.197.33	32	RR	None	2020-09-21 00:00:00	2020-12-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=33,US)
96.30.52.60	32	wmp	None	2020-08-05 00:00:00	2020-11-05 00:00:00	None	HIVE Case #3479 COLS-NA-TIP-20-0246 (IP=60,US)
96.31.35.168	32	dbc	None	2019-04-22 00:00:00	2020-04-22 00:00:00	None	US TO-S-2019-0613 Malicious Email Activity
96.37.244.48	32	BMP	None	2020-02-15 00:00:00	2020-05-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=48,US)
96.40.177.167	32	RW	None	2020-08-20 00:00:00	2020-11-20 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=167,US)
96.43.190.172	24	RR	None	2020-01-18 00:00:00	2020-04-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=172,JM)
96.44.128.0	18	RR	None	2018-12-05 06:00:00	2020-05-01 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - TT# 19C00465 (IP=0,US) | updated by dbc with | updated by dbc with reason US TO-S-2019-0634 Malicious Email Activity
96.44.141.93	32	dbc	None	2019-10-23 00:00:00	2020-10-23 00:00:00	None	US TO-S-2020-0056 Malware Activity
96.46.128.252	32	GL	None	2020-08-12 00:00:00	2020-11-10 00:00:00	None	HIVE Case #3558 TO-S-2020-0718 (IP=252,US)
96.49.108.30	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
96.5.232.111	32	RWB	None	2019-11-05 00:00:00	2020-02-03 00:00:00	None	Invalid user - Failed Logon (IP=,US)
96.57.82.166	32	RR	None	2017-10-28 05:00:00	2020-01-14 00:00:00	None	Illegal user (IP=166,US) | updated by RR with reason Illegal user (IP=166,US) | updated by CR with reason Illegal user_6 hr Failed Logons (IP=166,US) | updated by RR with reason Illegal user - Web Attacks (IP=166,US)
96.66.204.241	32	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=241,US)
96.66.37.244	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02401 (IP=244,US)
96.67.121.174	32	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=174,US)
96.67.251.65	32	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=65,US)
96.71.48.177	32	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=177,US)
96.73.71.5	32	KF	None	2020-04-11 00:00:00	2020-07-10 00:00:00	None	TCP: SYN Host Sweep (IP=5,US)
96.75.63.115	32	GM	None	2019-11-06 00:00:00	2020-02-04 00:00:00	None	ABC Generic ArcSight scan attempt (IP=115,US)
96.75.67.2	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=2,US)
96.76.187.122	32	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (1:52277:1) (IP=122,US)
96.79.107.206	32	KF	None	2019-11-22 00:00:00	2020-02-20 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (IP=206,US)
96.8.115.90	32	dbc	None	2019-08-27 00:00:00	2020-08-27 00:00:00	None	US TO-S-2019-0938 Malicious Email Activity
96.80.89.253	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=253,US)
96.82.230.206	32	BMP	None	2020-04-05 00:00:00	2020-07-04 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=206,US)
96.86.188.65	32	dbc	None	2019-10-07 00:00:00	2020-10-07 00:00:00	None	US TO-S-2020-0006 Malicious Email Activity
96.9.247.188	32	RB	None	2019-04-21 00:00:00	2020-05-01 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - TT# 19C01976 (IP=188,US) | updated by dbc with reason US TO-S-2019-0634 Malware Activity
96.9.67.145	24	RR	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=145,KH)
96.9.72.0	24	dbc	None	2019-09-02 00:00:00	2020-09-02 00:00:00	None	KH TO-S-2019-0952 Malware Activity
96.9.76.51	32	dbc	None	2019-02-15 00:00:00	2020-02-15 00:00:00	None	KH TO-S-2019-0409 Malicious Email Activity
96.9.77.142	24	JC	None	2020-05-01 00:00:00	2020-08-01 00:00:00	None	CTR-10-0743 Harvesting Credintial campaign - Hive case 2710 (IP=142,KH)
96.90.8.209	32	KF	None	2020-04-07 00:00:00	2020-07-06 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - Web Attacks (IP=209,US)
96.92.21.97	32	RW	None	2019-11-24 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - 6hr web attacks (IP=97,US)
96.92.66.171	32	DT	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=171,US)
96.93.193.158	32	RW	None	2020-09-02 00:00:00	2020-12-02 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=158,US)
97.113.64.160	32	GM	None	2019-10-18 00:00:00	2020-01-18 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt Attempt - Web Attacks (IP=160,US)
97.115.245.86	32	GM	None	2020-07-05 00:00:00	2020-10-05 00:00:00	None	Signature: Vulnerability - TT# 20C03377 (IP=86,US)
97.177.242.121	32	dbc	None	2019-09-19 00:00:00	2020-09-19 00:00:00	None	FR TO-S-2019-1002 Malicious Email Activity
97.64.34.245	32	dbc	None	2019-12-23 00:00:00	2020-12-26 00:00:00	None	US TO-S-2020-0206 Malware Activity | updated by kmw Block expiration extended with reason US TO-S-2020-0212.01 Malware Activity
97.74.186.116	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=116,US)
97.74.228.222	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
97.74.229.121	32	RW	None	2019-11-01 00:00:00	2020-02-01 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=121,US)
97.74.236.248	32	dbc	None	2019-02-20 00:00:00	2020-02-20 00:00:00	None	US TO-S-2019-0420 Malicious Email Activity
97.74.6.168	32	wmp	None	2020-09-01 00:00:00	2020-11-30 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=168,US)
97.75.120.45	24	tpr	None	2015-08-01 05:00:00	2020-08-01 05:00:00	None	Cheeky Monkey C2 (ip=45, US)
97.77.146.231	32	ABC	None	2019-10-07 00:00:00	2020-01-05 00:00:00	None	Generic ArcSight scan attempt (IP=231,US)
97.79.128.206	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - 6hr Web Attacks (IP=206,US)
97.79.236.65	32	dbc	None	2019-05-06 00:00:00	2020-05-06 00:00:00	None	US TO-S-2019-0640.01 Malicious Email Activity
97.79.238.30	32	dbc	None	2019-03-12 00:00:00	2020-03-12 00:00:00	None	US TO-S-2019-0488 Malicious Email Activity
97.90.44.200	32	dbc	None	2019-05-10 00:00:00	2020-05-10 00:00:00	None	US TO-S-2019-0658 Malware Activity
97.90.52.158	32	BMP	None	2020-04-03 00:00:00	2020-06-03 00:00:00	None	Known Attack Tool User Agent / BOT: Mirai Echobot Activity Detected - TT# 20C02253 (IP=158,US)
97.90.58.34	32	BMP	None	2020-04-03 00:00:00	2020-07-02 00:00:00	None	SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt - SourceFire (IP=34,US)
98.102.204.206	32	FT	None	2020-08-04 00:00:00	2020-11-04 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 20C03625 (IP=206,US)
98.124.60.248	32	dbc	None	2019-11-21 00:00:00	2020-11-21 00:00:00	None	CA TO-S-2020-0109.01 Malware Activity
98.129.142.90	32	alj	None	2018-11-19 06:00:00	2020-01-27 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected (1:25459:15) (ip=90,us) | updated by RWB Block was inactive. Reactivated on 20191029 with reason Misc Activity - FILE-PDF Multiple products incomplete JP2K image
98.129.229.203	32	RR	None	2020-06-03 00:00:00	2020-09-03 00:00:00	None	BROWSER-IE Microsoft Internet Explorer embedSWF use after free exploit attempt - SourceFire (IP=203,CN)
98.137.65.204	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=204,US)
98.137.69.57	32	wmp	None	2020-09-16 00:00:00	2020-12-15 00:00:00	None	HIVE Case #3904 COLS-NA-TIP-20-0292 (IP=57,US)
98.137.69.60	32	wmp	None	2020-09-03 00:00:00	2020-12-02 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=60,US)
98.137.70.102	32	wmp	None	2020-07-22 00:00:00	2020-10-22 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=102,US)
98.142.104.250	32	dbc	None	2019-04-08 00:00:00	2020-04-08 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity
98.142.208.27	32	dbc	None	2019-03-18 00:00:00	2020-03-18 00:00:00	None	US TO-S-2019-0508 Malware Activity
98.144.53.118	32	BP	None	2019-11-26 00:00:00	2020-02-24 00:00:00	None	SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt - 6hr Web Attacks (IP=118,US)
98.145.9.40	32	BMP	None	2020-04-06 00:00:00	2020-07-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 20C02426 (IP=40,US)
98.156.168.181	32	RR	None	2020-03-04 00:00:00	2020-06-02 00:00:00	None	TCP: SYN Host Sweep (IP=181,US)
98.158.134.30	32	dbc	None	2019-03-11 00:00:00	2020-03-11 00:00:00	None	CA TO-S-2019-0468 Malicious Email Activity
98.158.140.104	32	dbc	None	2019-07-29 00:00:00	2020-07-29 00:00:00	None	CA TO-S-2019-0852 Malware Activity
98.159.99.43	32	RR	None	2019-10-27 00:00:00	2020-01-25 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=43,US)
98.194.106.39	24	RW	None	2020-09-04 00:00:00	2020-12-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=39,IN)
98.235.199.219	32	RW	None	2020-01-30 00:00:00	2020-04-30 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=219,US)
98.250.250.4	32	RW	None	2019-12-17 00:00:00	2020-03-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=4,US)
99.108.141.4	32	RWB	None	2019-11-15 00:00:00	2020-02-13 00:00:00	None	Failed password for invalid user - Failed Logon (IP=4,US)
99.113.68.105	32	RB	None	2020-01-24 00:00:00	2020-04-23 00:00:00	None	Self-Report / Failed login attempts - TT# 20C01530 (IP=105 US)
99.191.118.206	32	RW	None	2019-11-25 00:00:00	2020-02-25 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=206,US)
99.198.101.234	32	kmw	None	2019-01-25 00:00:00	2020-01-25 00:00:00	None	US TO-S-2019-0358 Malicious Email Activity
99.203.94.175	32	DT	None	2020-09-29 00:00:00	2020-12-29 00:00:00	None	HTTP: Adobe Acrobat JavaScript getIcon Method Buffer Overflow - TT# 20C04008 (IP=175,US)
99.228.65.132	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
99.233.204.86	24	GM	None	2020-01-26 00:00:00	2020-04-26 00:00:00	None	Authentication Failed - Failed Logons (IP=86,CA)
99.236.105.236	24	RR	None	2020-07-29 00:00:00	2020-10-27 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=236,CA)
99.243.66.154	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
99.244.217.196	24	RR	None	2020-04-19 00:00:00	2020-07-18 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=196,CA)
99.245.243.33	24	RR	None	2019-04-08 00:00:00	2020-04-19 00:00:00	None	Authentication Failed (IP=33,CA) | updated by dbc with reason CA TO-S-2019-0608 Malware Activity
99.254.88.24	32	KF	None	2019-11-04 00:00:00	2020-02-02 00:00:00	None	Immediate Inbound Network Block - TT# 20C00826 (IP=24,US)
99.255.23.12	32	dbc	None	2019-04-19 00:00:00	2020-04-19 00:00:00	None	CA TO-S-2019-0608 Malware Activity
99.48.165.25	32	KF	None	2020-05-04 00:00:00	2020-08-02 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=25,US)
99.86.88.102	32	dbc	None	2019-12-19 00:00:00	2020-12-19 00:00:00	None	FR TO-S-2020-0190 Malicious Email Activity
99.86.91.112	32	wmp	None	2020-07-29 00:00:00	2020-10-29 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=112,US)